Revised: 07/23/2007*

 

Appropriate Use of Information Resources                       UPPS No. 04.01.07

                                                                                                Issue No. 2

                                                                                                Effective Date: 10/30/2006

                                                                                                Review: March 1 E3Y

 

 

01.       POLICY STATEMENT

 

01.01  This UPPS establishes policies and procedures for the appropriate use of information resources. This policy is established to achieve the following:

 

a.   To ensure compliance with applicable statutes, regulations, and mandates regarding the management of information resources.

 

b.   To establish prudent and acceptable practices regarding the use of information resources.

 

c.   To educate individuals who may use information resources with respect to their responsibilities associated with such use.

 

02.       RELATED DOCUMENTS

           

UPPS No. 01.04.00, Appropriate Release of Information

 

            UPPS No. 01.04.24, Policy on Copyrighted Computer Software

 

            UPPS No. 04.01.01, Security of Texas State Information Resources

 

            UPPS No. 04.01.01, Attachment I, Information Resources Security Manual

 

            UPPS No. 04.01.05, Network Use Policy

 

03.       DEFINITIONS

 

*03.01 Information Resources - Any and all devices capable of receiving, storing, managing, or transmitting electronic data including mainframes, servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), pagers, distributed processing systems, network connected display devices, network attached and computer controlled medical and laboratory equipment (i. e. embedded technology), telecommunication resources, network environments, telephones, fax machines, printers, computer printouts, storage media, and service bureaus. Additionally, it includes the systems, procedures, equipment, facilities, software and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information.

 

03.02  NetID – NetID stands for Network Identification. This is the name used to identify a person or other entity when connecting to certain applications and services available on the Texas State network. NetID’s have an associated password that serves to authenticate the identity of the NetID owner.

 

03.03 User – An individual or automated application or process that is authorized access to an information resource by its owner, in accordance with the owner’s procedures and rules.

 

*04.     GENERAL GUIDELINES AND PRINCIPLES

 

04.01  Texas State provides each of its authorized users with a computer account, known as a Texas State NetID, which facilitates access to the University’s information resources. In accepting a Texas State NetID or any other access ID, the recipient agrees to abide by applicable Texas State policies and legal statutes, including all federal, state, and local laws. Texas State reserves the right at any time to limit, restrict, or deny access to its information resources and to take disciplinary or legal action against anyone in violation of these policies or statutes.

 

04.02  Applicable University policies and procedures include all Texas State UPPSs and departmental policies and procedures that address the usage of Texas State information resources. Also applicable are University policies prohibiting harassment, plagiarism, or unethical conduct. Laws that apply to the use of Texas State’s information resources include laws pertaining to theft, copyright infringement, insertion of viruses into computer systems, and other computer-related crimes. This policy applies to all University information resources, whether administered centrally or departmentally; whether on-campus or off-campus. Information resources include hardware, software, communication networks and access devices, electronic storage media, manuals, and other documentation. Also included in this definition are data files that reside on hardware or media owned or supplied by the University, regardless of size, source, or type of storage media, including e-mail messages, system logs, web pages and software.

 

04.03  Texas State provides information resources for the purpose of accomplishing tasks related to the University’s mission. Use of or access to Texas State computers, networks, data and software may be restricted due to specific research, teaching or other purposes in keeping with Texas State’s mission. Texas State’s computer information resources are not a public forum.

 

*04.04 Texas State considers e-mail to be a significant information resource and an appropriate mechanism for official university communication. The University provides official university e-mail addresses and services to its students, faculty, staff, and organizational units for this purpose and to enhance the efficiency of educational and administrative processes. In providing these services, the University anticipates that e-mail recipients will access and read university communications in a timely fashion. Faculty, staff, and students may forward e-mail from their official university address to an alternate e-mail address at their own risk, however, the University is not responsible for e-mail that has been forwarded to any other addresses.

           

04.05  Subject to applicable policies and statutes, students who have registered and paid their fees are allowed to use Texas State’s information resources for school-related and personal purposes. Personal use must not result in any additional expense to the University or violate restrictions detailed in Section 05 of this UPPS. The Texas State NetID’s of graduating students are deactivated ninety days after graduation. Continuing students may retain their Texas State NetID’s as long as they remain enrolled for the current or a future semester.

 

04.06  Employees of Texas State are allowed to use Texas State’s information resources in the performance of their job duties as long as they adhere to all applicable policies and statutes. Incidental personal use of Texas State information resources by an employee is permitted, subject to review and reasonable restrictions by the employee’s supervisor. Such personal use must not violate any applicable policies and statutes, must not interfere with the employee’s job performance, and must not result in any additional expense to the University. Employees may obtain a Texas State NetID upon verification of employment by the appropriate administrative head.  When an employee terminates employment for any reason other than retirement, the employee’s Texas State NetID will be terminated immediately, unless an exception is specifically authorized by the Assistant Vice President for Technology Resources.

 

04.07  Censorship is not compatible with the goals of Texas State. The University will not limit access to any information due to its content, as long as it meets the standard of legality. The University reserves the right, however, to place reasonable time, place and manner restrictions on expressive activities that use its information resources.

           

04.08  Texas State’s information resources are subject to review and disclosure in accordance with:

 

a.   the Texas Public Information Act and other laws (see UPPS No. 01.04.00, Appropriate Release of Information);

 

b.   other policies or legal requirements, such as subpoenas and court orders;

 

*c.  efforts to protect and sustain their operational integrity;

 

d.   security reviews or audits; and

 

e.   such other purposes required to protect the University’s interests and those of other users. Users should not expect privacy from disclosure in any messages or other use of Texas State's information resources. 

 

Anyone using Texas State’s information resources expressly consents to monitoring by the University for these purposes and is advised that if such monitoring reveals possible evidence of criminal activity, University administration may provide that evidence to law enforcement officials.  Further, all users should understand that while the University takes reasonable precautions, it is unable to guarantee the protection of electronic files, data, or e-mails from unauthorized or inappropriate access.

 

04.09  Intellectual property laws extend to the electronic environment. Users should assume that works communicated through Texas State computer networks are subject to copyright laws, unless specifically stated otherwise.

 

04.10  Information resources are considered valuable assets of the University.  Further, computer software purchased or licensed by the University is the property of the University or the company from whom it is licensed. Any unauthorized access, use, alteration, duplication, destruction, or disclosure of any of these assets may constitute a computer-related crime, punishable under Texas and federal statutes.

 

05.       INAPPROPRIATE USES OF INFORMATION RESOURCES

 

05.01  The following actions constitute inappropriate use of the University's information resources and are strictly prohibited for all users.

           

a.   Use of University information resources for illegal activities or purposes. The University may deal with such use appropriately, and may report such use to law enforcement authorities. Illegal activities or purposes include unauthorized access, intentional corruption or misuse of information resources, theft, obscenity, and child pornography.

 

b.   Failure to comply with laws, policies, procedures, license agreements, and contracts that pertain to and limit the use of the University's information resources.

 

c.   The abuse of information resources includes any willful act that: endangers or damages any specific computer software, hardware, program, network, data or the system as a whole, whether located on campus or elsewhere on the global Internet; creates or allows a computer malfunction or interruption of operation; injects a computer virus or worm into the computer system; sends a message with the intent to disrupt University operations or the operations of outside entities; produces output that occupies or monopolizes information resources for an unreasonable time period to the detriment of other authorized users; consumes an unreasonable amount of communications bandwidth, either on or off campus, to the detriment of other authorized users; or fails to adhere to time limitations that apply at particular computer facilities on campus.

 

d.   Use of University information resources for personal financial gain or commercial purpose.

 

e.   Failure to protect a password or Texas State NetID from unauthorized use.

 

f.    Falsely representing one’s identity through the use of another individual’s Texas State NetID or permitting the use of a NetID and password by someone other than their owner.

 

g.   Unauthorized use of or access to any electronic file.

 

h.   Unauthorized use, access, duplication, disclosure, alteration, damage, or destruction of data contained on any electronic file, program, network, web page, or University hardware or software.

 

i.    Unauthorized duplication, use or distribution of software and other copyrighted digital materials (including copyrighted music, graphics, etc.) is a violation of this policy. All software and many other digital materials are covered by some form of copyright, trademark, license or agreement with potential civil and criminal liability penalties. Exceptions must be specifically authorized by the copyright or trademark holder or by the fair use provisions of the copyright law. See also UPPS No. 01.04.24, Policy on Copyrighted Computer Software.

 

j.    Participating or assisting in the deliberate circumvention of any security measure or administrative access control that pertains to University information resources.

 

k.   Using University information resources in a manner that violates other University policies, such as racial, ethnic, religious, sexual or other forms of harassment.

 

*l.   Using University information resources for the transmission of spam mail, chain letters, malicious software (e.g., viruses, worms, or spyware), or personal advertisements, solicitations or promotions.

 

m.  Modifying any wiring or attempting to extend the network beyond the port (i. e., adding hubs, switches or similar devices) in violation of the University’s Network Use Policy (UPPS No. 04.01.05).

 

n.   Using Texas State’s information resources to affect the result of a local, state, or national election or to achieve any other political purpose.

 

*o. Using Texas State’s information resources to state, represent, infer, or imply an official university position without appropriate authorization.

 

06.       RESPONSIBILITIES OF USERS  

 

06.01  Each user shall utilize University information resources responsibly and respect the needs of other users.

 

06.02  Each person is responsible for any usage of his or her Texas State NetID. Users must maintain the confidentiality of their passwords.

 

06.03  A user must report any abuse or misuse of information resources or violations of this policy to their department head or to the Office of the Assistant Vice President for Technology Resources.

 

06.04  When communicating with others via University information resources (e. g., e-mail), a user's communications should reflect high ethical standards, mutual respect and civility.

 

06.05  Users are responsible for obtaining and adhering to relevant, acceptable network use policies (see UPPS No. 04.01.05).

 

06.06  Administrative heads and supervisors must report ongoing or serious problems regarding the use of Texas State information resources to the Office of the Assistant Vice President for Technology Resources.

 

07.       ACCESS TO UNIVERSITY INFORMATION RESOURCES BY AUDITORS

 

07.01  There will be occasions when auditors may require access to Texas State information resources. Access is permitted in accordance with these guidelines.

 

07.02  Internal auditors from Texas State shall be allowed access to all University activities, records, property, and employees in the performance of their duties.

 

07.03  The Director of Internal Audit and Compliance shall notify the Office of the Vice President for Information Technology, Office of the Assistant Vice President for Technology Resources, and the University Attorney’s office prior to accessing individual data files.

 

07.04  State and federal auditors will be granted access to University information resources and data files on an as needed basis, as approved by the Office of the Vice President for Information Technology.

 

08.       LIABILITY FOR FAILURE TO ADHERE TO THIS POLICY

 

08.01  Failure to adhere to this policy may lead to the revocation of a user’s Texas State NetID, suspension, dismissal, or other disciplinary action by the University, as well as referral to legal and law enforcement agencies.

 

08.02  Statutes pertaining to the use of University information resources include the following:

 

a.   Texas Administrative Code, Title 1, Part 10, Chapter 202 - Regulations from the Department of Information Resources establishing requirements for State agencies regarding computer security.

 

b.   Texas Penal Code, Chapter 33: Computer Crimes - Texas law pertaining to computer crimes. This statute specifically prohibits unauthorized use of University computers, unauthorized access to stored data, or dissemination of passwords or other confidential information to facilitate unauthorized access to the University’s computer system or data.

 

c.   Texas Penal Code, § 37.10: Tampering with Governmental Record - Prohibits any alteration, destruction, or false entry of data that impairs the validity, legibility or availability of any record maintained by the University.

 

d.   United States Code, Title 18, Chapter 47, § 1030: Fraud and Related Activity in Connection with Computers - Federal law specifically pertaining to computer crimes. Among other stipulations, prohibits unauthorized and fraudulent access to information resources.

 

e.   Computer Fraud and Abuse Act (Part of Title 18, Chapter 47, U.S.C. § 1030) - Makes it a crime to access a computer to obtain restricted information without authorization; to alter, damage, or destroy information on a government computer; and to traffic in passwords or similar information used to gain unauthorized access to a government computer.

 

f.    The Computer Abuse Amendments Act of 1994 (Part of Title 18, Chapter 47, U.S.C. § 1030) - Expands the Computer Fraud and Abuse Act of 1986 to address the transmission of viruses and other harmful code.

 

g.   Federal Copyright Law - Recognizes that all intellectual works are automatically covered by copyright. The owner of a copyright holds the exclusive right to reproduce and distribute the work.

 

h.   Digital Millennium Copyright Act - Signed into law on October 20, 1998, as Public Law 105-304. Created to address the digitally networked environment, the DMCA implements the WIPO Internet Treaties; establishes safe harbors for online service providers; permits temporary copies of programs during the performance of computer maintenance; and makes miscellaneous amendments to the Copyright Act, including amendments that facilitate Internet broadcasting.

 

i.    Electronic Communications Privacy Act (U.S.C., Title 18) - Prohibits the interception or disclosure of electronic communication and defines those situations in which disclosure is legal.

j.    Computer Software Rental Amendments Act of 1990 - Deals with the unauthorized rental, lease, or lending of copyrighted software.

 

k.   Texas Government Code § 556.004 - Prohibits using state resources or programs to influence elections or to achieve any other political purpose.

 

09.       REVIEWERS OF THIS UPPS

 

*09.01 Reviewers of this UPPS include the following:  

 

Position                                                          Date

 

Assistant Vice President for                        March 1 E3Y

Technology Resources

 

Special Assistant to the Vice President     March 1 E3Y

for Information Technology

 

Information Security Officer                          March 1 E3Y

 

University Attorney                                        March 1 E3Y

 

10.       CERTIFICATION STATEMENT

 

This UPPS has been approved by the following individuals in their official capacities and represents Texas State policy and procedure from the date of this document until superseded.

 

Assistant Vice President for Technology Resources; senior reviewer of this UPPS

 

Vice President for Information Technology

 

President