9 - 02
University policy on responsible use of information technology
- Purpose: To outline the acceptable use of university computer, network, application, telecommunications, data in digital form, or other information technology resources (hereinafter called technology resources) in order to ensure that all members of the campus community understand their responsibilities when using or accessing technology resources and to safeguard these resources.
- Policy Statement: All users of university technology resources, whether or not affiliated with the University, and notwithstanding geographical location are responsible for their appropriate use, and by their use, agree to use them in an ethical, responsible manner and will comply with applicable federal, state and local laws and university policies. An attempt to engage in a prohibited activity is considered a violation whether the attempt is successful or not.
- Users with access to university technology resources must agree to and accept the following:
- Use of university supplied technology resources shall be for purposes that are consistent with the mission of the university. Ability to access university resources not otherwise supplied does not, by itself, imply authorization to do so.
- Be accountable for and only use accounts, passwords, and/or authentication credentials that they have been authorized to use for their role at the university.
- Only share data with others as allowed by applicable policies and procedures, and dependent on their assigned role.
- Comply with the security and privacy controls on all information technology resources used for university business, including but not limited to mobile and computing devices, whether university or personally owned.
- Comply with intellectual property rights, licensing and contractual agreements related to information technology resources.
- Respect the rights and privacy of others.
- Take responsibility for the content of their personal communications.
- Take reasonable care to safeguard equipment entrusted to them.
- Acknowledge that the principle of academic freedom shall apply to public communication in all these forms of communication, as well as in the transmission of information in both the physical and virtual classrooms.
- Acknowledge that the university may access data files in the course of its normal supervision of the network or system (i.e., backing up of electronic messaging material), when exigent circumstances arise (i.e., evidence of reported violations of policies or laws), or when the university receives requests pursuant to section 149.43 of the Revised Code (the Ohio Public Records Act).
- Acknowledge that the university cannot guarantee the absolute security and privacy of data stored on university technology resources.
- Unacceptable use includes and is not limited to the following list. Users are not permitted to:
- Share authentication details or provide access to their university accounts with anyone else (e.g., sharing the password).
- Impersonate another person, misrepresent their affiliation with another person or entity, engage in fraud, or hide or attempt to hide their identity.
- Circumvent, attempt to circumvent, or assist another in circumventing the security controls in place to protect technology resources and data.
- Knowingly download or install software onto university technology resources or use software applications, which may interfere or disrupt service, or do not have a clear administrative, academic, research or scholarly use.
- Engage in activities that interfere with or disrupt users, equipment or service; distribute viruses or other malicious code; or install software, applications, or hardware that permits unauthorized access to technology resources.
- Conduct unauthorized scanning of university technology resources.
- Engage in inappropriate use, including but not limited to:
- Activities that violate state or federal laws, regulations, technology resource licensing, or university policies.
- Harass, discriminate or defame others.
- Widespread dissemination of unsolicited and unauthorized electronic communications.
- Engage in excessive use of enterprise technology resources, including but not limited to network capacity or enterprise server storage and computing capacity. Excessive use means use that is unrelated to academic or employment-related needs, or that interferes with other authorized uses.
- Use any means to view, gain access to, intercept data or network traffic, use facilities, accounts, access codes, privileges or technology resources not intended for their viewing or use.
- Use the university’s technology resources for commercial or for financial gain not related to the university’s administrative operations, academic, research, and scholarly pursuits.
- Represent personal electronic communications as being an official position of the University.
- Incidental personal use of technology resources, including email, is permitted provided that this use does not interfere with university operations, violate university policies, create an inappropriate atmosphere for employees in violation of law or university policy, generate incremental identifiable costs to the university, and/or negatively impact the user’s job performance.
- Enforcement and Administration.
- Determination of violations shall be made in accordance with established applicable due process procedures (i.e., student code of conduct, collective bargaining agreement, academic and administrative grievances and appeals policies, as appropriate).
- Users who violate this policy may be denied access to university technology resources and may be subject to other penalties and disciplinary action, both within and outside of the university. The university may temporarily suspend or block access to an account, prior to the initiation or completion of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security or functionality of university or other technology resources or to protect the university from liability. The university may also refer suspected violations of applicable law to appropriate law enforcement agencies.
- The vice president for information technology and CIO is responsible for administering this policy.
Policy Effective Date:
Jul. 08, 2021
Policy Prior Effective Dates:3/14/2002, 9/19/2005, 6/1/2007, 3/1/2015, 1/1/2021