The University of Kansas provides electronic information resources to faculty, staff, students, official university affiliates, and others in support of the education, research, and public service mission of the University.
The University encourages civil discourse, tolerance, and respect for all individuals, as creating an inclusive, open environment is vital to our success as an academic community. Use of electronic information resources should meet these same expectations.
Responsibilities of Users
Users of electronic systems have the following responsibilities:
Access to information resources is granted with the expectation that resources will be used in an ethical and lawful manner. Users will employ electronic information resources consistent with the requirements of federal, state and local law and University and Kansas Board of Regents policies. Users are responsible for using resources appropriately to maintain the integrity of the electronic information resources, and where appropriate, the privacy, confidentiality, and/or security of the electronic information.
Individuals should not give out, loan, share, or otherwise allow anyone else to use the access privileges granted to them. Access to secured information resources is provided only with proper authorization.
Users are responsible for all activities that occur while using information resources assigned to them, and shall respect the intended use of these resources. It is the preference of the University that employees use University resources to conduct University business. Any University business information or records in personal or private email accounts or electronic devices must be disclosed in the event of a request for public records under the Kansas Open Records Act or other University need.
Users may not attempt to circumvent login procedures on any computer system or otherwise attempt to gain unauthorized access. This is not an acceptable use of information resources and may be a crime under federal, state or local law.
All users shall use electronic information resources in a manner that does not in any way interfere with, compromise, or harm the performance, functionality, or integrity of the University’s electronic information resources. This shall include the adherence to University standards regarding software updates and protections, data handling, and other policies and procedures enacted by the University.
Users will respect network capacity as a shared resource and therefore may not perform operations that degrade network performance for other users. Users may not send spam, chain letters, mail bombs, and or engage in other activities that infringe on the rights and/or productivity of other users.
Users should respect the rights of copyright owners and, when appropriate, obtain permission from owners before using or copying protected material, including but not limited to, music, movies, software, documents, images, or multimedia objects. The University licenses most databases, electronic journals, and other forms of information content under contracts that define who may use the content and what may be done with it. In general, only University registered students, faculty, and staff may use these resources; unaffiliated users may use these resources within library buildings. Systematic or excessive downloading or printing of content is not permitted, including downloading or printing of whole journal issues.
Incidental personal use of electronic information resources, including email, is permitted provided that this use does not interfere with University operations, violate University or Regents policies, create an inappropriate atmosphere for employees in violation of law or University or Regents policy, generate incremental identifiable costs to the University, and/or negatively impact the user’s job performance.
Except in a purely incidental way, university resources may not be used in external activities unless written approval has been received in advance from the institution’s chief executive officer or the chief executive officer's designee. Such permission shall be granted only when the use of university resources is determined to further the mission of the institution. When such permission is granted, the user will make arrangements for reimbursement of the University for customarily price-able institutional materials, facilities or services used in the external activity. Such use may never be authorized if it violates the Regents policy on Sales of Products and Services. (Please refer to the Conflict of Interest & Time Policy.)
Users may not use electronic information resources for commercial purposes, for personal financial gain, or to solicit support for outside organizations not otherwise authorized to use University facilities.
Individuals may use electronic resources to exchange ideas and opinions, including those dealing with political issues. The latter is generally considered an incidental use of electronic resources. However, University electronic resources (including email) may not be used to support partisan political candidates, party fundraising, or causes. Registered student and campus organizations such as the College Republicans or the KU Young Democrats may use their membership listservs to notify members of meetings, speeches, and /or rallies. Faculty members may use electronic systems for course-related discussions of political topics. For additional information on this topic see Political Activity: Kansas Statutes and Board of Regents/University Policies.
Representing oneself as someone else, without previous written authorization, is not considered responsible use of electronic information resources.
Electronic resources may not be used to engage in any illegal, threatening, harassing, or bullying conduct, including cyber-harassment or cyber-bullying, nor may they be used in a deliberately destructive manner.
Responsibilities of the University
Because University electronic information resources are state-owned and maintained, the University has the responsibility to monitor, audit, and assure the proper use of those resources. Although the University supports a climate of trust and respect and does not ordinarily read, monitor or screen individual user’s routine use of electronic information resources, it must monitor systems for misuse. The University, therefore, cannot guarantee the confidentiality, privacy, or security of data, email, or other information transmitted or stored on its electronic information. When University officials believe a user may be using electronic information resources in a way that may violate University or Regents policies or federal, state or local law, or the user is engaged in activities inconsistent with the user’s University responsibilities, then system administrators may monitor the activities and inspect and record the files of such users(s) on their computers and networks, including word processing equipment, personal computers, workstations, mainframes, minicomputers, and associated peripherals and software.
Reporting Irresponsible Use of Electronic Information Resources
All users and units have the responsibility to report any discovered unauthorized access attempts or other improper usage of KU information resources. If you observe, or have reported to you, a security or abuse problem with any University information resource, including violations of this policy, notify the Information Technology (IT) Customer Service Center (864-8080; email@example.com). The Customer Service Center will notify the KU IT Security Officer, who will coordinate the technical and administrative response to such incidents. The KU IT Security Officer leads a Computer Incident Response Team (CIRT), responsible for the identification, containment, eradication, and recovery of all devices during an incident. CIRT members will work with departmental technical liaisons to ensure effective response time and communication. The CIRT is responsible for coordinating evidence gathering and documentation, and for seeking advice from representatives from the Provost and Executive Vice Chancellor’s Office, General Counsel’s Office, Public Affairs, and others as required by the particular incident.
Reports of all apparent IT policy violations will be forwarded by the Chief Information Security Officer to the Chief Information Officer for disposition according to standard procedures and University policies on violation of policy.