Acceptable Use of Electronic Information Resources
This policy outlines the expectations for the use of electronic information resources at the University of Kansas.
This policy applies to faculty, staff, students, official university affiliates, and any other individuals who use University electronic information resources. This policy applies to all units on the KU Lawrence and Edwards campuses or under the administrative oversight of the Lawrence campus. Residents of student housing and other on-campus housing of the KU-Lawrence campus should refer to the ResNet Responsible Use Agreement(http://www.resnet.ku.edu/datauseragreement.jsp) for additional responsibilities relevant to their use of electronic resources in the residential housing environment.
The University of Kansas provides electronic information resources to faculty, staff, students, official university affiliates, and others in support of the education, research, and public service mission of the University.
The University encourages civil discourse, tolerance, and respect for all individuals, as creating an inclusive, open environment is vital to our success as an academic community. Use of electronic information resources should meet these same expectations.
Responsibilities of Users
Users of electronic systems have the following responsibilities:
- Access to information resources is granted with the expectation that resources will be used in an ethical and lawful manner. Users will employ electronic information resources consistent with the requirements of federal, state and local law and University and Kansas Board of Regents policies. Users are responsible for using resources appropriately to maintain the integrity of the electronic information resources, and where appropriate, the privacy, confidentiality, and/or security of the electronic information.
- Individuals should not give out, loan, share, or otherwise allow anyone else to use the access privileges granted to them. Access to secured information resources is provided only with proper authorization.
- Users are responsible for all activities that occur while using information resources assigned to them, and shall respect the intended use of these resources.
- Users may not attempt to circumvent login procedures on any computer system or otherwise attempt to gain unauthorized access. This is not an acceptable use of information resources and may be a crime under federal, state or local law.
- All users shall use electronic information resources in a manner that does not in any way interfere with, compromise, or harm the performance, functionality, or integrity of the University’s electronic information resources. This shall include the adherence to University standards regarding software updates and protections, data handling, and other policies and procedures enacted by the University.
- Users will respect network capacity as a shared resource and therefore may not perform operations that degrade network performance for other users. Users may not send spam, chain letters, mail bombs, and or engage in other activities that infringe on the rights and/or productivity of other users.
- Users should respect the rights of copyright owners and, when appropriate, obtain permission from owners before using or copying protected material, including but not limited to, music, movies, software, documents, images, or multimedia objects. The University licenses most databases, electronic journals, and other forms of information content under contracts that define who may use the content and what may be done with it. In general, only University registered students, faculty, and staff may use these resources; unaffiliated users may use these resources within library buildings. Systematic or excessive downloading or printing of content is not permitted, including downloading or printing of whole journal issues. See Library Databases: Terms and Conditions of Use (http://www.lib.ku.edu/electro/terms.shtml) for additional information.
- Incidental personal use of electronic information resources, including email, is permitted provided that this use does not interfere with University operations, violate University or Regents policies, create an inappropriate atmosphere for employees in violation of law or University or Regents policy, generate incremental identifiable costs to the University, and/or negatively impact the user’s job performance.
- Except in a purely incidental way, university resources may not be used in external activities unless written approval has been received in advance from the institutions chief executive officer or his/her designee. Such permission shall be granted only when the use of university resources is determined to further the mission of the institution. When such permission is granted, the user will make arrangements for reimbursement of the University for customarily price-able institutional materials, facilities or services used in the external activity. Such use may never be authorized if it violates the Regents policy on Sales of Products and Services. (Please refer to the Conflict of Interest & Time Policy.)
- Users may not use electronic information resources for commercial purposes, for personal financial gain, or to solicit support for outside organizations not otherwise authorized to use University facilities.
- Individuals may use electronic resources to exchange ideas and opinions, including those dealing with political issues. The latter is generally considered an incidental use of electronic resources. However, University electronic resources (including email) may not be used to support partisan political candidates, party fundraising, or causes. Registered student and campus organizations such as the College Republicans or the KU Young Democrats may use their membership listservs to notify members of meetings, speeches, and /or rallies. Faculty members may use electronic systems for course-related discussions of political topics. For additional information on this topic see Political Activity: Kansas Statutes and Board of Regents/University Policies.
- Representing oneself as someone else, without previous written authorization, is not considered responsible use of electronic information resources.
- Electronic resources may not be used to engage in any illegal, threatening, harassing, or bullying conduct, including cyber-harassment or cyber-bullying, nor may they be used in a deliberately destructive manner.
Responsibilities of the University
Because University electronic information resources are state-owned and maintained, the University has the responsibility to monitor, audit, and assure the proper use of those resources. Although the University supports a climate of trust and respect and does not ordinarily read, monitor or screen individual user’s routine use of electronic information resources, it must monitor systems for misuse. The University, therefore, cannot guarantee the confidentiality, privacy, or security of data, email, or other information transmitted or stored on its electronic information. When University officials believe a user may be using electronic information resources in a way that may violate University or Regents policies or federal, state or local law, or the user is engaged in activities inconsistent with the user’s University responsibilities, then system administrators may monitor the activities and inspect and record the files of such users(s) on their computers and networks, including word processing equipment, personal computers, workstations, mainframes, minicomputers, and associated peripherals and software.
Reporting Irresponsible Use of Electronic Information Resources
All users and units have the responsibility to report any discovered unauthorized access attempts or other improper usage of KU information resources. If you observe, or have reported to you, a security or abuse problem with any University information resource, including violations of this policy, notify the Information Technology (IT) Customer Service Center (864-8080; firstname.lastname@example.org). The Customer Service Center will notify the KU IT Security Officer, who will coordinate the technical and administrative response to such incidents. The KU IT Security Officer leads a Computer Incident Response Team (CIRT), responsible for the identification, containment, eradication, and recovery of all devices during an incident. CIRT members will work with departmental technical liaisons to ensure effective response time and communication. The CIRT is responsible for coordinating evidence gathering and documentation, and for seeking advice from representatives from the Provost and Executive Vice Chancellor’s Office, General Counsel’s Office, Public Affairs, and others as required by the particular incident.
Reports of all apparent IT policy violations will be forwarded by the KU IT Security Officer to the Chief Information Officer for disposition according to standard procedures and University policies on violation of policy.
Use of University electronic information resources contrary to this policy, University or Regents policies, or applicable federal, state or local law is prohibited and may subject the user to disciplinary action including, but not limited to, suspension of the user’s access to the electronic information resources. Users also should be aware of other possible consequences under University or Regents policies and federal, state, or local laws, particularly those related to computer crime and copyright violation.
Additionally, students could be subject to disciplinary action under the Code of Student Rights and Responsibilities.
If a department or individual feels that actions taken under this policy have been inappropriate, a review of the decision may be requested. The review will be conducted by the Provost and Executive Vice Chancellor. If, after the review, there is still a disagreement with the decision, appeals should be directed through the existing procedures established for employees and students.
Chief Information Officer
345 Strong Hall
1450 Jayhawk Blvd
Lawrence, KS 66045
Electronic information resources include any hardware or software intended for the storage, transmission and use of information as well as the digital content files that may be stored, transmitted, or used with hardware or software. This definition includes electronic mail, voice systems, local databases, externally accessed databases, CD-ROM, DVD, video, recorded magnetic media, digital movie or photographic files, or other digitized information. This also includes any wire, radio, electromagnetic, photo-optical, photo-electronic or other facility used in transmitting electronic communications, and any computer facilities or related electronic equipment that electronically stores such communications.
10/29/2014: Replaced outdated web reference in the introductory section of the Policy Statement and replaced with updated text. Changes reviewed by Chancellor's Office, Public Affairs, and IT. Final changes approved by Bob Lim, CIO.
Updated on 9/11/2007 to reflect NTS/IT reorganization of responsibilities; updated June 22, 2012 to current organizational structure and titles.