Ohio Administrative Code
Title 3339 - Miami University
Chapter 3339-19 - Information Technology
Section 3339-19-02 - Responsible use of university computing resources at Miami university
Universal Citation: OH Admin Code 3339-19-02
Current through all regulations passed and filed through September 16, 2024
(A) General statement
(1)
University
computing resources include, but are not limited to, end-user computing
devices, servers, networks, email, software, printers, scanners, video
distribution systems, telephone systems, and other computing hardware and
software, whether owned by the university or contracted from a third party. All
such university computing resources are intended for university-related use,
including direct and indirect support of the university's instruction,
research, and service missions; of university administrative functions; of
student and campus life activities; and of the free exchange of
ideas.
(2)
The rights of free expression and academic freedom
apply to the use of university computing resources; so, too, however, do the
responsibilities and limits associated with those rights. All who use the
university computing resources must act responsibly, in accordance with the
highest standard of ethical and legal behavior. Thus, legitimate use of
university computing resources does not extend to whatever is technically
possible. Users must abide by all applicable restrictions, whether or not they
are built into the operating system or network and/or whether or not they can
be circumvented by technical means.
(3)
This policy
applies to all users of university computing resources, whether or not
affiliated with the university, and to all uses of those resources, whether on
campus or from remote locations. Additional policies may apply to specific
computers, computer systems and/or networks provided and operated by specific
units of the university and/or to uses within specific units. Some of these
policies are listed in paragraph (H) of this rule and in rule
3339-21-05 of the Administrative
Code.
(B) Policy
(1)
All university computing resources users must:
(a)
Comply with all
federal, Ohio, and other applicable law; all generally applicable university
rules and policies; and all applicable contracts and licenses. such laws,
rules, policies, contracts, and licenses include: the laws of libel, privacy,
copyright, trademark, obscenity, and child pornography; the electronic
communications privacy act and the computer fraud and abuse act, which prohibit
"hacking" "cracking". and similar activities; the university's code of student
conduct; the Miami university policy and information manual, the university's
sexual harassment policy; and all applicable software licenses. In particular,
users must:
(i)
Respect the right of others to be free from harassment or
intimidation to the same extent that this right is recognized in the use of
other communication; and
(ii)
Respect copyrights, intellectual-property rights,
ownership of files and passwords. Unauthorized copying of files or passwords
belonging to others or to the university may constitute plagiarism or theft.
Accessing or modifying files without authorization (including altering
information, introducing viruses or other malware, or damaging files) is
unethical, may be illegal, and may lead to sanctions; and
(iii)
Not send
unsolicited bulk email (spam) or email designed to trick users into providing
their login credentials or other personal information (phishing email).
Users who engage in electronic communications with persons in other states or countries or on other systems or networks should be aware that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.
Miami university extends these policies and guidelines to systems outside the university that are accessed via the university's facilities (e.g., electronic mail or remote logins using the university's internet connections).
(b)
Use only those
university computing resources that they are authorized to use and use them
only in the manner and to the extent authorized. Ability to access university
computing resources does not, by itself, imply authorization to do so. Users
are responsible for ascertaining what authorizations are necessary and for
obtaining them before proceeding. Accounts, passwords, and other authentication
mechanisms, may not, under any circumstances, be shared with, or used by,
persons other than those to whom they have been assigned by the university
.
(c)
Respect the finite capacity of university computing
resources and limit use so as not to consume an unreasonable amount of those
resources or to interfere unreasonably with the activity of other users.
Although there is no set bandwidth, disk space, cpu time, or other limit
applicable to all uses of university computing resources, the university may
require users of those resources to limit or refrain from specific uses in
accordance with this principle. The reasonableness of any particular use will
be judged in the context of all of the relevant circumstances.
(d)
Limit the
personal use of university computing resources and refrain from using those
resources for personal commercial purposes or for personal financial or other
gain. Personal use of university computing resources is permitted when it does
not consume a significant amount of those resources, does not interfere with
the performance of the user's job or other university responsibilities, and is
otherwise in compliance with this and other university policy. Further limits
may be imposed upon personal use in accordance with normal supervisory
procedures.
(e)
Refrain from stating or implying that they speak on
behalf of the university and from using university trademarks and logos without
authorization to do so. Affiliation with the university does not, by itself,
imply authorization to speak on behalf of the university. Authorization to use
university trademarks and logos may be granted only by Miami university. The
use of appropriate disclaimers is encouraged. Personal web pages linked to the
university web should disclaim association with Miami
university.
(C) Enforcement
(1)
Whenever it
becomes necessary to enforce university rules or policies, an authorized
administrator may: disallow network connections by certain computers (even
departmental and personal ones); require adequate identification of computers
and users on the network; undertake audits of software or information on shared
systems where policy violations are possible; take steps to secure compromised
computers that are connected to the network; or deny access to computers, the
network, and institutional software and databases.
(D) Sanctions
(1)
Users who violate
this policy may be denied access to university computing resources and may be
subject to other penalties and disciplinary action, both within and outside of
the university. Violations will normally be handled through the university
disciplinary procedures applicable to the relevant user. Alleged violations by
students will normally be investigated, and the office of ethics and student
conflict resolution will normally impose any penalties or other
discipline.
(2)
However, the university, through its information
managers, may suspend or block access to an account prior to the initiation or
completion of such procedures; when it reasonably appears necessary to do so,
and in order to protect the integrity, security, or functionality of university
computing resources or other computing resources; or to protect the university
from liability.
(3)
The university may also refer suspected violations of
applicable law to appropriate law enforcement agencies.
(E) Privacy and security
(1)
The university
employs various measures to protect the security of university computing
resources and users accounts. However, users should be aware that the
university does not and cannot guarantee such security.
(2)
Users should also
be aware that their uses of university computing resources are not private.
While the university does not routinely monitor individual usage of university
computing resources, the normal operation and maintenance of university
computing resources require the backup and caching of data and communications,
the logging of activity, the monitoring of usage patterns, and other such
activities that are necessary for the rendition of service. Systems or
technical managers, as part of their technical responsibilities, may
occasionally need to diagnose or solve problems by examining the contents of
particular files. Data from university computing resources may be used to
evaluate the efficiency of university operations and personnel.
(3)
The university
may also monitor the activity and accounts of individual users of university
computing resources, including individual sessions and communications, without
notice when: the user has voluntarily made them accessible to the public, as by
posting to usenet or a web site; it reasonably appears necessary to do so to
protect the integrity, security, or functionality of university computing
resources or other computing resources or to protect the university from
liability; there is reasonable cause to believe that the user has violated, or
is violating, any university policy; an account or device appears to be engaged
in unusual or unusually excessive activity, as indicated by the monitoring of
general activity and usage patterns; or it is otherwise required or permitted
by law.
(4)
Any such individual monitoring, other than when the
user has voluntarily made them accessible to the public, as by posting to
usenet or a web site, or required by law, or necessary to respond to perceived
emergency situations, must be authorized in advance by the vice president for
information technology or a designee of same.
(5)
The university,
in its discretion, may disclose the results of any such general or individual
monitoring, including the contents and records of individual communications, to
appropriate university personnel or law enforcement agencies and may use those
results in appropriate university disciplinary proceedings. Communications made
by means of university computing resources are also generally subject to Ohio's
public records statute to the same extent as they would be if made on
paper.
(F) The user's responsibilities
(1)
Be aware of the
limits of computer security. Although the university employs various measures
to protect the security of its computing resources and user accounts, users
should be aware that the university cannot guarantee such security. Users
should therefore engage in "safe computing" practices by establishing
appropriate access restrictions for their accounts, guarding their passwords,
and changing them regularly.
(2)
Be responsible
for backing up and protecting personal files. Although the university under
certain circumstances may provide storage space and under certain circumstances
that storage may be backed up, Miami university assumes no responsibility for
the loss or recovery of personal files.
(3)
Be responsible
for protecting Miami data. All users have a responsibility to protect Miami
data from unauthorized disclosure.
(G) The university's responsibilities
(1)
The university owns various computers and the entire
internal computer networks used on campus. The university also has various
rights to the software and information residing on, developed on, or licensed
for, these computers and networks. The university has the responsibility to
administer, protect, and monitor this aggregation of computers, software, and
networks. Specifically, purposes of the university's information technology
management are to:
(a)
Manage computing resources so that members of the
university community benefit equitably from their use;
(b)
Protect
university computers, networks and information from destruction, tampering, and
unauthorized inspection and use;
(c)
Communicate
university policies and the responsibilities of individuals systematically and
regularly in a variety of formats to all parts of the university
community;
(d)
Establish and support reasonable standards of security
for electronic information that community members produce, use, or distribute.
Standards for security and access are elaborated in the document Miami
university computing security policy, as well as in documents derived from
it;
(e)
Monitor policies and propose changes in policy as
events or technology warrant.
(H) Other Miami university computing policies
(1)
Responsible use of computing resources at Miami
university was adapted from the Ohio state university's policy on responsible
use of university computing resources. Miami university is grateful to the Ohio
state university for allowing us to use its policy as a model.
(2)
Additional
policies, including the Miami university computing security policy, elaborate
the above policies and outline procedures for implementation.
(3)
Additional
policies that are not in this document may apply to specific computers,
computer systems, or networks provided or operated by specific units of the
university. Consult the operators or managers of these systems for further
information.
Replaces: 3339-21-02
Disclaimer: These regulations may not be the most recent version. Ohio may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
