Current through all regulations passed and filed through September 16, 2024
(A)
Purpose: to
outline the acceptable use of university computer, network, application,
telecommunications, data in digital form, or other information technology
resources (hereinafter called technology resources) in order to ensure that all
members of the campus community understand their responsibilities when using or
accessing technology resources and to safeguard these
resources.
(B)
Policy statement: All users of university technology
resources, whether or not affiliated with the university, and notwithstanding
geographical location are responsible for their appropriate use, and by their
use, agree to use them in an ethical, responsible manner and will comply with
applicable federal, state and local laws and university policies. An attempt to
engage in a prohibited activity is considered a violation whether the attempt
is successful or not.
(C)
Users with access to university technology resources
must agree to and accept the following:
(1)
Use of university
supplied technology resources shall be for purposes that are consistent with
the mission of the university. Ability to access university resources not
otherwise supplied does not, by itself, imply authorization to do
so.
(2)
Be accountable for and only use accounts, passwords,
and/or authentication credentials that they have been authorized to use for
their role at the university.
(3)
Only share data
with others as allowed by applicable policies and procedures, and dependent on
their assigned role.
(4)
Comply with the security and privacy controls on all
information technology resources used for university business, including but
not limited to mobile and computing devices, whether university or personally
owned.
(5)
Comply with intellectual property rights, licensing and
contractual agreements related to information technology
resources.
(6)
Respect the rights and privacy of
others.
(7)
Take responsibility for the content of their personal
communications.
(8)
Take reasonable care to safeguard equipment entrusted
to them.
(9)
Acknowledge that the principle of academic freedom
shall apply to public communication in all these forms of communication, as
well as in the transmission of information in both the physical and virtual
classrooms.
(10)
Acknowledge that the university may access data files
in the course of its normal supervision of the network or system (i.e., backing
up of electronic messaging material), when exigent circumstances arise (i.e.,
evidence of reported violations of policies or laws), or when the university
receives requests pursuant to section
149.43 of the Revised Code (the
Ohio Public Records Act).
(11)
Acknowledge that
the university cannot guarantee the absolute security and privacy of data
stored on university technology resources.
(D)
Unacceptable use
includes and is not limited to the following list. Users are not permitted
to:
(1)
Share
authentication details or provide access to their university accounts with
anyone else (e.g., sharing the password).
(2)
Impersonate
another person, misrepresent their affiliation with another person or entity,
engage in fraud, or hide or attempt to hide their identity.
(3)
Circumvent,
attempt to circumvent, or assist another in circumventing the security controls
in place to protect technology resources and data.
(4)
Knowingly
download or install software onto university technology resources or use
software applications, which may interfere or disrupt service, or do not have a
clear administrative, academic, research or scholarly use.
(5)
Engage in
activities that interfere with or disrupt users, equipment or service;
distribute viruses or other malicious code; or install software, applications,
or hardware that permits unauthorized access to technology
resources.
(6)
Conduct unauthorized scanning of university technology
resources.
(7)
Engage in inappropriate use, including but not limited
to:
(a)
Activities that violate state or federal laws, regulations, technology resource
licensing, or university policies.
(b)
Harass,
discriminate or defame others.
(c)
Widespread
dissemination of unsolicited and unauthorized electronic
communications.
(8)
Engage in
excessive use of enterprise technology resources, including but not limited to
network capacity or enterprise server storage and computing capacity. Excessive
use means use that is unrelated to academic or employment-related needs, or
that interferes with other authorized uses.
(9)
Use any means to
view, gain access to, intercept data or network traffic, use facilities,
accounts, access codes, privileges or technology resources not intended for
their viewing or use.
(10)
Use the university's technology resources for
commercial or for financial gain not related to the university's administrative
operations, academic, research, and scholarly pursuits.
(11)
Represent
personal electronic communications as being an official position of the
university.
(E)
Incidental personal use of technology resources,
including email, is permitted provided that this use does not interfere with
university operations, violate university policies, create an inappropriate
atmosphere for employees in violation of law or university policy, generate
incremental identifiable costs to the university, and/or negatively impact the
user's job performance.
(F)
Enforcement and administration
(1)
Determination of
violations shall be made in accordance with established applicable due process
procedures (i.e., student code of conduct, collective bargaining agreement,
academic and administrative grievances and appeals policies, as
appropriate).
(2)
Users who violate this policy may be denied access to
university technology resources and may be subject to other penalties and
disciplinary action, both within and outside of the university. The university
may temporarily suspend or block access to an account, prior to the initiation
or completion of such procedures, when it reasonably appears necessary to do so
in order to protect the integrity, security or functionality of university or
other technology resources or to protect the university from liability. The
university may also refer suspected violations of applicable law to appropriate
law enforcement agencies.
(3)
The vice president for information technology and CIO
is responsible for administering this policy.
Replaces: 3342-9-02