Computing and Information Technology Values and Policies: Values and Policies
Every individual using computing and information technology resources is responsible for appropriate use. When a specific resource is assigned to a particular individual, that person is responsible for its proper use. For example, the person to whom a microcomputer workstation is assigned is responsible for the appropriate use of that workstation. When a user ID and password are issued to an individual, that person is responsible for all activities associated with that user ID. The burden of proper password security is on the person to whom the password is assigned.
Freedom of Expression
The electronic medium in itself does not enhance or take away from freedom of expression. Responsible expression should be conducted in a manner that is consistent with the mission and values of the university. This precludes forms of expression such as harassment, obscene or pornographic material, and any form of expression excluded by law. Also, freedom of expression does not extend to making official representation on behalf of the university without the approval of the appropriate university official.
Electronic communications and documents are assumed to be private unless the creator has explicitly made them available to others. Their contents may not be examined without the permission of the owner, approval by designated university officials (as defined in the section on violations) or as required by law. In spite of this assumption of privacy, one must always be aware that material sent to another individual or placed in a publicly accessible area could be passed on without the originator’s knowledge. Users of computing and information technology should not, for example, have an “expectation of privacy” when using e-mail. Furthermore, activities such as maintenance and/or troubleshooting of computing and information technology systems may sometimes require access to electronic communications and documents or transaction logs that are normally considered private. In such circumstances, privacy is still considered important and will be maintained if at all possible.
Much of the information (e.g. payroll and grade information) stored in computing and information technology systems is considered confidential, and in some cases is protected by laws such as the Family Educational Rights and Privacy Act. Legitimate access to confidential information is determined by factors such as job responsibility or permissions explicitly granted by the owner of the information. Those with such legitimate access to confidential information are to safeguard its confidentiality by knowing to whom such information may be released, and by not allowing its release in any form to unauthorized individuals. Access to any resources without proper authorization, whether or not they are considered confidential, is not permitted.
Intellectual Property Rights
Intellectual property rights extend to the electronic medium. Generally, the copyright for a work is owned by the creator of the work. This is true even in cases where the creator has not sought formal copyright protection. One should assume that a work retrieved over a network or by other electronic means is covered by copyright. Such works should not be redistributed unless permission to do so is explicitly given by the owner of the copyright. Making a work available over a network does not necessarily relinquish intellectual property rights, although it must be recognized that one’s work could be widely distributed, which could jeopardize these rights. Computer software and documentation are also covered by copyright. Copying such documentation or software except as permitted in the copyright notice or software license agreement is illegal. University resources are not to be used to violate intellectual property rights.
Access to Electronic Materials
Access to a rich set of electronic materials through means such as campus networks and the Internet is an important part of the computing and information technology environment. However, university resources are not to be used to retrieve, store or distribute materials that are inconsistent with the mission and values of the university. For example, university resources are not to be used to retrieve, store or distribute materials that are pornographic.
Many computing and information technology resources are made available on a shared basis. For example, a networked printer is a resource that is shared by several individuals. Activities that would have a detrimental effect on a resource, such as purposely causing an overload condition that deprives others of its use, are not permitted. For example, chain letters or mass mailings that degrade e-mail system performance are not permitted.
With its connection to networks outside the university (such as the Internet), the university participates in a global electronic community. We must adhere to the policies of these external networks to ensure our continued participation in this community. Use of a resource external to the university must conform to the policies established by the provider of that resource.
Commercial use of university resources could endanger its status as a nonprofit organization. Therefore, commercial use is not allowed without permission from the provost and executive vice president or the vice president for business affairs. Incidental personal use of computing and information technology resources is permitted as long as it does not have a detrimental effect on university-related use, is noncommercial and does not present a cost to the university.
The use of university resources to commit a crime is a violation of university values. This includes activities explicitly covered by laws governing the electronic medium, as well as use of the electronic medium as a means to commit other crimes. Illegal activities will be reported to the appropriate law enforcement authorities.
Depending on the classification of the individual involved (faculty, staff or student), suspected violations of these values and policies will be confidentially reported to the provost and executive vice president, the vice president for business affairs, or the vice president for student affairs and enrollment management. Only these university officials (or the president) may authorize further investigation or review of materials which would otherwise be considered private or confidential. Such authorization is granted on a case-by-case basis and only as it directly relates to a suspected violation. Suspected violations will be processed in a manner consistent with standard university procedures as defined in faculty, staff and student handbooks. An individual’s access to certain computing and information technology resources may be suspended during the processing of a suspected violation.
Improper use of computing and information technology may result in the violation of civil law as well as the criminal laws of local, state and federal governments. The investigation of such violations may be conducted entirely without the knowledge or participation of Samford University.
Changes in technology or law may require regular revision of these values and policies. They will be reviewed at least annually under the direction of the chief information officer. Comments or suggestions concerning these policies may be directed at any time to either of these individuals. Final authority for changes rests with the President’s Cabinet and/or the president. Current copies will be printed in faculty, staff and student handbooks and will be posted electronically on university-wide information servers.