Governing policy:  ITS 1.00 - Responsible Use of Electronic Resources

An outline of the administrative provisions follows:

I.        User Accounts and Authorized Access
II.       Security
III.     Confidentiality
IV.     Privacy
V.       Incidental Personal Use
VI.     Interfering with the Rights and Activities of Others
VII.    Harassment, Threats, Stalking, and Similar Activities
VIII.  Abusing, Damaging, or Destroying Electronic Resources
IX.     E-Mail Abuse
X.      Viruses and Hoaxes

Addressing Concerns

I.  User Accounts and Authorized Access

The University of North Carolina at Wilmington strives to maintain access for its faculty, staff, and students (the "users") to local, national and international sources of information and to provide an atmosphere that encourages sharing of knowledge, creative processes and collaborative efforts within the University's educational, research and service missions.  Access to these electronic information systems is a privilege, not a right, and must be treated as such by all users of these systems.  All users must act honestly, responsibly, and prudently.  Every user is responsible for the integrity of these information resources.  All users must respect the rights of other computer users, and take care in acting responsibly to safeguard the security and confidentiality of electronic resources, information, and similar assets.

Users are responsible for all use of their computer account(s).  They should make appropriate use of the system and network provided protection features and take precautions against others obtaining access to their computer resources.  Individual password security is the responsibility of each user.  Users should respect the policies of external networks and remote sites and only use facilities for which they have been authorized.

Users may not supply false or misleading data, nor improperly obtain another's password, in order to gain access to computers or network systems, data or information.  The negligence or naiveté of another user in revealing an account name or password is not considered authorized use.

For the computers and network systems, all access privileges - including all accounts, user IDs, network IDs, telephone codes, and any other such access codes - are granted for exclusive and individual use of the individual to which they are assigned.  Users may not allow or facilitate access to University computer accounts, equipment, restricted files or systems by others.  Users should not attempt to subvert the restrictions associated with their computer accounts.

When the user's relationship with the University is terminated, he or she shall be denied further access to University computing resources.  Authorized use also terminates unless extended by an appropriate university official.
 

II.  Security

Users are responsible for the security of their own account and password and are responsible for actions taken from their account.  Users should keep their accounts secure and private.  Passwords should be difficult to determine by individuals.  Users should also consider the capabilities of sophisticated computer programs when determining passwords.

Each user's individually owned programs and proprietary information are considered his/her property.  Users shall therefore not attempt to access, read, copy, modify, distribute, replace, delete or otherwise make use of any other user's account or its contents, including data, directories, programs, files, disks or other information or software assets.

Users shall not access or attempt to gain access to any other system accounts or to any nonpublic or restricted portions of the UNCW network.  Users also shall not intercept or attempt to intercept data or voice transmissions of any kind.  Electronic resources shall not be used to attempt to circumvent or defeat any system or account security.  Examples of activities of this type would include but not be limited to the use of any program or procedure that is designed to:  obtain other users' passwords; obtain access to restricted programs, systems or data; modify restricted programs, systems or data; obtain privileges beyond those initially granted to the user account.  Forging, fraudulently altering or falsifying, or otherwise misusing University or non-University records (including computerized records, permits, identification cards, or other documents or property), or to possess such altered documents or files is also prohibited.

Users will not facilitate, support, cooperate with, or in any manner through action or lack of action assist others in the activities defined above.  Neither shall electronic communications be used to steal another individual's works, or otherwise misrepresent one's own work.

The University has a right to expect that computer users will properly identify themselves.  Computer accounts are assigned and identified to individuals.  Users must not misrepresent themselves or send anonymous communications.  All material prepared and utilized for purposes of University business and posted to or sent over University computing equipment, systems or networks must be accurate and must correctly identify the sender, unless a University administrator (department head or higher) approves anonymity for a University business purpose.  Users must provide proper and correct sender identification in all electronic correspondence within and leaving University electronic resources.  Forging, fraudulently altering, or willfully falsifying electronic mail headers, electronic directory information, or other electronic information generated as, maintained as, or otherwise identified as University records in support of electronic communication is strictly forbidden.  Adding, removing or modifying identifying network header information in an effort to deceive or mislead is prohibited.  Attempting to impersonate any person by using forged headers or other identifying information is prohibited.
 

III.  Confidentiality

Federal and state laws govern the confidentiality of certain information maintained by the University. Any person who has been authorized to use and/or to access the electronic resources shall be expected to regard all personal, confidential, copyrighted, or proprietary information which may thereby become available to him/her as confidential,unless he/she obtains from the owner or designated administrator specific written permission to view, copy, modify, or otherwise access or use any part of it.  Users should respect the privacy of others and comply with the confidentiality laws.  Except as set forth in this policy, electronic resources will not be used to abridge the confidentiality or privacy of other users' information or similar assets.

The University is the custodian of a wide array of personal and financial data concerning its students, staff, faculty, and others, as well as the University itself.  Users shall respect the University's obligations of confidentiality as well as their own.  Only those with specific authorization may access, communicate, or use confidential information.
 

IV.  Privacy

The University cherishes the diversity of values and perspectives endemic in an academic institution and so is respectful of freedom of expression.  The University also encourages all members of its community to use electronic communications in meaningful and useful ways, and in a manner that is respectful of the rights, needs, and privacy of others.  For example, users should respect the privacy of other users' information, even when that information is not securely protected.

The University may authorize confidential passwords or other secure entry identification to help ensure the integrity and privacy of data.  Although a respect for privacy is fundamental to the University's policies, users must understand that almost any information can in principle be read or copied.  When University information systems and networks are functioning properly, a user can generally assume the files and data he or she generates to be private information, unless

1.    the creator of the file or data takes action to reveal it to others, or
2.    the University or its designated representatives must access that information for specific purposes as defined below.

Users should be aware that no information system is completely secure.  Therefore, they have no guarantee of complete privacy in the material generated, sent or received by them over the University's electronic resources.  Persons both within and outside of the University may find ways to access files and messages.  Accordingly, the University cannot and does not guarantee users' complete privacy and users should be continuously aware of this fact.  Particularly with regard to communications like e-mail that traverse the Internet, the university cannot ensure privacy of files, data, and messages.  It is impossible to ensure that no one other than the addressee will read e-mail messages.  Those who use e-mail, the Web, and similar forms of communication and/or who make information about themselves available on the Internet should be forewarned that the University cannot protect them from invasions of privacy and other possible dangers that could result from the individual's distribution of personal information.  Neither can the university protect individuals against the existence or receipt of materials that may be offensive or annoying to them.

The University does not condone censorship, nor does it endorse the inspection of electronic files other than on an exceptional basis.  However, access by authorized university employees to electronic information stored on the University's electronic resources may be necessary to ensure the orderly administration and function of university electronic resources.  Such access ordinarily should not require the university's gaining access to the content of the user's electronic information.  The University requires employees such as system administrators, who as a function of their jobs routinely have access to electronic information and other electronically stored data, to maintain the confidentiality of such information.  While respecting users' confidentiality and privacy, the University reserves the right, on a case-by-case basis, and consistent with this policy, to examine any computer files and electronic information.  While general review of content will not be undertaken, monitoring of material stored on or transmitted by electronic resources may occur when deemed necessary by the University for the reasons specified below.

• To enforce or investigate apparent violations of federal, state, and local laws and regulations, and regulations and policies of the University of North Carolina.
• To prevent the exchange, receipt, or transmission of proprietary software or copies of electronic information in disregard of copyright restrictions or contractual obligations. It is the policy of the University of North Carolina at Wilmington to promptly process and investigate notices of alleged copyright infringement, and take appropriate actions under the Digital Millennium Copyright Act, Title 17, United States Code, Section 512 ("DMCA").
• To safeguard the security, integrity, and operating performance of computers, networks, and data either at the University or elsewhere.
• To retrieve information in emergency circumstances where there is a threat to health, safety, or university property.
• To obtain information related to University business, a supervisor or other University official may have access for work-related purposes, providing the owner of the information is not available in a reasonable period of time to produce the information and approval to access another's system has been expressly approved in advance by a Director, Department Chair, or more senior official.  Every attempt should be made to acquire the needed data or files from the owner directly.
• To accomplish the repair and maintenance of equipment.  Users should be aware that on occasion duly authorized University information systems technological personnel have authority to access individual user files or data in the process of performing repair or maintenance of computing equipment the University deems is reasonably necessary, including the testing of systems in order to ensure adequate storage capacity and performance for University needs.  Information systems technological personnel performing repair or maintenance of computing equipment are expressly prohibited from exceeding their authority of access for repair and maintenance purposes or from making any use of individual user files or data for any purpose other than repair or maintenance services performed by them.
• To satisfy a response to a public records request, administrative or judicial order or request for discovery in the course of litigation.  Users should be aware that public records statutes are very broad in their application.  Some records are protected from disclosure.  However, most University records and logs contained in electronic form require disclosure if a public record request is made.  Users should remember this when creating any electronic information, especially e-mail.
• To protect the University against damaging consequences.

Finally, the community of computer users at large has rights and expectations that must be considered.  When individuals misrepresent either themselves or the University, or when they act by computer in a manner unacceptable within the University or in the larger community, the integrity and mission of the University itself is endangered.
 

V.  Incidental Personal Use

The university respects the privacy of users.  It does not routinely inspect or monitor the contents of electronic information, nor is the university responsible for its contents.  The university electronic resources may, subject to this policy, be used for incidental personal purposes, provided such use does not interfere with normal university operations, burden the university with incremental costs, violate laws, policies, or regulations, or interfere with the user's employment or other obligations to the university.
 

VI.  Interfering with the Rights and Activities of Others

Electronic computing and communication resources are limited resources designed to facilitate the instruction, learning, dissemination of scholarly information, and research activities of the campus community.   They should not to be used wastefully, or to impede, interfere with, restrict, cause harm to, or impair the rights or activities of other users.  Specifically, users may not infringe or encroach on the availability or use of electronic computing and communication resources by others.  Such activities would include, but not be limited to:
 

• Hoarding or excessive use of electronic and communication resources, in such ways that they interfere with reasonable access to resources by other users.
• Tampering with, damaging, or disrupting, the normal operations of computers, networks, and facilities, including activities such as "denial of service" (DoS) attacks against another network host or individual user, other related attacks on accounts;
• Creating or maintaining Web pages or Web applications that are accessed to an excessive degree.  Such Web pages and applications can be a drain on computer resources and, except where significant to the University's mission, may require the University to ask that they be moved to a private Internet provider;
• Running inefficient programs on the network or shared computers when efficient ones are available.  Systems, applications, and software should employ sound engineering and best practices to ensure that the use does not overload University computing equipment or systems, or otherwise harm or negatively impact the system's performance;
• Running or installing on any computer system or network, or giving to another user, a program designed or likely to damage or to place excessive load on a computer system or network. This includes but is not limited to programs known as computer viruses, Trojan horses, worms, or similar damaging programs;
• Performing an act which will interfere with the normal operation of computers, peripherals, or networks.

VII.  Harassment, Threats, Stalking, and Similar Activities

Users may not use electronic communications to harass, stalk, or threaten others, or in similar ways create an atmosphere which unreasonably interferes with the education or employment experience.  Generally, communication that contains abusive, offensive or intimidating language and is repeated, unsolicited, unwanted or unwelcome may constitute harassment.

This would include, but not be limited to, posting, transmitting, or originating any unlawful, threatening, abusive, hostile, fraudulent or defamatory communication, or any communication where the message, or its transmission or distribution, would constitute or would encourage conduct that would constitute a criminal offense, give rise to civil liability, or otherwise violate any local, state, national, or international law or violate other policies, rules and regulations of the University.  Information that is defamatory is defined as provably false, unprivileged statements that do demonstrated injury to an individual's or a business's reputation.

Users will also not post or disseminate personal or sensitive information about an individual(s).  Such information would include, but not be limited to academic records, medical information, social security number, or similar information of a personal and confidential nature that, if disseminated, could have legal or otherwise damaging implications either for the targeted person or the institution.
 

VIII.  Abusing, Damaging, or Destroying Electronic Resources

Users are encouraged to make use of the University's computing and communication resources in pursuit of legitimate activities that further the educational, research, administrative, and service mission of the institution.  However, users must also be aware of the finite capacity of computers or network systems, and of the resources required to obtain and support those resources.  Such resources are shared among all members of the campus community, and it is in the interest of all users to ensure the proper functioning, availability, and performance of computing and communication systems and networks.  Damaging, abusing, or in other ways destroying or interfering with the successful operation of electronic computing and communication resources is forbidden.  Users must take care not to engage in activities that, without proper authorization:

• Overload the computing systems and networks, such as excessive use of processor time, data storage, or bandwidth, or activities which otherwise impair or negatively impact performance and availability;
• Interfere with, disable, damage, obstruct, or in similar manner impede the normal function and accessibility of computer or communication systems, or computer data, files and other information;
• Waste or hoard computer or network resources in ways that interfere with the operation of the system or its availability to others;
• Attempt the unauthorized connection, removal or modification of computer or communication devices;
• In any way physically abuse, damage, or destroy computing or communication systems, data, or facilities;
• Disseminating or launching any executable program designed to damage systems or data, or place excessive load on a computer or network affecting its performance or availability.

IX.  E-Mail Abuse

Users are prohibited from engaging in activities involving email that violate this policy or cause harm to resources and to other users.  Among the activities prohibited under this policy are:

• Sending frivolous or excessive messages, including junk mail, "spamming", "chain letters", and other types of unsolicited messages;
• Sending unauthorized broadcast or mass email messages (see Mass E-mail Policy);
• Interfering with the normal operation and availability of electronic communication systems and services such as e-mail.

Users are also referred to the UNCW Mass E-mail Policy for guidelines on the authorized use of email for the dissemination of information to the university community at large.

Users should contact the ITSD Technology Assistance Center or their local IT computing consultants for information concerning methods of protecting themselves from e-mail abuse.  In many cases, users should contact the originator of actions and messages which they believe inappropriate to express their concerns and to request that the unsolicited and unwelcome actions are stopped.  This is especially useful for e-mail messages and similar activities for which there may ultimately be no intended harm.  If the user is unsuccessful in having such activities discontinued, and in more serious cases where activities are observed that are believed to be illegal, in violation of University policies, or that will result in harm or damage to users, data, or computing and communication systems, those activities should be reported following the procedure outlined in Addressing Concerns below.
 

X.  Viruses and Hoaxes

Users are encouraged to make full use of the University's computing and communication resources in pursuit of legitimate activities that further the educational, research, administrative, and service mission of the institution.  However, users must also be aware of the fact that there are imminent and severe threats associated with sharing files with others and with access to both the campus network and Internet.    Because of the level of threat associated with this level of networked community participation, users have certain responsibilities that include the following:

• Protecting themselves, their colleagues, and the University community through virus protection software;
• Maintaining Virus definitions associated with the software at current levels as provided for by the manufacturer of that product;
• Refraining from downloading, transporting, posting, transmitting, or launching material such as a computer virus, worm, Trojan Horse, or similar damaging rogue entity that is illegal or damaging to a university computing or communication;
• Refraining from disseminating or conveying to other users hoaxes or other false information concerning viruses or similar threats.

Users should contact the ITSD Technology Assistance Center or their local IT computing consultants for information concerning viruses and necessary practices for ensuring protection against those viruses and similar threats.  Any user who believes they have information concerning the creation, propagation or dissemination of viruses or similar threats, including hoaxes, should inform the ITSD Technology Assistance Center immediately.  ITSD reserves the right to restrict access to the campus network or computing resources to ensure prevention and containment of such entities.  ITSD also reserves the right to digitally scan, by appropriate protection software, all messages and files stored on or transmitted through campus electronic resources for the presence of threats such as viruses, and to eliminate those messages and files found to contain them to ensure protection of systems, data, and other users.
 

Addressing Concerns

The University reserves the right to place restrictions on the use of its electronic resources in response to complaints that present evidence of violations of university policies, rules, regulations or codes, or local, state or federal laws and regulations.  Actions that violate these policies can result in immediate disabling, suspension, and/or revocation of the account owner's privileges pending review for further action.  Such unauthorized or illegitimate use of electronic resources including computer accounts, resources or facilities may subject the violators to appropriate disciplinary, criminal and/or legal action by the University and/or the State.  If evidence is established, the university authorities responsible for overseeing these policies and codes will be consulted on the appropriateness of specific actions.

Individuals who have concerns about the conduct of a member of the university community or the propriety of a given situation or activity should notify their department chair, dean, director, or an administrator in their supervisory chain at a level sufficient to allow objectivity in evaluating the subject of concern.  If action is deemed warranted by this official, the matter shall be referred to the appropriate Vice Chancellor or Senior Officer.  Prior to taking action, the Vice Chancellor or Senior Officer responsible for the situation or activity at issue shall consult with the Vice Chancellor for ITSD, who shall, as appropriate, consult with the University's General Counsel.  The responsible official shall then respond to University community members who express concerns about such activities or incidents, and shall inform the Chancellor regarding their response.

When concern about a given situation or activity involves an imminent threat to individuals, systems, or facilities, users should immediately communicate the concern directly to the Office of the Vice Chancellor Information Technology Systems and to University Police.