California Polytechnic State University, San Luis Obispo
As a public institution of higher education, Cal Poly is committed to fostering an educational climate in which students, faculty and staff can approach their respective roles with a sense of high purpose and in which they may study and work free from harassment and intimidation. The University's Responsible Use Policy for Information Technologies (RUP) recognizes that personal viewing or transmittal of potentially offensive digital materials (for example, sexually explicit materials) may result in excessive use of campus computer and network resources inconsistent with professional responsibilities and ethical standards. Such practices may also result in educational and work environments that are hostile or are perceived to be hostile. In consequence, all members of the campus community are advised that the University does not condone and will not tolerate any such actions that are proven to constitute excessive use, to create a hostile work environment, or to have the effect of harassing or intimidating members of the campus community. In addition, any viewing or transmitting of illegal materials (for example, child pornography or obscene materials) is explicitly prohibited. The University also emphasizes that its policies are not aimed to impair free expression and open inquiry or unduly to restrict access to any lawful digital materials by those who would do so within the guidelines of the RUP.
Paul J. Zingg
Provost and Vice President for Academic Affairs
April 11, 2003
Table of Contents
Policy Development History
|April 25 , 2005||Modified Section E.11 and Appendix C to address accessibility to websites and digital content, and to add references to related policies and laws. Updated link to Confidential-Security Agreements in Section E.2.|
|March 1 , 2005||
Modified Section E.4., E.4.8 and E.4.12 and Appendix A to address network attached devices and network communication devices. Added reference Cal Poly's Information Security Policy to Section E.4 and Appendix C. Updated links to campus websites as needed.
|June 30, 2003||Added FAQ and modified E.2 and Appendices A and D to comply with State law on disclosure of personal information, and updated Appendix C|
|April 16, 2003||Added preface, reformatted and updated policy development history, updated links in Appendix C|
|April 2002||Appendices and links to websites were updated and more FAQs were posted online|
|March 12, 2001||Final policy approved by President Warren Baker and posted online|
|February 13, 2001||Academic Senate passed a resolution endorsing the policy|
|February 2001||Policy endorsed by Associated Students, Inc. (ASI)|
|February 2001||Policy endorsed by Information Resources Management Policy and Planning Committee (IRMPPC)|
|February 2001||Policy endorsed by Instructional Advisory Committee on Computing (IACC)|
|February 2001||Policy endorsed by Administrative Advisory Committee on Computing (AACC)|
|August 2000||Interim policy released and posted online|
|October 1999||Initial draft policy released and posted online|
California Polytechnic State University, San Luis Obispo
This policy applies to any user of the University's information technology resources, whether initiated from a computer located on or off-campus. This includes any computer and information system or resource, including means of access, networks, and the data residing thereon. This policy applies to the use of all University information technology resources whether centrally-administered or locally-administered. Administrators of individual or dedicated University resources may enact additional policies specific to those resources provided they do not conflict with the provisions of this and other official policies and laws. Users are subject to both the provisions of this policy and any policies specific to the individual systems they use.
The principal concern of this responsible use policy is the effective and efficient use of information technology resources. The primary focus is to insure that the resources are used in a manner that does not impair or impede the use of these resources by others in their pursuit of the mission of the University. This policy is intended to ensure
- the integrity, reliability, and good performance of University resources;
- that the resource-user community operates according to established policies and applicable laws;
- that these resources are used for their intended purposes; and
- that appropriate measures are in place to assure the policy is honored.
The policy is intended to permit, rather than proscribe, reasonable resource-user access within institutional priorities and financial capabilities.
This policy is intended to promote and encourage responsible use while minimizing the potential for misuse and not imposing broad-based restrictions on all users.
This policy is not intended to prevent or prohibit the sanctioned use of campus resources as required to meet Cal Poly's core mission and academic and administrative purposes.
C. Guiding Principles
The following principles underlie this policy and should guide its application and interpretation:
D. Policy Application
As a general guideline, the institution regards the principle of academic freedom to be a key factor in assuring the effective application of this policy and its procedures and practices. The law is another source of guidance. The University's roles in supporting or acting to enforce such law is also critical to how this policy will be applied.
E. Policy Provisions
This section is not intended to provide a full accounting of applicable laws and policies. Rather, it is intended to highlight major areas of concern with respect to responsible use of Cal Poly resources and specific issues required by law or CSU policy to be included.
1. Authorized Use / Access
Access to Cal Poly's information technology resources is a privilege granted to faculty, staff and students in support of their studies, instruction, duties as employees, official business with the University, and/or other University-sanctioned activities. Access may also be granted to individuals outside of Cal Poly for purposes consistent with the mission of the University.
With the exception of implicitly publicly accessible resources such as website, access to Cal Poly information technology resources may not be transferred or extended by members of the University community to outside individuals or groups without prior approval of an authorized University official. Such access must be limited in nature and fall within the scope of the educational mission of the institution. The authorizing University official is expected to ensure that such access is not abused.
Gaining access to the University's information technology resources does not imply the right to use those resources. The University reserves the right to limit, restrict, remove or extend access to and privileges within, material posted on, or communications via its information technology resources, consistent with this policy, applicable law or as the result of University disciplinary processes, and irrespective of the originating access point.
It is expected that these resources will be used efficiently and responsibly in support of the mission of the University as set forth in this policy. All other use not consistent with this policy may be considered unauthorized use.
2. Data Security, Confidentiality and Privacy
Cal Poly users are responsible for ensuring the confidentiality and appropriate use of institutional data to which they are given access, ensuring the security of the equipment where such information is held or displayed, ensuring the security of any accounts issued in their name, and abiding by related privacy rights of students, faculty and staff concerning the use and release of personal information, as required by law or existing policies, including employee Confidentiality-Security Agreements and Policy on the Use and Release of Student Information.
Cal Poly is required by State law to disclose any breach of University system security to California residents whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Notification will be based on procedures outlined in Appendix D, Policy Implementation and Practices.
Electronic mail and computer files are considered private to the fullest extent permitted by law. Access to such files will generally require permission of the sender/recipient of a message or the owner of the account in which the material resides, court order, or other actions defined by law. However, in the event of a sanctioned University investigation for alleged misconduct, e-mail or files may be locked or copied to prevent destruction and loss of information. Users may employ methods to increase the privacy of their files, provided they do not violate any provision of this policy or degrade system/network performance.
All users of Cal Poly's information technology resources are advised to consider the open nature of information disseminated electronically, and should not assume any degree of privacy or restricted access to such information. Cal Poly strives to provide the highest degree of security when transferring data, but cannot be held responsible if these measures are circumvented and information is intercepted, copied, read, forged, destroyed or misused by others.
3. Electronic Information Retention and Disclosure
Original electronic materials and/or copies may be retained for specified periods of time on system backups and other locations; however the University does not warrant that such information can be retrieved. Unless otherwise required by law and/or policy, Cal Poly reserves the right to delete stored files and messages to preserve system integrity. Except in an emergency, users will be given advance notice to delete files and messages.
Electronic files or messages, whether or not created and stored on University resources, may constitute a University record subject to disclosure under the California Public Records Act or other laws, or as a result of litigation. Electronic copies must be provided in response to a public record request or legally issued subpoena, subject to very limited exceptions, as with other documents created and retained by the University.
Disclosure of confidential information to unauthorized persons or entities, or the use of such information for self-interest or advantage, is prohibited. Access to non-public institutional data by unauthorized persons or entities is prohibited.
Requests for disclosure of confidential information and retention of potential evidence will be honored when approved by authorized University officials or required by state or federal law.
4. Network and System Integrity
5. Commercial Use
Use of the University's information technology resources is strictly prohibited for unauthorized commercial activities, personal gain, and private, or otherwise unrelated to the University, business or fundraising. This includes soliciting, promoting, selling, marketing or advertising products or services, or reselling University resources.
Campus auxiliary organizations are authorized to provide services and products to students, faculty and staff, and invited guests of the University through operating and service support leases. The University President or designee may authorize additional limited commercial uses under separate policy provisions. Such uses are excepted from the above prohibitions. These prohibitions are not intended to infringe on authorized uses that enable students, staff and faculty to carry out their duties and assignments in support of the University mission.
(Detailed guidelines are being developed to clarify exceptions to this provision and will be incorporated or referenced in the next major revision.)
6. Political Advocacy
It is generally inappropriate for individual employees to use University resources to engage in political advocacy in election campaigns. State law generally prohibits the use of public funds for this purpose and Government Code Section 8314 makes it illegal for any state employee or consultant to use or permit others to use state resources for any campaign activity not authorized by law.
An employee can be held personally liable for intentionally or negligently violating Government Code Section 8314 for up to $1,000 per day the violation occurs plus three times the value of the unlawful use of state resources. Due to the personal nature of this activity, the State of California would not indemnify or defend the employee if an action was pursued against them for violating this statute.
The courts have yet to address the specific issue of whether an individual's use of state supported e-mail for political purposes violates the law. While the University may choose not to be involved in deciding whether a personal communication violates this provision, other policy provisions may apply and an employee may still be subject to personal liability under the law. Employees should exercise appropriate caution prior to engaging in such activities, which may have negative consequences for them and the University.
This provision does not apply to political activities related to on-campus student government, including the conduct of student elections, or student club activities and sponsored events conducted with prior approval of the University. It does not apply to individual student activities, e.g., websites, which constitute free speech. Such activities must comply with all other provisions of this policy, including the section on electronic communications, when using University resources.
8. Copyright and Fair Use
9. Trademarks and Patents
10. Electronic Communications
University electronic communications are to be used to enhance and facilitate teaching, learning, scholarly research, support academic experiences, to facilitate the effective business and administrative processes of the University, and to foster effective communications within the academic community. Electronic mail, news posts, chat sessions or any other form of electronic communication must comply with Cal Poly's Electronic Mail Policy.
11. Web Sites and Accessibility to Digital Content
An official Cal Poly web page is one that is formally acknowledged by the chief officer of a University college, department or division as representing that entity accurately and in a manner consistent with Cal Poly's mission. Without such acknowledgment, a web site, regardless of content, is not "official." Official pages are the property and responsibility of the divisions that create them. This includes official pages developed by and/or hosted on non-University resources.
Cal Poly is strongly committed to ensuring comparable access to web-based information and information technologies for individuals with disabilities as required by Executive Order 926, the Americans with Disabilities Act (ADA), Section 11135 of the California Government Code, and other applicable policies and laws. Official web pages and other official University information, services and learning resources delivered electronically must comply with current campus standards and guidelines to ensure resasonable access by affected individuals. The chief officer of a University college, department, or division is responsible for ensuring that digital content associated with their area, regardless of origin, complies with accessibility policies, standards, guidelines and practices established by the University.
"Unofficial" information may also be posted and maintained by individual students, faculty, staff and student organizations. Cal Poly does not undertake to edit, screen, monitor, or censor information posted by unofficial authors, whether or not originated by unofficial authors or third parties, and does not accept any responsibility or liability for such information even when it is conveyed through University-owned servers.
Both official and unofficial web sites are subject to the other provisions of this policy if they use University resources such as University-owned servers and the Cal Poly network to transmit and receive information.
F. Policy Compliance
The Vice Provost/Chief Information Officer is authorized by the President to ensure that the appropriate processes to administer the policy are in place, communicated and followed by the University community. The Vice Provost/Chief Information Officer or designee will ensure that suspected violations and resultant actions receive the proper and immediate attention of the appropriate University officials, law enforcement, outside agencies, and disciplinary/grievance processes in accordance with due process.
The Vice Provost/Chief Information Officer or designee will inform users about the policy; receive and respond to complaints; collect and secure evidence as required; advise and assist University offices on the interpretation, investigation and enforcement of this policy; consult with University Legal Counsel on matters involving interpretation of law, campus policy, or requests from outside law enforcement agencies and/or legal counsel; and maintain a record of each incident and its resolution to inform future policy changes.
G. Consequences of Non-Compliance
Enforcement will be based upon receipt by Information Technology Services of one or more formal complaints about a specific incident or through discovery of a possible violation in the normal course of administering information technology resources.
First offense and minor infractions of this policy, when accidental or unintentional, such as consuming excessive resources or overloading computer systems, are generally resolved informally by the unit administering the resource. This may be done through e-mail or in-person discussion and education.
Repeated offenses and serious incidents of non-compliance may lead to University disciplinary action under CSU and University disciplinary policies and procedures for students and employees, employee contract provisions where appropriate, private civil action, and/or criminal charges. Serious incidents of non-compliance include but are not limited to unauthorized use of computer resources, attempts to steal passwords or data, unauthorized use or copying of licensed software, repeated harassment, or threatening behavior.
In addition to the above, inappropriate use of information technology resources may result in personal criminal, civil and other administrative liability.
Appeals of University actions resulting from enforcement of this policy will be handled through existing disciplinary/grievance processes for Cal Poly students and employees.
H. Reporting Irresponsible or Inappropriate Use
Suspected infractions of this policy should be reported to Information Technology Services at firstname.lastname@example.org or email@example.com in accordance with Appendix D, Policy Implementation and Practices. There might be situations when the following additional offices/officials should be notified of suspected violations when filing a complaint:
I. Policy Review and Practices Oversight
The Vice Provost for Information Technology/Chief Information Officer is responsible for application and enforcement of this policy. The Acceptable Use Policy sub-Committee (AUPC) of the Information Resources Management Policy and Planning Committee (IRMPPC) shall review this policy on an annual basis or as the need arises, make recommendations for any changes, and provide oversight and periodic review of the practices used to implement this policy. Recommended changes shall be reviewed and approved by the Vice Provost/Chief Information Officer in consultation with the IRMPPC and the President. The current version of the policy will be posted and maintained on the Cal Poly web site. A hard copy will be available at the Kennedy Library Reserve Desk.
J. Glossary and Definition of Terms
Appendix A - http://its.calpoly.edu/Policies/RUP-INT/define.htm - Updated 6/30/03
K. Specific Examples of Responsible and Irresponsible Uses
Appendix B - http://its.calpoly.edu/Policies/RUP-INT/example.htm - Updated 4/2/02
L. References and Works Cited
Appendix C - http://its.calpoly.edu/Policies/RUP-INT/refer.htm - Updated 4/25/05
M. Policy Implementation and Practices
Appendix D - http://its.calpoly.edu/Policies/RUP-INT/practice.htm - Updated 6/30/03
"RUP Implementation Matrix of Responsibilities" in Excel and PDF formats
Return to Information Technology Policies Website
Updated 4/25/05 - Modified Section E.11 and Appendix C to address accessibility to websites and digital content, and to add references to related policies and laws. Updated link to Confidentiality-Security Agreements in Section E.2.
Please refer any questions to firstname.lastname@example.org