General Computing Policies

Introduction

The University of Houston computing facilities exist to provide computing services to the university community in support of instructional, research, and University business activities. These guidelines are intended to improve the computing services offered and provide these services in a cost-effective manner. University computing facilities are a public resource and may not be used for personal or corporate profit.

Computing facilities at the University of Houston are increasingly decentralized. These guidelines apply to all University computing facilities. Local facilities may establish additional guidelines to meet their special needs. The guidelines of each facility are enforced by a facility manager. For example, the Director of Central Computing Services, or the director's designate, is the facility manager for the computing facilities under Central Computing Services' control. Each microcomputer cluster also has a facility manager.

Within the limits of available resources, each computing facility at the University of Houston has a responsibility to provide service to users in an efficient and equitable manner. To that end, facility managers should establish a set of guidelines governing access to the facilities. Any user who believes that these access guidelines are not being followed, or that they fail to recognize the needs of a group of users, should address their concerns to the facility manager. If the user and the facility manager cannot reach an agreement concerning user access, either the user or the facility manager may ask the Vice President for Information Technology to assist in resolving the problem.

The University computing facilities service a large number of students, faculty, and staff. All users have the responsibility to use the University computing systems in an effective, efficient, ethical, and lawful manner. The ethical and legal standards that are to be maintained are derived directly from standards of common sense and common decency that apply to the use of any public resource.

The following conditions apply to all users of the computing facilities. Violations of any of the conditions are considered unethical and may also be unlawful.

Conditions of Use

As a condition of use of any of the computing facilities, the user agrees:

  1. To respect and follow state and federal laws related to integrity, confidentiality and safeguarding educational information of former and current students, financial and protected health information against unauthorized access and destruction. For example,
    • Texas Administrative Code, Title 1, (TAC 202) requires the University and its employees to protect the integrity and confidentiality of information and to take measures to protect information resources against unauthorized access and destruction.
    • Gramm-Leach-Bliley (GLB) Act requires the University and its employees to safeguard personal financial information that it collects and/or maintains in electronic and paper forms.
    • Family Educational Rights and Privacy Act (FERPA) requires the University and its employees to protect educational information of both former and current students.
    • Health Insurance Portability and Accountability Act (HIPAA) requires the University and its employees to ensure the confidentiality and integrity of protected health information that it receives, creates, collects, transmits and/or maintains and to protect such health information from reasonably anticipated threats, uses and disclosures.
  2. To respect the privacy of other users; for example, users shall not intentionally seek or reveal information on, obtain copies of, or modify files, tapes, or passwords belonging to other users, or misrepresent others, unless explicitly authorized to do so by those users.
  3. To respect the legal protection provided by copyright and license to programs and data; for example, users shall not make copies of a licensed computer program to avoid paying additional license fees or to share with other users.
  4. To respect the intended usage for which access to computing resources was granted; for example, users shall use computing resources authorized for their use by the individuals responsible for these resources only for the purpose specified by that individual. Examples of inappropriate use may include the use of computing resources for purely recreational purposes, the production of output that is unrelated to the objectives of the project, and, in general, the use of computers simply to use computing resources.
  5. To respect the integrity of computing systems; for example, users shall not intentionally develop or use programs that harass other users or infiltrate a computer or computing system and/or damage or alter the software components of a computer or computing system. Any defects discovered in system accounting or system security should be reported to the appropriate system administrator so that steps can be taken to investigate and solve the problem.
  6. To respect the financial structure of a computing system; for example, users shall not intentionally develop or use any unauthorized mechanisms to alter or avoid charges levied by the University for computing services.
  7. To respect the shared nature of the computing resources; for example, users shall not engage in deliberately wasteful practices such as printing large amounts of unnecessary listings, performing endless unnecessary computations, simultaneously queuing numerous batch jobs, or unnecessarily holding public workstations, magnetic tape drives, or dial-up telephone lines for long periods of time when other users are waiting for these devices.
  8. To respect the rights of other users; for example, users shall not engage in private or public behavior that creates an intimidating, hostile, or offensive environment for other users.

In addition to the above, each facility may have additional guidelines for the use of particular types of accounts (e.g., student instructional accounts), and it is the user's responsibility to read and adhere to these additional guidelines.

Users of computing resources should be aware that although many computing facilities provide and preserve the security of files, account numbers, and passwords, security can be breached through actions or causes beyond the reasonable control of the facility. Users are urged, therefore, to safeguard their data, to take full advantage of file security mechanisms, and to change account passwords frequently.

E-Mail Distribution of Information

Users of University e-mail systems should be aware that e-mail is not a secure form of communication by default. Sensitive information including social security numbers, payment card numbers and other forms of confidential information should not be distributed via email. Users are strictly prohibited from sending an individual's name and restricted personal information which includes an individual's social security number or data protected under state or federal law (e.g. financial, medical or student data) via email unless the data is encrypted.

Violations of Conditions of Use

Violations of these conditions -- e.g., unauthorized use of another user's account; tampering with other users' files, tapes, or passwords; harassment of other users; unauthorized alteration of computer charges; unauthorized copying or distribution of copyrighted or licensed software or data; deliberately wasteful practices; online behavior that intimidates or offends -- are certainly unethical and may be violations of University policy or may be criminal offenses. Users should report to the facility manager or to the individual in charge of their computing resource, information they may have concerning instances in which the above conditions have been or are being violated.

When possible violations of these conditions of use are reported or discovered, facility managers reserve the right to commence an investigation of possible abuse. In this connection, the facility managers, with due regard for the rights of privacy and other rights of users, may be given the authority to examine files, passwords, accounting information, printouts, tapes, or other material that may aid the investigation. Examination of user files must be authorized by the Vice President for Information Technology, or a designate. Users, when requested, are expected to cooperate in such investigations. Failure to do so may be grounds for cancellation of access privileges. While an investigation is in progress, in order to prevent further possible unauthorized activity, the facility manager may suspend the authorization of computing services to the individual or account in question.

When possible unauthorized use of computing resources is encountered, the facility manager shall notify the user. The user is expected to take remedial action or to indicate that such use should be permitted. Should unauthorized use continue after notification of the user or should differences of opinion persist, these shall be brought to the attention of the Vice President for Information Technology for recommendations on further action. Upon the recommendation of the Vice President for Information Technology, facility mangers may impose limitations on continued use of computing resources. In accordance with established University practices, confirmation of unauthorized use of the computing facilities may also result in disciplinary review which could lead to expulsion from the University, termination of employment, and/or legal action.