Appropriate Use of Computing
Table of Contents:
State and Federal Laws
- Texas Administrative Code, Title 1, (TAC 202) Information Security Standards and Procedures
- GLB Act (Gramm Leach Bliley Act)
- FERPA (Family Educational Rights and Privacy Act)
- HIPAA Health Insurance Portability and Accountability Act
- Condition of Use of Computing and Network Facilities
- Code of Practice in the Use of Computing and Network Facilities
- Code of Practice for Illegal Activity and Objectionable Material
IT Practices and GuidelinesComputers and other computing resources at the University of Houston become more ubiquitous every semester. This allows more and more access to university computing systems and subsequently requires more specific guidelines for use of those systems. Since the University of Houston has a continuous connection to the public Internet, and other networked resources (such as Internet II), the University is liable for computer-based misuse and abuse originating from its campuses. The University also has an obligation to enforce or provide oversight regarding other issues on its campuses such as copyright infringement and harassment.
The general rights and obligations regarding usage of IT related resources are contained throughout the University's governing policies as listed above. To provide greater clarity and understanding, IT has grouped the various elements of the University's policies, practices and procedures into two specific areas: Condition of Use of Computing and Network Facilities and Code of Practice in the Use of Computing and Network Facilities.
Condition of Use of Computing and Network Facilities
- All persons using the computing and networking facilities shall be responsible for the appropriate use of the facilities provided as specified by the "Conditions of Use" in General Computing Policies, and shall observe conditions and times of usage as published by the Administrator of the system.
- It is the policy of the University that its computing and associated network facilities are not to be used for commercial purposes or non-University-related activities without written authorization from the University. In any dispute as to whether work carried out on the computing and networking facilities is internal work, the decision of the Vice-Chancellor or his delegate shall be final.
- The user will not record or process information that knowingly infringes any patent or breach any copyright.
- The University will endeavor to safeguard the possibility of loss of information within the University's computing and networking facilities but will not be liable to the user in the event of any such loss. The user must take all reasonable measures to further safeguard against any loss of information within the University's computing and networking facilities.
- If a loss of information within the system can be shown to be due to negligence on the part of the computing or network personnel employed by the university, or to any hardware or software failure which is beyond the user's means to avoid or control, then the Information Technology Services will endeavor to help restore the information.
- Users of the computing and networking facilities recognize that when they cease to be formally associated with the University (e.g. no longer an employee, enrolled student or visitor to the University), their information may be removed from University computing and networking facilities without notice. Users must remove their information or make arrangements for its retention prior to leaving the University.
- The University, through authorized individuals, reserves the right to periodically check and monitor the computing and networking facilities, and reserves any other rights necessary to protect them.
- The University reserves the right to take emergency action to safeguard the integrity and security of the computing and networking facilities. This includes but is not limited to the termination of a program, job, or on-line session, or the temporary alteration of user account names and passwords.
- In accordance with established university practices and numerous state and federal laws regarding computer violations, a user found to be abusing or misusing university computer resources may be subject to disciplinary action up to and including expulsion from the university or termination of employment, and/or to legal action.
Code of Practice in the Use of Computing and Network Facilities
Standards for the use of the University's computing and networking facilities derive directly from standards of fairness and constraint that apply to the use of any shared resource. The University community depends on a spirit of mutual respect and cooperation to resolve differences and resolve problems that arise from time to time. This of this code of practice is to specify user responsibilities and to promote the appropriate use of IT resources for the protection of all members of the University community.
Appropriate and Reasonable Use
Appropriate and responsible use of the University of Houston computing and networking facilities is defined as use that is consistent with the teaching, learning, research and administrative objectives of the University and with the specific objectives of the project or task for which such use was authorized. All uses inconsistent with these objectives are considered to be inappropriate use.
Users of the University of Houston computing and networking facilities accept the following specific responsibilities:
- To safeguard their data, personal information, passwords and authorization codes, and confidential data;
- To take full advantage of file security mechanisms built into the computing systems;
- To choose their passwords wisely and to change them periodically;
- To follow the security policies and procedures, state and federal laws established to control access to and use of administrative data.
- To respect the privacy of other users; for example, not to intentionally seek information on, obtain copies of, or modify files, tapes, or passwords belonging to other users or the University;
- Not to divulge sensitive personal data to which they have access concerning staff or students without explicit authorization to do so.
- To respect the rights of other users; for example, to comply with all University policies regarding sexual, racial, and other forms of harassment.
- To respect the legal protection provided by copyright and licensing of programs and data; for example, not to make copies of a licensed computer program to avoid paying additional license fees or to share with other users.
- To respect the intended usage of resources; for example, to use only the account name and password, funds, transactions, data, and processes assigned by service providers, unit heads, or project directors for the purposes specified, and not to access or use other account names and passwords, funds, transactions, data, or processes unless explicitly authorized to do so by the appropriate authority.
- To respect the intended usage of systems for electronic exchange (such as e-mail, Usenet News, World Wide Web, etc.); for example, not to send forged electronic mail, mail that will intimidate or harass other users, chain messages that can interfere with the efficiency of the system, or promotional mail for profit-making purposes. Also, not to break into another user's electronic mailbox or read someone else's electronic mail without their permission.
- To respect the integrity of the computing and networking facilities; for example, not to intentionally develop or use programs, transactions, data, or processes that harass other users or infiltrate the system or damage or alter the software or data components of a system. Alterations to any system or network software or data component are to be made only under specific instructions from authorized academic staff, unit heads, project directors, or management staff.
- To respect the financial structure of the computing and networking facilities; for example, not to intentionally develop or use any unauthorized mechanisms to alter or avoid charges levied by the University for computing, network, and data processing services.
- To adhere to all general University policies and procedures including, but not limited to, policies on proper use of information resources and computing and networking facilities; the acquisition, use, and disposal of University-owned computer equipment; use of telecommunications equipment; legal use of software; and legal use of administrative data.
- To report any information concerning instances in which the University IT Security Policy or any of its standards and codes of practice has been or is being violated. In general, reports about violations should be directed initially to the administration of the school, area or unit where the violation has occurred whereupon it will be passed on to the Custodian of the system. If it is not clear where to report the problem, it may be sent to the Information Technology Services Unit Help Desk which will redirect the incident to the appropriate person(s) for action or will handle it directly.
Code of Practice for Illegal Activity and Objectionable Material
The following apply to specific activities.
- Illegal activity.
In general, it is inappropriate use to store and/or give access to Information on the University computing and networking facilities that could result in legal action against the University.
- Objectionable material.
The University's computing and networking facilities must not be used for the transmission, obtaining possession, demonstration, advertisement or requesting the transmission of objectionable material knowing it to be objectionable material.
Restricted Software and Hardware.
Users should not knowingly possess, give to another person, install on any of the computing and networking facilities, or run, programs or other Information which could result in the violation of any University policy or the violation of any applicable license or contract. This is directed towards but not limited to software known as viruses, Trojan horses, worms, password breakers, and packet sniffers. Authorization to possess and use Trojan horses, worms, viruses and password breakers for legitimate research or diagnostic purposes can be obtained from the Vice President of the Information Technology.
The unauthorized physical connection of monitoring devices to the computing and networking facilities which could result in the violation of University policy or applicable licenses or contracts is inappropriate use. This includes but is not limited to the attachment of any electronic device to the computing and networking facilities for the purpose of monitoring data, packets, signals or other information. Authorization to possess and use such hardware for legitimate diagnostic purposes must be obtained from the Associate Vice Chancellor of Central Computing and Telecommunications.
Copying and Copyrights
Users of the computing and networking facilities must abide by the University of Houston Copyright Policy, which covers copyright issues pertaining to University faculty, staff and students as well as commissioned works of non-employees. Users should also be aware of The Digital Millennium Copyright Act of 1998 (DMCA), which is a federal statute that limits an online service provider's liability for copyright infringement claims based solely on the online service provider's automated copying, storing and dissemination functions.
Respect for intellectual labor and creativity is essential to academic discourse. This tenet applies to works of all authors and publishers in all media. It includes respect for the right to acknowledgment and right to determine the form, manner, and terms of publication and distribution. If copyright exists, as in most situations, it includes the right to determine whether the work may be reproduced at all. Because electronic information is volatile and easily reproduced or altered, respect for the work and personal expression of others is especially critical in computing and networking environments. Viewing, listening to or using another person's information without authorization is inappropriate use of the facilities. Standards of practice apply even when this information is left unprotected.
University policy prohibits sexual and discriminatory harassment.
The University of Houston's computing and networking facilities are not to be used to libel, slander, or harass any other person.
The following constitute examples of Computer Harassment:
- Intentionally using the computer to annoy, harass, terrify, intimidate, threaten, offend or bother another person by conveying obscene language, pictures, or other materials or threats of bodily harm to the recipient or the recipient's immediate family;
- Intentionally using the computer to contact another person repeatedly with the intent to annoy, harass, or bother, whether or not any actual message is communicated, and/or where no purpose of legitimate communication exists, and where the recipient has expressed a desire for the communication to cease;
- Intentionally using the computer to contact another person repeatedly regarding a matter for which one does not have a legal right to communicate, once the recipient has provided reasonable notice that he or she desires such communication to cease (such as debt collection);
- Intentionally using the computer to disrupt or damage the academic, research, administrative, or related pursuits of another;
Intentionally using the computer to invade the privacy, academic or otherwise, of another or the threatened invasion of the privacy of another.
The display of offensive material in any publicly accessible area is likely to violate University harassment policy.
There are materials available on the Internet and elsewhere that some members of the University community will find offensive. One example is sexually explicit graphics. The University cannot restrict the availability of such material, but it considers its display in a publicly accessible area to be inappropriate. Public display includes, but is not limited to, publicly accessible computer screens and printers.
It is inappropriate use to deliberately perform any act, which will impair the operation of any part of the computing and networking facilities or deny access by legitimate users to any part of them. This includes but is not limited to wasting resources, tampering with components or reducing the operational readiness of the facilities.
The willful wasting of computing and networking facilities resources is inappropriate use. Wastefulness includes but is not limited to passing chain letters, willful generation of large volumes of unnecessary printed output or disk space, willful creation of unnecessary multiple jobs or processes, or willful creation of heavy network traffic. In particular, the practice of willfully using the University's computing and networking facilities for the establishment of frivolous and unnecessary chains of communication connections is an inappropriate waste of resources.
The sending of random mailings ("junk mail") or very large mailings ("spam") is discouraged. It is poor etiquette at best, and harassment at worst, to deliberately send unwanted mail messages to strangers. Recipients who find such junk mail or spam should contact the appropriate local support person.
Limited recreational game playing, that is not part of an authorized and assigned research or instructional activity, is tolerated (within the parameters of each department's rules). University computing and network services are not to be used for extensive or competitive recreational game playing. Recreational game players occupying a seat in a public computing facility must give up that computing position when others who need to use the facility for academic or research purposes are waiting.
In support of its mission, the University provides university computing and network facilities. It is inappropriate to use the computing and networking facilities for:
- Commercial gain or placing a third party in a position of commercial advantage
- Any non-university related activity, including non-university related communications
- Commercial advertising or sponsorship except where such advertising or sponsorship is clearly related to or supports the mission of the University or the service being provided.
This paragraph is not intended to restrict free speech or to restrict the University from setting up Information servers or other services specifically designated for the purpose of fostering an "electronic community" with the wider community the University serves. These designated Information servers should normally conform to the university IT Security Policy of which this Code of Practice is a part.
Use for Personal Business
University computing and network facilities may not be used in connection with compensated outside work nor for the benefit of organizations not related to the University of Houston, except in connection with scholarly pursuits (such as academic publishing activities), in accordance with the University Consulting Policy or in a purely incidental way. This and any other incidental use (such as electronic communications or storing data on single-user machines) must not interfere with other users' access to resources (computer cycles, network bandwidth, disk space, printers, etc.) and must not be excessive.
Additional Guidelines at Local Sites
The University computing and network facilities are composed of many "sites." Each site may have local rules and regulations that govern the use of computing and network facilities at that site. Each site has operators, consultants, and/or supervisors who have been given the responsibility to supervise the use of that site. Each site has an administrator with overall policy responsibility for the site. Users are expected to cooperate with these individuals and comply with University and local site policies. Site policies may be more restrictive than University policy. It is the intention that the University IT Security Policy represents a minimum standard. Local administrators may impose more restrictive policies, which become their responsibility to administer.
Connection to the Campus-Wide Data Network
Most campus buildings are included in the Campus Network. To maintain the integrity of the University computing and network facilities, connections to the campus network are made only by specialized personnel under the direction of the Information Technology Services Unit. Users are encouraged to attach appropriate equipment only at existing user-connection points. All requests for additional Network connections or for the relocation of a connection should be directed to Network Services at the Computing.
Use of Desktop Systems
Users are responsible for the security and integrity of University information stored on their personal desktop system. This responsibility includes making regular disk backups, controlling physical and network access to the machine, and installing and using virus protection software. Users should avoid storing passwords or other information that can be used to gain access to other campus computing resources. Users should not store University passwords or any other confidential data or information on their laptop or home PC or associated floppy disks or CD's. All such information should be secured after any dialup connection to the University network.
Use of External Services
Networks and telecommunications services and administrative systems and services to which the University of Houston maintains connections have established acceptable use standards. It is the user's responsibility to adhere to the standards of such networks. The University cannot and will not extend any protection to users should they violate the policies of an external network.
Users are responsible for the security and privacy of printouts of University information.
Educational information, Personal financial and health information (electronic, paper)
Users must take measures to protect information resources against unauthorized access and destruction. Users are responsible for protecting the integrity and confidentiality of information and must safeguard personal financial information that it collects and/or maintains in electronic and paper form.
Violations and Reporting
Violations of these conditions-such as unauthorized use of another user's account; tampering with other users' files, tapes, or passwords; harassment of other users; unauthorized alteration of computer charges; unauthorized copying or distribution of copyrighted or licensed software or data; Accidental or intentional distribution of sensitive information such as names, ID's, social security numbers, etc.; deliberately wasteful practices; and online behavior that intimidates or offends, -are unethical, violate university policy or are potentially unlawful. Users should report to the facility manager or to the individual in charge of their computing resource information they may have concerning instances in which the above conditions have been or are being violated. Users can also report misuse and abuse of computer resources to IT Security (a department of UH's Information Technology Division) at email@example.com or at 713-743-5161.