Within the limits of facilities, resources, and personnel, the university shall establish, through Regents' Policy, University Regulation, and MAU rules and procedures, a framework for access to, and the responsible use of, university information resources. The president may promulgate regulations to implement this chapter.

(02-18-00)

A.   Information Resources

Information resources include the systems and networks owned, leased, or operated by the university, as well as the software and data resident on the systems and networks.

B.   User

A user is an individual (including but not limited to students, faculty, staff and affiliates) who accesses, transmits or stores data on information resources.

C.   The terms "Information Resources Personnel" and "Director of Information Resources" will be defined in University Regulation.

(02-18-00)

Information resources shall be managed in a manner that will:

A.   respect First Amendment rights and privacy, including academic freedom;

B.   reasonably protect against misrepresentation, tampering, destruction, liability and/or theft of intellectual efforts;

C.   maintain the integrity of university information resources;

D.   allocate finite resources based on prioritized needs; and

E.   protect the confidentiality of sensitive data collected under research grants and contracts with outside agencies.

(02-18-00)

Access to information resources shall be provided to university faculty, staff, students, and affiliates to further the university's mission of instruction, research and public service. Access to information resources shall be granted based on relevant factors, including legal and contractual obligations, privacy, the requester's need to know, information sensitivity, and risk of damage to or loss by the university.

(02-18-00)

Users:

A. by virtue of their use of information resources agree to comply with this policy and regulations promulgated pursuant thereto;

B. shall obtain proper authorization to use information resources;

C. shall use information resources in a responsible manner, which includes respecting the rights of other users, the integrity of the controls and physical facilities, and compliance with license or contractual agreements, Regents' Policy, University Regulation, and local, state, and federal law; and,

D. shall avoid disruption or threat to the viability of information resources and similar resources to which they are connected.

(02-18-00)

A.   Protection

The university shall establish procedures designed to protect information resources from inappropriate disclosure, misrepresentation, unauthorized access, alteration, or destruction, whether such is deliberate or unintentional. The university does not, however, undertake responsibility for protecting individuals against the existence or receipt of material that may be offensive to them or harmful to equipment, software or data.

The university shall establish procedures for securing its information resources against unauthorized access or abuse to a reasonable and economically feasible degree.

B.   Enforcement

1.   Violations of the standards for user conduct:

a.   may subject employees to disciplinary action including termination;

b.   may subject students to disciplinary action including expulsion according to the Student Code of Conduct procedures; and

c.   may also subject violators to criminal prosecution.

All users should be aware that violations of copyright laws may also subject them and/or the university to substantial legal liabilities. Information Resources Personnel may implement measures, including temporary revocation of access and other protective action, to protect against disruption or damage to the university's information resources or alleged or perceived violations of copyright laws or other liabilities.

2.   Only to the extent that there is a need to know in order to protect the privacy of data and communications, address a malfunction, maintain the secure and efficient operation of the system or avoid potential legal liability relating to the operation of the Information Resources system, Information Resources Personnel at the university may access the content of electronic communications and copy and examine any files or other information resident on or processed through Information Resources.

3.   IR personnel shall maintain confidentiality of files and information (other than evidence of conduct threatening the security of information resources) that are accessed pursuant to subsection B.2 to the extent practicable. If, however, the Director of Information Resources or the person fulfilling that function, in consultation with University General Counsel, concludes that files or information resident on or processed through university systems suggest the reasonable possibility of a violation of state or federal statute or regulation, Regents' Policy, or University Regulation, such files and information may, subject to subsection B.5 below, be disclosed to university personnel or law enforcement authorities without a search warrant.

4.   Information Resources Personnel shall comply with all federal and state statutes and regulations that limit access to, or establish prerequisites to accessing or disclosing, files and information (including that pertaining to confidential or proprietary research) resident on or processed through Information Resources.

5.   Subject to the above qualifications, users may have a reasonable expectation of privacy in personal information unrelated to employment contained on information resources or in files devoted primarily to the user. University personnel, other than Information Resources Personnel, may not access or monitor information for which a user has a reasonable expectation of privacy that is residing on or transiting through the Information Resources system without a reasonable basis for suspecting that evidence of misconduct will be found.

6.   IR personnel may not access the content of electronic communications or copy or examine any files or other information resident on or processed through Information Resources except as authorized by subsection B.2 or upon a valid request made in accordance with Regents Policy or University Regulation, or as required by state or federal law.

(02-18-00)

An MAU may establish rules and procedures to define conditions and enforcement mechanisms for use of information resources under its control. MAU statements must be consistent with this policy and any implementing regulation and published in a manner reasonably designed to make these conditions known to users.

The university reserves the sole right to limit, restrict or extend access to its information resources.

(02-18-00)

Nothing in this chapter or implementing regulation is intended to create, extend or support any cause of action or other claim for damages against the university or its employees acting within the scope of their employment.

(02-18-00)