Use of Computer and Network Systems
Introduction
The University of Regina makes computer and network Systems available to its employees and students to facilitate study, research, education, intellectual pursuits, administration and other job related activities. In addition, the University permits use of the Systems for limited personal use so long as such personal use is in keeping with this policy, will not compromise the business of the University, will not increase the University’s costs, will not expose the University to additional risk, will not damage the University’s reputation, and is not part of a commercial activity that the user does for personal profit.
The effectiveness, integrity and reliability of this infrastructure depends on users acting responsibly, respecting and adhering to the rules governing access and use of the Systems, and respecting the rights of others to access and use the Systems without interference.
In using the Systems, users agree to comply with this policy.
This policy governs the use of Systems owned and operated by the University, including those purchased through research funds administered by the University or acquired by the University through a contractual agreement. It covers all University-owned computing facilities and services regardless of location or access site (on campus or off campus). The policy has been developed in the context of, and is designed to complement:
- existing University policies and regulations, particularly those governing use of University property and services, privacy, security, disciplinary aspects, respectful workplace compliance, copyright and intellectual property; and
- collective agreements.
Policy
Integrity and Privacy
In order to preserve the integrity of the Systems against unauthorized or improper use, and authorized users from the effects of unauthorized or improper use, Information Services, on behalf of the University, reserves the right to suspend, restrict or deny any user's access and to inspect, remove or otherwise isolate any file, Data or system resources that may undermine the authorized use of these Systems.
The use of the Systems may be monitored. Work being performed by Systems administrators may involve the need to access or examine Data. This work includes activities such as:
- examining Systems logs for errors
- diagnosing service problems
- capacity planning
- service enhancement planning
- network monitoring
- resolving undeliverable mail
- virus and spam filtering
- fixing resource constraints
- investigating violations of this policy, other policies, regulations or laws
Systems administrators will respect the privacy of users and handle the Data in an appropriate manner.
A user’s expectation of privacy is subject to the University’s right to access the Data as described above. The University also reserves the right to access Data, including Data deleted by the account holder but that may not yet have been deleted centrally, when it is determined to be a business need. This need may relate to access in the absence of an employee, a request under The Local Authority Freedom of Information and Protection of Privacy Act (153 KB) , investigation of allegations of misconduct, or managing actual or potential criminal or civil litigation in which the University is, or may, become a party. Wherever practical, users will be notified promptly when their Data has been accessed.
Although the University endeavours to preserve the security of Data, security could be breached through actions and means beyond the University’s reasonable control. Users are accountable for the activities performed under their logon id and in their accounts and are responsible to safeguard passwords and Data. While the University strives to maintain the privacy of Data that may be personal in nature, the University does not guarantee its confidentiality.
Proper/Responsible Use and Authorized Use
The viability of the scholarly and administrative processes making use of local, national and international information resources depends upon the trust users place in one another to use such resources ethically and responsibly. Proper and responsible conduct in the use of the Systems requires strict adherence to the laws and policies that govern intellectual freedom, use of intellectual property, harassment, confidentiality, privacy and misuse or misappropriation of resources. Users:
- must be authorized users of the Systems
- may not share their accounts except under special circumstances as determined by local faculty or departmental policies endorsed by Information Services
- are responsible for all use of their accounts
- are required to take reasonable measures to prevent unauthorized use of the computing resources made available to them
- are to use their accounts only for authorized uses and not for any unauthorized uses, as defined by the University in this policy
- must not access, alter, copy, or remove another's files, Information Resources, or Data, without permission of the authorized user
- must not copy or install any copyrighted software using the Systems unless proper licensing has been obtained, and must, on request of the University, be able to produce the proper licensing for review
- must not deprive or interfere with other authorized users' use of the Systems
- must abide by the rules prescribed for the use of other networks and information resources outside the University's control to which users have authorized access
- must engage in ethical behaviors in the use of the Systems reflecting:
- academic honesty and integrity;
- acceptable language of discourse;
- restraint in the consumption of shared resources by refraining from monopolizing or overloading the Systems with excessive Data or activity, degrading services or wasting any related resources;
- respect for intellectual property and ownership of Data; and
- respect for the individual rights of others to privacy.
The foregoing is not intended as an exhaustive list of permissions and prohibitions governing use of the Systems. Sections 342.1, 430 and other parts of the Criminal Code, as well as parts of the Canadian Charter of Rights and Freedoms, are also pertinent. Departments or faculties may define further conditions relevant to the use of the Systems and information resources within their jurisdiction.
Unauthorized Uses
Unauthorized uses of the Systems include, but are not limited to:
- obtaining or using another’s passwords without their knowledge and consent
- unauthorized attempts to collect, use or disclose personal information
- accessing or intercepting Data or confidential, copyright protected or patent-protected material of another person, without the knowledge and consent of such person
- making unauthorized attempts to gain access to an account or computer resource not belonging to the user, or otherwise gaining unauthorized access to, altering, or destroying any information of another person by any means or device
- uploading, posting, publishing, defacing, modifying, transmitting, reproducing, or distributing in any way, information, software or other material which is protected by copyright, or other proprietary right, or related derivative works, without obtaining permission of the copyright owner or rights holder, or otherwise complying with applicable laws
- developing or using an unauthorized mechanism to avoid charges levied by the University for computing services
- attempting to disable or impede the normal functions of the Systems, or engaging in any activity that might be harmful to the Systems or to Data stored thereon
- making copies of another’s files without their knowledge and consent
- stealing, vandalizing or obstructing the use of all or any part of the Systems
- copying applications, network or system software products which are on University owned Systems without University authorization
- attempting to circumvent security facilities on the Systems or failing to keep security on University owned equipment current
- using software obtained illegally or not properly licensed for the Systems
- invading another person's privacy
- unlawful activity (federal, provincial or local), including the acquisition and distribution of unlawful materials
- directly or indirectly restricting, inhibiting or otherwise interfering with the ability of another to access or use the Systems or the Internet, including without limitation by posting or transmitting information or software which contains a virus, lock, key, bomb, worm, trojan horse or other harmful or debilitating feature
- misusing electronic mail and communications networks by engaging in activities such as spamming or mail-bombing
- aiding or abetting unauthorized use of the Systems
- engaging in an activity that violates University policy, or code, or any federal, provincial or local regulation
- using the Systems for purposes that are not authorized by the University, including promotion of commercial, political or religious views, consulting or similar activities for personal profit
Rights of Information Services Staff with Respect to the Systems Security
Information Services is authorized to take fiscally reasonable measures to ensure the integrity and availability of the University's information resources and Systems.
Users’ privacy rights must at times be compromised by the need for Information Services to gather information necessary to ensure the continued functioning of Systems and the proper and authorized use of Systems.
At any time, Information Services has the right to suspend an account, or restrict access to the Systems, immediately without prior notification to the user if there is reason to suspect that a law or a University policy has been, or is being violated, or that continued access poses a threat to the Systems, other users, or the reputation of the University.Consequences for Noncompliance
When users fail to use the Systems in a professional and responsible manner, with ethical behavior, and in compliance with law, their access privileges may be forfeited and other penalties applied.
Anyone found to have violated this policy may be subject to discipline up to and including dismissal or expulsion for students, termination of employment or any other action in accordance with University policies and collective agreements for employees, and anyone including students and employees may be subject to legal action that could result in criminal or civil proceedings. In cases of financial loss to the University, restitution may be sought. Where the violation is believed to be of a criminal nature, the matter will be referred to the appropriate University authority for follow up with the appropriate legal authorities.
Processes
Notwithstanding anything to the contrary stated elsewhere in this policy and without prior authorization or notice if Information Services deems a serious threat exists to the availability, integrity, security or ongoing function of the Systems Information Services may undertake such necessary actions as are deemed necessary in the opinion of Information Services to protect the availability, integrity, security, and or ongoing function of the Systems.
To determine if a user is acting in violation of this policy, Information Services must have sufficient reason to conduct an investigation and must obtain authorization from two of the following senior administrators, (President, Vice-President, Dean, Associate Vice-President, University Secretary, University Librarian, or Director of Security and Operations) in order to do so. Sufficient reason would include, but not be limited to: the reasonable possibility of loss of access to, or function of, the University’s information resources; reasonable suspicion of criminal misconduct; reasonable suspicion of abuse of the conditions of use; or reasonable suspicion of the breach of University policy.
The following procedures will be followed when a user's account has been suspended for suspected violation of this policy:
- A violation will be documented and, as soon as possible, the suspected violator will be notified of the suspension by a Director of Information Services.
- The Associate Vice-President (Information Services) will be notified of the reason for the suspension, the name of the user(s) involved, and the name of the user's department.
- The Director of Information Services will notify the appropriate authority within the suspended individual's department.
- The Director of Information Services will notify the appropriate University Authorities to conduct a complete investigation. The investigation and reporting will then follow that University Authority’s procedures.
- The suspension will not be lifted until direction is received by the Director of Information Services on recommendation from the appropriate University Authority and until the Director is satisfied security of the Systems is not in jeopardy.