Computer Use Regulation Summary and Guidance

North Carolina State University
REG 08.00.02 Computer Use Regulation
Summary and Guidance for Faculty, Staff and Students
Rev. 04/01/2013

 

Table of Contents

Official Policy Disclaimer

This document contains information regarding policies, regulations and rules (PRRs) of North Carolina State University. To the extent of any conflict between the information in this document and the actual policy, regulation or rule, the actual policy, regulation or rule governs. NC State policies, regulations and rules can be found at the Policies, Rules and Regulations web site.

[Back to top]

Overview

The Office of Information Technology (OIT) has summarized the official REG 08.00.02 – Computer Use Regulation in this document to help you interpret and apply it. Recent changes to this policy clarified:

  • How faculty and staff may and may not use university information technology (IT) resources.
  • To what extent the university has permission to review faculty or staff members’ email content and,
  • Who can authorize review of  the content of faculty or staff members’ email.

In addition, the most recent revision of REG 08.00.02 – Computer Use Regulation consolidates the Computer Use Regulation and the now-repealed REG 08.00.08 – Software Licensing Requirements.

REG 08.00.02 – Computer Use Regulation stems largely from the following ideas: 1) Your use of university IT resources must not diminish their value or availability 2) The use of university resources for personal gain is prohibited  3) Your use of university IT resources must both be lawful and abide by university policies, rules and regulations 4) You should use university IT resources to conduct university business and 5) You should have no expectation of privacy when using university IT resources.

[Back to top]

REG 08.00.02 – 1. Introduction

As a member of the NC State University community, you access and use a variety of information technology (IT) assets that belong to NC State University. Whether you are a student, a faculty member, or a staff member, you are expected to understand and abide not only by university IT policies, rules and regulations, but also by state and federal laws that may apply to your use of these assets.

[Back to top]

REG 08.00.02 – 2. General Use of IT Resources and Regulatory Limitations

Your university computing account, also called your login credentials, Unity account, or Unity/Eos account, authorizes you and only you to access, use and store information on campus IT resources. If you or someone else uses your account or other university IT resources improperly, the university can revoke your access indefinitely. Keep in mind that the university, not you, owns your computing account and will govern your account at its discretion. Penalties for misuse may include complete revocation of access privileges.

If there is reason for them to do so, appropriate  university officials may request to examine the entire contents of your university email account, whether messages stored there are work-related or personal: Deans, Vice Chancellors, Vice Provosts, Associate Vice Chancellor for Human Resources, or their delegates. The Vice Chancellor for Information Technology and General Counsel must approve requests for email discovery from these individuals. University officials’ reasons for examining your university email account include: a) to make sure university IT resources are secure and functioning properly b) to make sure the university is in compliance with state and federal law, and with university policies, rules and regulations c) to allow the University Internal Auditor access to information necessary to conduct an audit d) to allow the university to collect evidence in the context of a lawsuit, and e) to make sure that people in the NC State community are healthy and safe.

[Back to top]

Guidance for Faculty & Staff

Examples of Acceptable Use

  • If your department’s special guest needs a Unity computing account, have Human Resources enter that individual in the HR system as a “no-pay” employee with job code Z968, triggering automatic computing account creation. Review REG 08.00.02 – Computer Use Regulation and POL 08.00.01 – Computer Use Policy with your guest and make sure s/he understand and abides by them.
  • If you are a supervisor:
    • Ask that your employees share access to their electronic information, such as their Google Docs/Drive or files stored in the department’s network file share, with you. Share access to university data, not your individual university credentials.
    • Include in your department’s separation procedures a requirement that when an employee gives notice of his/her separation, s/he must share files, documents and email with his/her supervisor prior to his/her separation.
  • Include only professional, university contact details in your university email signature.
  • Use your university email account exclusively for university business, research and study related activities. Though REG 08.00.02 – Computer Use Regulation does not require you to do so, this best practice will save you the trouble of separating university business email from personal email in the event of a public records request.
  • Use your university email account to register with websites, forums, or social media that support the university’s educational mission, such as professional organizations or societies, journals or peer review groups.

Examples of Unacceptable Use

  • Write down your Unity ID and password for your administrative assistant so that s/he may log in to the computer in your office while you are traveling.
  • Use your university email account to register with websites, forums, or social media that do not support the university’s educational mission.
  • Store documents related to your child’s adoption in your department’s network drive.

[Back to top]

Guidance for Students

Examples of Acceptable Use

  • Log in to a computer in a Unity lab to work on your class assignment, and when you are finished working, log out of the computer so that the next user of that computer has to log in as him or herself.

Examples of Unacceptable Use

  • Let your girlfriend, who is visiting you for the weekend, use your Unity ID and password to log in to the computer next to yours in the computer lab.
  • Fail to log out of a computer in a computer lab, so that the next user of that computer will be using your access.

[Back to top]

REG 08.00.02 – 3. Personal Use of IT Resources

In general, if you satisfy the conditions in Section 3 of REG 08.00.02 – Computer Use Regulation, you may use university IT resources for personal use, as long as you use them judiciously and without any expectation of privacy. If you use university servers to publish your own Web page(s) or collection(s) of electronic material, you are required to include this disclaimer: “The material located at this site is not endorsed, sponsored, or provided by or on behalf of North Carolina State University.”

Guidance for Faculty & Staff

Examples of Acceptable Use

  • Read a blog about interior design using your office computer while you eat lunch at your desk.
  • Check WRAL’s website from your office computer to see if your child’s school has been cancelled because of snow.
  • Using personally-purchased print quotas to print personal documents.

Examples of Unacceptable Use

  • Spend an entire workday e-shopping for the holidays from your work computer.
  • Print copies of your child’s scrapbook pages on university printers.  Not only is this unacceptable, but it would impact the availability of the printer for a colleague.

[Back to top]

Guidance for Students

Examples of Acceptable Use

  • Play XBox Live with your friends in your residence hall.
  • Stream Netflix to your iPad over the campus wireless network.

Examples of Unacceptable Use

  • Illegally stream pirated full-length feature films.
  • Set up or use any peer-to-peer  torrent server for the purpose of sharing music without copyright permission.

[Back to top]

REG 08.00.02 – 4. Use of IT Resources for Commercial, Advertising, and Broadcast Purposes

  • You may not use university IT resources for commercial gain.
  • Neither official university websites nor personal websites hosted on university-owned IT resources may contain paid advertising. However, they may contain acknowledgement of sponsorship and, with the sponsor’s written permission, include the sponsor’s logo.
  • You may not use university IT resources to send mass or “broadcast” email messages without approval from university administrators.

[Back to top]
Guidance for Faculty & Staff

Examples of Acceptable Use

  • Create a website for your research project funded by a grant from IBM. With written permission from IBM, include a graphic of IBM’s logo to complement your acknowledgement of IBM’s support of your research.
  • Host your ad-supported news website somewhere other than university Web servers.
  • Use the officially sponsored logo from Twitter to promote your Twitter feed on your website.
  • Contact university administration and follow procedures when you need to send a broadcast email to everyone in the university community.
  • Use the NC State University “brick” logo on your department’s website, according to brand specifications.

Examples of Unacceptable Use

  • Create your own email distribution list that includes large swaths of the university community.
  • Download an icon you like from the Web and using it to promote the Twitter feed on your department’s website, thus violating Twitter’s trademark policy.
  • In a post that welcomes students to your  Moodle course, include a link to your Amazon storefront so that your students can buy the book you wrote and are selling on Amazon. You would receive money from the Amazon sale. Thus you would be using university IT resources for personal gain, which is unlawful. It would be acceptable to send students to Wolfpack Outfitters to buy your book.
  • Use Google Sites to create a website that your daughter uses to sell her Girl Scout cookies online.
  • Use a digital image editing tool, such as Adobe Photoshop, to make changes to a digital image of the NC State Chancellor’s Seal (also known as the Official Seal), then publish the modified image of the seal on your department’s web page.

[Back to top]
Guidance for Students

Examples of Acceptable Use

  • Host your ad-revenue-supported Web radio station somewhere other than on campus IT resources.
  • Ask your student-organized event’s sponsor for written permission to publish the sponsor’s logo on your student organization’s website to promote the event.

Examples of Unacceptable Use

  • Use your student organization’s email address to send a mass email to all NC State students.
  • Sell your garage band’s CDs and merchandise on a Google Site.

[Back to top]

REG 08.00.02 – 5. Violations of Policies, Regulations or Rules

There are serious consequences for university community members who violate REG 08.00.02 – Computer Use Regulation:

  • For students, violations constitute “misconduct” under POL 11.35.01 – Code of Student Conduct.
  • For EHRA or EHRA non-faculty personnel, violations are subject to disciplinary action according to EHRA Discipline.
  • For SHRA personnel, violations are considered “unacceptable personal conduct” and subject to disciplinary action according to SHRA Discipline.

If you violate state or federal law, you may also face criminal or civil prosecution. If they think you may have violated REG 08.00.02 – Computer Use Regulation and need time to investigate and identify the actual violator, authorized university system administrators may suspend your ability to log in or your ability to access a particular computer for as long as is necessary to protect university IT resources and ensure that they are functioning normally, or to make sure that no harm will come to people as a result of the violation. After they’ve suspended your account, university system administrators (or their administrative delegates) must notify you of the suspension and give you a chance to meet with system administrators and provide information as to why they should lift your suspension. The system administrator may reconsider his or her decision to suspend your computer access based upon the information you provide during the meeting. After you’ve met, the system administrator is required to notify you of his or her decision. If you’re not satisfied with the decision, you may appeal to the system administrator’s direct supervisor for reconsideration.

[Back to top]

REG 08.00.02 – 6. Application of Public Records Law

If you are a university employee, or if you are a student who is also an employee of the university: If you have created, manipulated or stored work-related electronic information, including both documents and email, the electronic information is public record and subject to public records law.

If in the course of your work for a university department you receive a public record request relating to a potential legal action against the university, contact General Counsel before you take any action.

If a university official needs access to informational content related to university business, your status as a university employee obligates you to help him or her gain access to the information he or she needs.

Guidance for Faculty, Staff and Students who are also university employees

Examples of Acceptable Use

  • Keep copies of all work-related email messages that have lasting or archival value beyond the retention period of the university’s central email archive system.
  • If using your personal email for work-related use, keep copies of the email messages in accordance with REG 01.25.12 – University Record Retention and Disposition Regulation.
  • Contact General Counsel if you receive notice of a public records request.
  • To aid investigators in the event of a discovery request: Keep personal information in a folder marked “personal.” Please note that this does not protect this information in all instances, but it does help expedite the discovery process and allows the university to better respect your personal privacy.
  • Store personal information that you wish to keep private somewhere other than university IT resources.

Examples of Unacceptable Use

  • If you receive notice of a public records request, respond to it yourself without first notifying General Counsel.
  • If a university official asks to see information stored in a network fileshare, withhold the password (or worse, delete the information from the fileshare.)

[Back to top]

REG 08.00.02 – 7. Software Licensing Requirements and Procedures

If you are a faculty or staff member, or if you are a student who is also an employee of the university: If your department buys software, retain the proof that you bought licensed copies. If you buy software from OIT Security & Compliance, an inter-departmental transfer (IDT) is sufficient proof of license.

Guidance for Faculty & Staff

Examples of Acceptable Use

  • If you buy software for your department, keep copies of the proof of license, such as installation media, license key code, or inter-departmental transfer (IDT) from OIT Security & Compliance Software Licensing.

Examples of Unacceptable Use

  • Dispose of the installation media after you have installed the software.
  • Use software licensed for personal use only, such as Secunia PSI, for university business purposes.
  • Install and use unlicensed software on university computing resources.

[Back to top]
Guidance for Students

Examples of Acceptable Use

  • If in the course of your work as a department’s employee, you unpack software installation media that your department has purchased, make sure to give the proof of license to the appropriate administrator in your department.

Examples of Unacceptable Use

  • Dispose of the installation media after you have installed the software.
  • Use software licensed for personal use only, such as Secunia PSI, for university business purposes.
  • Install and use unlicensed software on university IT resources.

[Back to top]

REG 08.00.02 – 8. Additional Rules

University departments may adopt their own additional context-specific rules concerning the use of IT resources, as long as they comply with state and federal laws and with the policies and regulations of both NC State University and the University of North Carolina. Departments are required to publish these rules openly, either electronically or on paper, and to file them with General Counsel and the Vice Chancellor for Information Technology.

Guidance for Faculty & Staff

Examples of Acceptable Use

  • Adopt a rule that specifies how your department will handle the management of iPads in your working context. File copies of the rule with General Counsel and the Vice Chancellor for Information Technology.

Examples of Unacceptable Use

[Back to top]
Guidance for Students
Implementation of Section 8 only applies to faculty and staff, because departments will set the kinds of rules to which Section 8 refers. Departments’ additional rules may apply to students. Departments should help students who are also university employees understand and apply any additional computing use rules in the context of their work for a department.

[Back to top]

References – Related Information Technology Policies

Other NC State University information technology policies and regulations relate to REG 08.00.02 – Computer Use Regulation, and you are also expected to review, absorb, and abide by them:

REG 01.25.02 – Copyright Infringement – Policy Statement
When you copy, download, or upload files from the Internet, keep in mind that even innocent, unintentional infringements are violations of federal law. Infringements are subject to university notification and individual prosecution by the copyright holder.

REG 08.00.10 – Anti-Virus Software Requirements
You must install and enable approved anti-virus software on any computer that you connect to either wired or wireless networks on campus. The Anti-Virus Software Requirements apply whether you are using a university- or personally-owned computer. You may download approved anti-virus software for free.

REG 01.25.12 – University Record Retention and Disposition Regulation explains how North Carolina state law dictates your legal responsibilities with regard to retaining and disposing of all university data that an individual creates, owns, or accesses, including email.
[Back to top]