The Guidelines on the Acceptable Use of Information Technology Resources were developed in 1996 by Academic IT Services which later became part of the Division of Information Technology. While accepted as a de facto policy, it was never submitted for policy approval. Much remains the same between the old Guidelines and new Policy; however portions have been modified to reflect changes in technology, network usage, and attitudes towards computer use and security over the past 10 years.
USM policy dictates that institutions must establish an Acceptable Use Policy (AUP).
You may access whatever websites that you wish (as long as they are legal), but that does not mean whenever and wherever you wish. Employees, for example, are not free to surf the Internet at will when they should be performing their jobs. Likewise, the AUP does not condone accessing websites that could potentially create a hostile work or study environment. The policy says that university personnel monitor and access systems and networks.
The people in question are those working in university IT departments who keep the mail systems, file servers, computer and phone networks running as well as the staff who respond to alerts from the security devices installed within the network. During the course of doing their jobs, it is possible that these employees may be exposed to data and network traffic that might be considered personal. A confidentiality agreement Division of IT employees sign annually details their obligations for accessing data and protecting the information. If IT personnel stumbles across evidence suggesting illegal activity, they have an obligation to report their findings to authorities. There are situations in which files, data, and transmissions may be examined. When presented with a valid court order or an appropriate application under the Maryland Public Information Act, IT staff will provide access to requested materials. Access may also be granted to an employee's department for business continuity or investigative purposes. Requests for access are cleared through the Office of Legal Affairs.
IT resources are provided to support the academic, research, instructional, and administrative objectives of the university. These resources are extended for the sole use of university faculty, staff, students, and all other authorized associates to accomplish tasks related to the status of that individual at the university, and consistent with the university's mission. There are two key points in this section. First, that the campus IT resources are not available to the general public. Authorized associates would be those who have been expressly granted access to resources by a member of the campus community who has been authorized to make such offers. For example, if faculty and staff are willing to take responsibility for their visitors, they can issue temporary wireless associate accounts. The second point of the paragraph is that IT resources are made available to members of the campus community for the purpose of enhancing their role here at the university. Personal use of these resources is not explicitly prohibited (and is expected for our university residents), however that use must be in moderation and not conflict with departmental expectations for work performance.
If it is the practice of your department that computers are managed by the individual who uses it, you are authorized to install software and make changes.
No. You can remain anonymous, but you cannot pretend to be someone else without that person's permission (e.g., administrative assistants may send messages on behalf of their employer).
Data protected by federal, state, or USM privacy regulations is considered sensitive. This includes student information protected by FERPA, financial information protected by the Gramm-Leach-Bliley Act, and health care related information protected by HIPAA. Confidential information includes material received under a non-disclosure agreement.
Examples of commercial use include using a university email address in commercial advertising, hosting a website on the university network for a business such as a private consulting practice, or placing compensated advertising on a Web page.
University sanctioned enterprises such as those located in Stamp Union and participants in business incubator programs are excluded from the commercial use prohibition. Incidental commercial use such as selling an item on an Internet auction service is permitted as long as it does not conflict with office rules regarding appropriate use of computers. Professional activities that further the mission of the university such as preparing articles for commercial publication may be permitted as long as such activities are approved by the department.
You cannot use university resources to further the mission of organizations that have no connection to the university or your role at the university. This might include activities such as mass mailings for your (non-university sponsored) religious organization or hosting a website for your neighborhood homeowner's association. There are low cost, and in some cases free, options outside the university that can provide these resources.
Project NEThics℠ is an initiative within the Division of Information Technology's Security and Policy group. It is charged with promoting responsible use of computing resources and coordinating enforcement of the Acceptable Use Policy. Project NEThics℠ can be reached at 301.405.8787 or firstname.lastname@example.org. Questions may also be directed to the Office of Legal Affairs.