Information Technology

Introduction

The Wesleyan Computer Usage Policy’s purpose is to help ensure that all technology use fully respects applicable laws, the rights of the University and its community members. Consequently, the policy augments existing policies and principles (as represented in the Faculty Handbook), prospective students and alumni. This policy augmentation seeks to address the circumstances brought about by the use of technology which may effect underlying institutional policies, principles, and values.

Purpose

The purpose of University systems is to further the research, education, and administrative functions of Wesleyan University. To achieve this purpose, these policies intend:

  • to ensure the integrity, reliability, and good performance of University systems;

  • to ensure that the community of users at Wesleyan operates according to the same conventions and values as the larger

    Wesleyan community;

  • to ensure that University systems are used for their intended purposes; and

  • to establish sanctions and processes for addressing violations.

Definitions

  • University Systems include the computers, terminals, storage media, printer, networks, modems, phone system and related equipment, as well as data files or documents owned, managed, or maintained by Wesleyan University. For example, University systems include institutional, departmental and faculty research systems, and general access computer facilities. Privately owned equipment is not a University system even if it is attached to the Wesleyan network, unless that equipment is managed or maintained by Wesleyan University.

  • A User is any person, whether authorized or not, who makes use of any University system from any location. For example, this definition includes individuals who access University web pages, library facilities, prospective student/employee or research computers.

  • A University User is a user with authorization to access a non-public University system. University users include Wesleyan students, faculty members, staff members, and alumni or alumnae with accounts on University systems. Levels of access and authorization will vary depending on the individual’s role in the University. The University may, at its discretion, grant guest access to members of the Middletown community through the Jewett Center for Community Partnerships (JCCP). This access is available only for the semester in which it has been requested and must be renewed through the JCCP for the next semester. University users always take precedence over community guests. Guests may be asked to vacate a computer if others are not available.

  • A System Stakeholder is a person responsible for the data and use of a system. The system stakeholder may be in a campus office, including human resources, registrar’s office, or research lab.

  • A System Administrator is an individual with the authority to grant access to a particular system. This access is determined by system stakeholders across campus. Together with the system stakeholder, the system administrator is responsible for system security.

Scope

Wesleyan’s Information Technology Policies apply to all University systems and their use. For example, all use of Wesleyan’s network is subject to these policies.

Many University systems (Wesleyan’s websites, le servers, University email services, individual research lab systems, etc.) sometimes have service-specific policies in addition to these institutional policies. Please refer to postings available with each system to identify all applicable policies.

The policies described herein are those that the University intends to use in normal operation of its facilities. This document does not waive any claim that Wesleyan University may have to ownership or control of any hardware, software, or data created on, stored on, or transmitted through University systems.

The use of University systems, even when carried out on a privately owned computer that is not managed or maintained by the University, is governed by this policy.

Use of University Systems

Proper Authorization
Use of non-public University systems is restricted to University users.

Appropriate Use
University systems may be used only for their intended, authorized purposes. For example, privately owned computers may not host sites for non-Wesleyan organizations across the Wesleyan network without specific authorization.

Commercial Use
Without specific authorization, activities using University systems for non-Wesleyan commercial purposes are prohibited. This is not meant to restrict normal communications and exchange of electronic data consistent with the University’s education and research roles that may have a financial benefit for an external organization. For example, it is appropriate to discuss products or services with companies doing business with Wesleyan or to contribute to online forums discussing issues relating to commercial products. Inappropriate use would include activities such as using a Wesleyan-based website to run a personal for-profit business.

Contracts
All use of University systems must be consistent with all contractual obligations of the University, including limitations defined in software and other licensing agreements.

Record Retention
Record retention should follow the guidelines of the General Counsel’s Record Retention Policy, available online.

Privileges for University Users

Limited Confidentiality

  • System Administrators and Stakeholders make all reasonable efforts to maintain the confidentiality of systems and their data. However, limits and risks do apply to confidentiality, due, for example, to technical limitations, software bugs, and system failures. Systems administrators will take reasonable steps to inform University users of limits to confidentiality for their respective University systems. University users are expected to become familiar with those limits and risks of confidentiality in the University systems which they use and to manage their confidential data accordingly.

  • Whenever possible and appropriate, ITS will attempt to notify Users of any unusual access to their data. There are, however, circumstances in which, following carefully prescribed procedures, the University may determine that certain broad concerns outweigh the value of a users’ expectation of privacy and warrant University access to relevant University systems without the prior notification of the University user.

    The following conditions are examples of adequate cause for accessing data residing in the University systems without user notification:

    1. When necessary to identify or diagnose system or security vulnerabilities and problems, or otherwise preserve the integrity of the University systems;

    2. When required by federal, state, or local law;

    3. When the University has been informed that a violation of law or University policy may have taken place and inspection

      or monitoring may produce evidence related to the misconduct;

    4. When required to preserve public health or safety.

Fair Process
University users have the right to fair process in cases of discipline resulting from policy violations. See Enforcement Procedures, below.

Responsibilities for University Users

Personal Account Responsibility
Users are responsible for the security of their University system accounts and passwords. Any user changes of password must follow published guidelines for passwords. Accounts and passwords are normally assigned to single users and are not to be shared with any other person. Users are presumed to be responsible for any activity carried out under their University system accounts.

Unauthorized Use
Users must not permit or assist any unauthorized person to access University systems. Non-public University systems may not be used by any non-Wesleyan organization, for example, without appropriate authorization.

Security
Users must not defeat or attempt to defeat any University system’s security, for example, by “cracking” or guessing user identifications or passwords.

Unauthorized Data Access
Users must not access or attempt to access data on a University system they are not authorized to access. Users must not make or attempt to make any deliberate, unauthorized changes to data on a University system. Users must not intercept or attempt to intercept data communications not intended for that user’s access, for example, by inappropriate network sniffing, monitoring, or wiretapping.

Concealed Identity
Users must not conceal their identity when using University systems, except when anonymous access is explicitly provided. For example, users must not masquerade as or impersonate others.

Denial of Service
Users must not deny or interfere with or attempt to deny or interfere with service to other users by means of “resource hogging,” distribution of computer worms or viruses, etc. Knowing or reckless distribution of unwanted email or other messages is prohibited.

Uses of computer resources that may cause excessive network traffic or computing load are prohibited. For example, a user sending out thousands of emails that included a large attachment would seriously compromise the performance of the email system.

Copyright
Users must observe intellectual property rights including, in particular, copyright laws as they apply to software and electronic forms of information. For example, illegal sharing of copyrighted music or video is prohibited.

External Data Networks
Users must observe all applicable policies of external data networks when using such networks.

Modification of Data or Equipment
Without specific authorization, users of University systems must not cause, permit, or attempt any destruction or modification of data or computing or communications equipment, including but not limited to alteration of data, reconfiguration of control switches or parameters, or changes in rmware. This rule protects data, computing, and communications equipment owned by Wesleyan University, or any other person or entity. “Specific authorization” refers to permission by the systems administrator of the equipment or data to be destroyed or modified.

Mobile Devices
With the proliferation of privately owned mobile devices including laptops, smartphones, and tablets, users need to remove any personal or institutional data before disposal or recycling.

Responsibility for Content
Representatives of Wesleyan University publish institutional information in a variety of electronic forms. Such institutional information will normally be identified by a statement of the certifying authority publishing the information. A certifying authority is that University department or individual who certifies the accuracy of an electronic document and its appropriateness for the conduct of University business. Examples of such data would be a University transcript, admission letter of acceptance, or W-2 tax form.

Users also publish information in electronic forms on Wesleyan equipment and/or over Wesleyan’s networks. Wesleyan has no intention or opportunity to screen such private material and thus cannot assure its accuracy or assume any responsibility for this material. Any electronic publication provided on or over Wesleyan equipment and/or networks which is not identified by a certifying authority is the private speech of an individual user.

Threats and Harassment
Users may not use a University system to threaten or harass any person. Upon request to University authorities, a user must cease sending messages or interfering in any way with another user’s normal use of University systems.

Removal of Equipment of Documents
Without specific authorization by the owner or system administrator, users must not remove any University-owned or -administered equipment or documents from a University system.

Unauthorized Computer Equipment
Without specific authorization by the system administrator, users must not physically or electronically attach any foreign network device including, but not limited to routers, hubs, or wireless access points to the University system.

Violations
Users must not conceal or help to conceal or “cover up” violations by any party.

Users are expected to report any evidence of actual or suspected violation of these policies to the Systems Administrator of the facility most directly involved. In case of doubt, the report should be made to the vice president for information technology.

University Rights

Personal Identification
Users of University Systems must show identification including University affiliation upon request by a system administrator or other University authority.

Access to Data
Users must allow systems administration personnel access to data files on University Systems for the purpose of making backups, diagnosing systems problems, and investigating policy violations.

Oversight Authority
University staff are authorized to investigate alleged or apparent violations of University policy or applicable law involving University Systems using whatever means appropriate.

Enforcement Procedures
Systems administrators are authorized by the University to investigate policy violations and apply temporary reduction or elimination of access privileges while the matter is under review. These temporary sanctions may apply to computing accounts, networks, University-administered computing rooms, and other services or facilities.

When a systems administrator believes it necessary to preserve the integrity of facilities, user services, or data, he or she may suspend any account or limit account privileges, whether or not the account owner (the user) is suspected of any violation. The system administrator will attempt to notify the user of any such action.

When informed of copyright violations by the copyright holders or their representatives, the University will comply with their requests to identify the individuals responsible and stop the illegal activity.

Depending on the role or status of the individual, authorization by the appropriate University office will be sought before any access to electronic data occurs. In the case of students, the vice president for student affairs would be consulted. For faculty, permission would be obtained from the vice president for academic affairs; and for staff, the appropriate University officer would be notified.

A University user accused of a violation will be notified of the charge and will have an opportunity to respond to the University disciplinary body appropriate to the violator’s status, before a final determination of any penalty.

In addition to discipline by Wesleyan University, users may be subject to criminal prosecution, civil liability, or both, for unlawful use of any University systems.

Revised: June 2012.