Policy #: IT0003
Effective Date: 11/19/08
Last Revision Date: 11/19/08

Policy for Acceptable Use of UCSC Electronic Information Resources
(Acceptable Use Policy)

Vice Chancellor, Information Technology
(Policy IT-0003)

1. Purpose/Introduction/Applicability
2. Detailed Policy Statement
3. Additional Policies and Expectations
4. Violations
5. Policy Authority
6. Getting Help
7. References

I.   PURPOSE / INTRODUCTION / APPLICABILITY

The intent of this policy is to identify appropriate and inappropriate use of UCSC electronic information resources (eIRs).

It is the policy of the University of California to provide electronic information resources (eIRs) to students, faculty and staff to be used in ways that are consistent with the University's mission – instruction, research, and public service – and in activities that support that mission. These resources include computers, terminals, networks, modems, printers, portable electronic devices, telephones (including cell phones), and electronic media.

The University expects that its user community will respect the public trust through which these resources have been provided. Users of campus eIRs are expected to comply with the law, University and campus policies, industry regulations, and contractual obligations that apply to their activities. This applies to all University eIRs as well as to all computers and computing equipment, whether University-owned or not, connected to campus networks or other University eIRs.

Campus units that administer eIRs may establish local guidelines for the appropriate use of their resources in addition to this campuswide policy. Local guidelines must be consistent with campuswide policies and the University of California Electronic Communications Policy (UCECP).

II.   DETAILED POLICY STATEMENT

All users of campus eIRs are expected to comply with applicable laws, University and campus policies, industry regulations, and contractual obligations. These include, but are not limited to, the UCECP and Section 502 of the California Penal Code. The University has determined that the following list, while not exhaustive, characterizes unacceptable behavior which may be subject to loss of access to eIRs, disciplinary action, and additional consequences of civil or criminal prosecution.

1. Use of any University resources in a manner that violates copyrights, patent protections, trademarks, license agreements, contracts that specify conditions of use of intellectual property at UCSC, or otherwise violates intellectual property law[1];


2. Interfering with the normal operation of UCSC eIRs (see endnote [2] for provisions for instructional and research activities). This includes
   • use of University eIRs for purposes or in a manner that could reasonably be expected to disrupt University eIRs,
   • any action that disrupts the availability of a system or resource for others, such as running programs or sending electronic messages that utilize all system resources and prevent others from making productive use of the system,
   • attempts to alter, damage, delete, destroy or otherwise abuse any computer or network resource, including development or use of malicious programs.


3. Accessing or attempt to access eIRs or facilities without proper authorization, or intentionally enabling others to do so. This includes, but is not limited to, disclosing a password or otherwise making a password-protected account available to others; running programs that attempt to calculate or guess passwords, or that are designed and crafted to trick other users into disclosing their passwords; sharing or transferring account privileges to another person; electronic eavesdropping on communications facilities;


4. Use of University eIRs to harass others in a manner that interferes with their rights or in a manner that creates a hostile working or learning environment in violation of University policy, including sexual or other forms of harassment[3];


5. Sending unsolicited commercial or bulk email (spam) or otherwise transmitting inappropriate mass messages. Note: This provision is not intended to limit the use of email or other mass messaging for official University business;


6. Employing a false identity (the name or electronic identification of another), except as allowed under UCECP Section III.D.6, False Identity and Anonymity.

III.   ADDITIONAL POLICIES AND EXPECTATIONS

All users of campus eIRs are expected to comply with the following specific policies and expectations. Violations characterize unacceptable behavior and may result in loss of access to eIRs, disciplinary action, and additional consequences of prosecution under the law.

1. Implying University Representation or Endorsement
   Users shall not state or give the impression[4] that the user is representing, giving opinions, endorsing products or services of a non-University entity, or otherwise making statements on behalf of the University or any unit of the University unless appropriately authorized to do so. Communications that may inaccurately give the impression that the author represents the University must include an explicit disclaimer. Example disclaimers from UC policy include:
   • “The opinions or statements expressed herein are those of the author and do not represent the position of the University of California.”[5]
   • “These statements are my own, not those of the Regents of the University of California.”[6]
   • “References or pointers to non-University entities do not represent endorsement by the Regents of the University of California.”[7]
   • “Links on these pages to commercial web sites do not represent endorsement by the University of California or its affiliates.”[8]


2. Personal Use of UCSC Electronic Information Resources
   University eIRs are to be used for University business purposes. University users may use UCSC eIRs for incidental personal purposes provided that such use complies with all of the provisions of the UCECP and UC Business and Finance Bulletin G-46, and does not:
   • directly or indirectly interfere with the University's operation of eIRs,
   • interfere with the user's employment or other obligations to the University,
   • burden the University with noticeable incremental costs,
   • violate the law or University policy,
   • include use for commercial purposes not under the auspices of the University,
   • include use for personal financial gain except as permitted under applicable academic personnel policies,
   • inappropriately imply University representation or endorsement (see #1, above).

   In general, individuals are discouraged from using UCSC email accounts and web pages for non-University business, and are allowed to access outside accounts incidentally using UCSC eIRs.
   
   Any incidental personal use of University resources may be designated University records subject to disclosure to the University and third parties in accordance with law.



3. Accessibility
   The Americans with Disabilities Act (ADA) mandates that UC Santa Cruz, as an educational institution, make its programs, services, and activities accessible to, and usable by, people with disabilities. When faculty and staff use the Internet, including email and web pages, to provide information, they are required to make that information accessible to those using adaptive technology. Detailed information about making electronic resources accessible can be found in UCSC's Web Policies, the UCSC ADA web site, and at the UCOP Web Accessibility web site.


4. Anonymity
   A user of University eIRs may remain anonymous (the sender's name or electronic identification are hidden), including for the purpose of whistleblowing, except when publishing web pages or engaging in broadcast activities requiring licensing by the Federal Communications Commission (FCC).


5. Off-Campus Network Connections
   The University also expects that all those who choose to use our off-campus network connections will understand and honor the policies of those regional and national network organizations to which the University is a party. The use policies for these networks are available separately from this policy statement at http://www.cenic.org/calren/aup.html.


6. Students using UCSC’s residential networks
   Students using UCSC’s residential networks are expected to read and comply with the Resnet Usage Guidelines and Responsible Use Policy.

V.   VIOLATIONS

Violations of this policy characterize unacceptable behavior and may result in loss of access to eIRs, corrective or disciplinary action in accordance with existing University personnel policies, bargaining agreements, guidelines, and the Code of Student Conduct, and additional consequences of prosecution under the law.

The University of California responds promptly to allegations regarding violations of law and University policy, including those arising from the use of eIRs. Suspected violations of this policy or law may be reported to the ITS Support Center (see Getting Help) or the Whistleblower Officer.

VI.   POLICY AUTHORITY

The campus Information Security Officer on behalf of the Office of the Chancellor and the Office of the Campus Provost and Executive Vice Chancellor (CP/EVC) is the campus authority for UCSC’s Acceptable Use Policy.

This policy amends and supercedes Policies for Use of UCSC Computing Facilities, dated May 26, 1992.

This policy was reviewed and approved by the CP/EVC on November 19, 2008. Next review date is December 2010.

V.   GETTING HELP:

For questions about this policy, contact the ITS Support Center at 459-HELP, help@ucsc.edu, or in person M-F 8AM-5PM, 54 Kerr Hall

VI.   REFERENCES

Federal and State Law:

Americans with Disabilities Act (ADA)
Section 502 of the California Penal Code - deals with tampering, interference, damage, and unauthorized access to computer data and computer systems:

University of California:

UC Electronic Communications Policy (UCECP)
UC Business and Finance Bulletin IS-3, Information Security
UC Digital Copyright Protection
UC Guidance on Fair Use of Copyrighted Materials in Teaching and Research
UC Policy on Sexual Harassment
UC Business and Finance Bulletin G-46, Guidelines for the Purchase and Use of Cellular Phones and Other Portable Electronic Resources
UC Web Accessibility Web Site

UC Santa Cruz:

Digital Millennium Copyright Act at UC Santa Cruz
UCSC Americans with Disabilities Act (ADA) Web Site
UCSC Code of Student Conduct
UCSC Hate/Bias Policy
UCSC Policy on Sexual Assault
UCSC Principles of Community
UCSC Resnet Usage Guidelines and Responsible Use Policy
UCSC Web Policies
UCSC Whistleblower Web Site

--------------------
Endnotes

[1] See UC Digital Copyright Protection, UC Guidance on Fair Use of Copyrighted Materials in Teaching and Research, and Digital Millennium Copyright Act at UC Santa Cruz
[2] Note: This section is intended support University business functions, not to restrict instructional or research activities. In situations where these activities could reasonably be expected to disrupt normal operations, permission of the affected resource owner must be obtained in advance. In the case of campus systems or networks, individuals should coordinate through their ITS Divisional Liaison
[3] Also see UCSC’s Principles of Community, Policy on Sexual Assault, Code of Student Conduct, and Hate/Bias Policy, and the UC Policy on Sexual Harassment
[4] Including by use of the University’s name, insignia, seal, address, or University title of a faculty or staff member
[5] UC Merced Information Technology Resources Acceptable Use Policy
[6] UCECP Attachment 2, Sec II.B.1, Representation
[7] UCECP Attachment 2, Sec II.B.2, Endorsements
[8] UCI Administrative Policies & Procedures, Sec. 800-16: World Wide Web Policy