Ethics in IT
1 Policy Statement
John Carroll University provides information technology resources to allow faculty, staff, and students to pursue the University‘s educational mission, which includes teaching, learning, service, research and administration. Thus, Information Technology Resources (―IT Resources‖), as defined in this policy, must be used in a manner that furthers the University‘s mission.
Any access or use of information technology resources that conflicts with this Information Technology Resources Policy (―Policy‖ or ―IT Policy‖) or any other University policy is not acceptable and will be considered a violation of this Policy. Additionally, any activity that interferes, interrupts, compromises, or conflicts with the safe and efficient use of IT Resources is considered a violation of this Policy. This Policy shall apply to all Users including, but not limited to, students, employees (faculty and staff), guests, affiliates, vendors and independent contractors. Use of IT Resources, even when carried out on a privately owned computer that is not managed or maintained by the University, is governed by this Policy. This Policy supersedes any existing policies and procedures that are in conflict with the terms of this Policy.
The purpose of this Policy is to ensure an information technology infrastructure that promotes the basic mission and purpose of the University in teaching, learning, service, research and administration, and to ensure compliance with all applicable laws. It also provides notice, to all who use and manage IT Resources, of the University‘s expectations and regulations.
Users are responsible for the protection of University assets and for the accuracy, integrity and confidentiality of the information to which they have access. Users are expected to uphold the standards and principles of the University while using IT Resources. Accordingly, users are prohibited from using any portion of IT Resources to post or transmit any information, Data, text, file, link, software, chat, communication or other content that is harmful, abusive, discriminatory, hostile, combative, threatening, insulting, embarrassing, harassing, intimidating, defamatory, pornographic, obscene, or which negatively affects the University, another User, or any third party. Users who do not respect this Spirit of Use may be held in violation of this IT Policy.
Data. All information that is used by or belongs to the University, or that is processed, stored, posted, maintained, transmitted, copied on, or copied from IT Resources.
Functional Unit(s). The department, office, operating division, program, vendor, entity or defined unit of the University that has been authorized to access or use IT Resources.
IT Resource(s). University information technology resources and services, including but not limited to computing, networking, communications and telecommunication systems, infrastructure, hardware, software, Data, records, Databases, personnel, procedures, physical facilities, and any related materials and services.
User. Any individual who uses, accesses or otherwise employs, locally or remotely, IT Resources, whether individually controlled, shared, stand-alone, or networked, and with or without authorization, is considered a User under this Policy.
Sensitive Data. Data designated as private or confidential by law or by the University. Sensitive Data includes, but is not limited to, employment records, medical records, student records, education records, personal financial records (or other personally identifiable information), research Data, trade secrets, classified government information, proprietary information of the University or any Data that could harm the legitimate financial and reputational interests of the University if unauthorized access is permitted, whether intentionally or unintentionally. Sensitive Data shall not include records that by law must be made available to the general public.
5 Policy Elaboration
Access to some IT Resources is restricted to specific positions or units as determined by the appropriate functional unit head. Functional unit heads should determine and authorize the appropriate degree of access for each member of their units, and should provide unit members with adequate orientation and training regarding the appropriate use of all IT Resources. Using IT Resources outside of the scope of access granted by the University or attempting to exceed restrictions on access is a serious violation of this Policy and may potentially lead to criminal prosecution.
Technical and Content-Based Restrictions. The University reserves the right to impose technical restrictions on the access to its network in ways that may disrupt the ability to utilize certain devices, programs, and protocols. Additionally, the University expressly reserves the right to impose content-based restrictions on the use of its IT Resources. Such restrictions may be necessary to protect the University and its constituents. The University recognizes that academic freedom and the freedom of inquiry are important values that may be hindered by an overzealous restriction of content. Therefore, any content-based restriction scheme imposed on IT Resources will require appropriate Vice President Authorization.
Access Codes - Users must take precautions to prevent unauthorized use of their access codes (passwords). Users will be held accountable for all actions performed under their access codes, including those performed by other individuals as a result of negligence in protecting the codes.
Privacy - Users are obligated to respect the privacy that other Users have in their own systems, Data, and accounts. Thus, it is a violation of this Policy for any User to engage in electronic ―snooping,‖ or to employ IT Resources for the purpose of ―prying into‖ the affairs of others, i.e., to access or attempt to access electronic files, or to install/utilize image/audio recording devices, without proper authorization to do so for genuine business purposes of the University.
Sensitive Data - IT Resources containing Sensitive Data should be restricted based upon a need to know basis and should be guarded against both internal and external breaches. Thus, IT Resources containing Sensitive Data protected under either state or federal law should be controlled and protected in a manner that meets all pertinent legal requirements. Any breaches in the security and confidentiality of Sensitive Data must be reported in conformity with applicable legal and ethical obligations. IT Resources containing Sensitive Data must be collected, protected, accessed and managed consistent with the University‘s Sensitive Data & Security Policy, UP09.002. To the extent there is any uncertainty as to whether any Data constitutes Sensitive Data, it shall be treated as Sensitive Data until a determination is made by the CIO and Functional Unit head, in consultation with the University‘s Office of Legal Affairs.
Violation of Law - Users are responsible for respecting and adhering to University policies and to local, state, and federal laws. Any use of IT Resources in violation of civil or criminal law at the federal, state, or local levels is prohibited. Examples of such use include but are not limited to:
promoting a pyramid scheme; distributing illegal obscenity; receiving, transmitting, or
possessing child pornography; infringing copyrights; exceeding authorized access; and
Making bomb or other threats.
Intellectual Property Rights - The University takes the issue of intellectual property and similar rights seriously. Accordingly, the University requires every User to adhere to a strict policy of respecting intellectual property rights.
Copyright: With respect to copyright infringement, Users should be aware that copyright law governs (among other activities) the copying, display, and use of software and other works in digital form (text, sound, images, and other multimedia). All copyrighted information, such as text and images, retrieved from IT Resources or stored, transmitted or maintained with IT Resources, must be used in conformance with applicable copyright and other laws. Copied material, used legally, must be properly attributed in conformance with applicable legal and professional standards.
Software: Software may not be copied, installed or used on IT Resources except as permitted by the owner of the software and by law. Software subject to licensing must be properly licensed and all license provisions (including installation, use, copying, number of simultaneous Users, terms of the license, etc.) must be strictly followed. All software licensing is administered under the auspices of ITS.
Fair use: The law permits use of copyrighted material without authorization from the copyright holder for some educational purposes (protecting certain classroom practices and ―fair use,‖ for example), but an educational purpose does not automatically mean that the use is permitted without authorization.
Ownership: All IT Resources developed by University employees, students, and contractors for use by the University, or as part of their normal employment activities, are considered ―works for hire‖. As such, the University is considered the ―author‖ and owner of these resources. This Policy does not alter the University‘s position or policy on intellectual property ownership for faculty and research
Reporting Infringement: It is the responsibility of every User to avoid infringing any intellectual property right and to report the infringement of another User if and when it is discovered. Failure to respect such rights, or report infringements, is a violation of this IT Policy and subject to appropriate sanctions.