IT Services

IT Services > About Us > Policies > Acceptable IT Use Policy

• IT Home
• IT Accessibility
• About us
  • Service Availability
  • 'At Risk' Times
  • Meet the Team
  • Staff Contact Details
  • Policies
    • Acceptable Use Policy
      • Acceptable Use Policy Procedures
      • Student A.U.P. Breach Form
      • A.U.P. Frequently Asked Questions
      • A.U.P. Case Studies
    • HallNet Acceptable Use Policy
    • Learn Acceptable Use Policy
    • Desktop and Laptop Policy
    • Registration Policy
    • Mass E-mail Policy
    • E-mail Filtering Policy
    • Unwanted E-mail Guidance
    • Best Practice for Online Publications
    • Non-authenticated computers
    • Connection of Networked Servers
    • External IT Policies
    • Related University Policies
  • Projects
  • Service Catalogue
  • Annual Report 2010 - 2011
    • Annual Report 2009 - 2010
    • Annual Report 2008 - 2009
    • Annual Report 2007 - 2008
  • 5-year Plan / Strategy
  • University IT Management
  • IT Users Forum
  • Communications Strategy
• News
• Getting Help

Policies

IT Acceptable Use Policy

Introduction

The University seeks to promote and facilitate the proper and extensive use of Information Technology in the interests of learning and research. Whilst the tradition of academic freedom will be fully respected, this also requires responsible and legal use of the technologies and facilities made available to students and staff of the University.

This Acceptable Use Policy is intended to provide a framework for such use of Loughborough University's IT resources. It applies to all computing, telecommunication, and networking facilities provided by any department or section of the University. It should be interpreted such that it has the widest application, in particular references to IT Services should, where appropriate, be taken to include departmental or other system managers responsible for the provision of an I.T. Service. This policy encompasses new and developing technologies, as well as those that are older and more established.

This Acceptable Use Policy is taken to include the JANET Acceptable Use Policy and the JANET Security Policy published by JANET (UK), the Combined Higher Education Software Team (CHEST) User Obligations, together with its associated Copyright Acknowledgement, and the Eduserv General Terms of Service. Users of commercial broadband services provided, or facilitated by, the University must abide by any specific policies associated with those services. Members of the University and all other users of the University's facilities are bound by the provisions of these policies in addition to this Acceptable Use Policy. They are also bound by such other policies as are published via the University on the IT Services policies web site. It is the responsibility of all users of Loughborough University's IT services to read and understand this policy.

1) Purpose of Use

University I.T. resources are provided primarily to facilitate a person's essential work as an employee or student or other role within the University. HallNet facilities are also intended to help enhance the wider experience of students attending the University, within the more detailed provisions of the HallNet Acceptable Use Policy. No use of any I.T. service should interfere with another person's duties or studies or any other person's use of I.T. systems, nor bring the University into disrepute ¹, in any way.

While using University I.T. facilities in an office, library or laboratory, uses for non-work-related purposes, such as personal electronic mail or recreational use of the World Wide Web including social networking sites, are understood to enhance the overall experience of an employee or student but are not an absolute right. Priority to such University-owned facilities must always be granted to those needing facilities for academic or other essential work.

University e-mail addresses and associated University e-mail systems must be used for all official University business, in order to facilitate auditability and institutional record keeping. All staff and students of the University must regularly read their University e-mail.

Commercial work for outside bodies, using centrally managed services, requires explicit permission from the Director of Information Technology; such use, whether or not authorised, may be liable to charge.

2) Authorisation

In order to use the computing facilities of Loughborough University a person must first be registered. Registration of all members of staff and registered students is carried out automatically. Others must apply to IT Services. Registration to use University services implies, and is conditional upon, acceptance of this Acceptable Use Policy, for which a signature of acceptance may be required on joining the University. The lack of a signature does not exempt an individual from any obligation under this policy.

The registration procedure grants authorisation to use the core IT facilities of the University. Following registration, a username, password and e-mail address will be allocated. Authorisation for other services may be requested by application to IT Services or other providers of Information Technology based services.

All individually allocated usernames, passwords and e-mail addresses are for the exclusive use of the individual to whom they are allocated, as are individually allocated certificates. The user is personally responsible and accountable for all activities carried out under their username. The password associated with a particular personal username must not be divulged to any other person, other than to designated members of IT staff for the purposes of system support. Other facilities are available for situations where staff need to share e-mail. Attempts to access or use any username, e-mail address or certificate, which is not authorised to the user, are prohibited. No one may use, or attempt to use, IT resources allocated to another person, except when explicitly authorised by the provider of those resources.

All users must correctly identify themselves at all times. A user must not masquerade as another, withhold their identity or tamper with audit trails. A user must take all reasonable precautions to protect their resources. In particular, passwords used must adhere to current password policy and practice. Advice on what constitutes a good password may be obtained from IT Services web pages. This advice must be followed: failure to do so may be regarded as a breach of this policy.

3) Privacy

It should be noted that systems staff, who have appropriate privileges, have the ability, which is occasionally required, to access all files, including electronic mail files, stored on any computer which they manage. It is also occasionally necessary to intercept network traffic. In such circumstances appropriately privileged staff will take all reasonable steps to ensure the privacy of service users. The University fully reserves the right to monitor e-mail, telephone and any other electronically-mediated communications, whether stored or in transit, in line with its rights under the Regulation of Investigatory Powers Act (2000). Reasons for such monitoring may include the need to:

• ensure operational effectiveness of services,

• prevent a breach of the law, this policy, or other University policy,

• investigate a suspected breach of the law, this policy, or other University policy,

• monitor standards.

Access to staff files, including electronic mail files, will not normally be given to another member of staff unless authorised by the Director of IT, or nominee, who will use their discretion, in consultation with a senior officer of the University, if appropriate. In such circumstances the Head of Department or Section, or more senior line manager, will be informed, and will normally be consulted prior to action being taken. Such access will normally only be granted in the following circumstances:

• where a breach of the law or a serious breach of this or another University policy is suspected,

• when a documented and lawful request from a law enforcement agency such as the police or security services has been received,

• on request from the relevant Head of Department or Section, where the managers or co-workers of the individual require access to e-mail messages or files, which are records of a University activity, and the individual is unable, e.g. through absence, to provide them.

The University sees student privacy as desirable but not as an absolute right, hence students should not expect to hold or pass information, which they would not wish to be seen by members of staff responsible for their academic work. In addition to when a breach of the law or of this policy is suspected, or when a documented and lawful request from a law enforcement agency such as the police or security services has been received, systems staff are also authorised to release the contents of a student's files, including electronic mail files, when required to by any member of staff who has a direct academic work-based reason for requiring such access.

After a student or member of staff leaves the University, files which are left behind on any computer system owned by the University, including servers, and including electronic mail files, will be considered to be the property of the University. When leaving the University, staff should make arrangements to transfer to colleagues any e-mail or other computer-based information held under their personal account, as this will be closed on their departure.

4) Behaviour

No person shall jeopardise the integrity, performance or reliability of computer equipment, software, data and other stored information. The integrity of the University's computer systems is put at risk if users do not take adequate precautions against malicious software, such as computer virus programs. All users of University IT services must ensure that any computer, for which they have responsibility, and which is attached to the University network, is adequately protected against viruses, through the use of up to date antivirus software (any exceptions to this must be approved explicitly by IT Services -  IT.Services@lboro.ac.uk), and has the latest tested security patches installed. Reasonable care should also be taken to ensure that resource use does not result in a denial of service to others.

Conventional norms of behaviour apply to IT-based media, just as they would apply to more traditional media. Within the University setting, this should also be taken to mean that the tradition of academic freedom will always be respected. The University, as expressed in its Equal Opportunities Policy, is committed to achieving an educational and working environment which provides equality of opportunity, and freedom from discrimination on the grounds of race, religion, sex, class, sexual orientation, age, disability or special need.

Distributing material, which is offensive, obscene or abusive, may be illegal and may also contravene University codes on harassment. Users of University computer systems must make themselves familiar with, and comply with, the University code of conduct on harassment and bullying.

No user shall interfere or attempt to interfere in any way with information belonging to or material prepared by another user. Similarly no user shall make unauthorised copies of information belonging to another user. The same conventions of privacy should apply to electronically held information as to that held on traditional media such as paper.

For specific services the University may provide more detailed guidelines, in addition to the policies provided in this Acceptable Use Policy. In particular, users of the HallNet service must adhere to the detailed advice provided by the Hallnet Acceptable Use Policy.

Those buying IT equipment must adhere to the University's current purchasing policies relating to such purchases. This applies particularly to the purchase of laptop and desktop computers, for which there is a specific policy in place.

Users of services external to the University are expected to abide by any policies, rules and codes of conduct applying to such services. Any breach of such policies, rules and codes of conduct may be regarded as a breach of this Acceptable Use Policy and be dealt with accordingly. This includes social networking sites, blog and wiki services, bookmarking services and any other external services, including those described as Web 2.0 or otherwise. The use of Loughborough University credentials to gain unauthorised access to the facilities of any other organisation is similarly prohibited.

5) Definitions of Acceptable & Unacceptable Usage

Unacceptable use of University computers and network resources may be summarised as:

• the retention or propagation of material that is offensive, obscene or indecent, except in the course of recognised research or teaching that is permitted under UK and international law; propagation will normally be considered to be a much more serious offence;

• intellectual property rights infringement, including copyright, trademark, patent, design and moral rights, including use internal to the University, e.g. on Learn;

• causing annoyance, inconvenience or needless anxiety to others, as specified in the JANET Acceptable Use Policy;

• defamation (genuine scholarly criticism is permitted);

• unsolicited advertising, often referred to as "spamming";

• sending e-mails that purport to come from an individual other than the person actually sending the message using, e.g., a forged address;

• attempts to break into or damage computer systems or data held thereon;

• actions or inactions which intentionally, or unintentionally, aid the distribution of computer viruses or other malicious software;

• attempts to access or actions intended to facilitate access to computers for which the individual is not authorised;

• using the University network for unauthenticated access;

• unauthorised resale of University or JANET services or information.

These restrictions should be taken to mean, for example, that the following activities will normally be considered to be a breach of this policy (potential exceptions should be discussed with IT Services):

• the downloading, uploading, distribution, or storage of music, video, film, or other material, for which you do not hold a valid licence, or other valid permission from the copyright holder;

• the publication on external websites of unauthorised recordings, e.g. of lectures;

• the distribution or storage by any means of pirated software;

• connecting an unauthorised device to the University network, i.e. one that has not been configured to comply with this policy and any other relevant regulations and guidelines relating to security, IT purchasing policy, and acceptable use;

• circumvention of Network Access Control;

• monitoring or interception of network traffic, without permission;

• probing for the security weaknesses of systems by methods such as port-scanning, without permission;

• associating any device to network Access Points, including wireless, for which you are not authorised;

• non-academic activities which generate heavy network traffic, especially those which interfere with others' legitimate use of IT services or which incur financial costs;

• excessive use of resources such as filestore, leading to a denial of service to others, especially when compounded by not responding to requests for action;

• frivolous use of University owned computer laboratories, especially where such activities interfere with others' legitimate use of IT services;

• opening an unsolicited e-mail attachment, especially if not work or study-related;

• the deliberate viewing and/or printing of pornographic images;

• the passing on of electronic chain mail;

• posting of defamatory comments about staff or students on social networking sites;

• the creation of web based content, portraying official University business without express permission or responsibility;

• the use of University business mailing lists for non-academic purposes;

• the use of CDs, DVDs, and other storage devices for copying unlicensed copyright software, music, etc.;

• the copying of other people's web site, or other, material without the express permission of the copyright holder;

• the use of peer-to-peer and related applications within the University. These include, but are not limited to, Ares, BitTorrent, Direct Connect, Morpheus, KaZaA ²;

• Plagiarism, i.e. the intentional use of other people's material without attribution.

Other uses may be unacceptable in certain circumstances. In particular, users of the HallNet should take account of the particular conditions of use applying to that service. It should be noted that HallNet users should not provide any services to others via remote access. The installed machine on each network socket must be a workstation only and not provide any server-based services, including, but not limited to, Web server, FTP server, IRC, Streaming Media server, peer-to-peer facilities, or e-mail services.

It should be noted that individuals may be held responsible for the retention of attachment material that they have received, via e-mail that they have read. Similarly, opening an attachment, received via unsolicited e-mail, especially if clearly unrelated to work or study, which leads to widespread virus infection, may result in disciplinary action being taken.

Acceptable uses may include:

• personal e-mail and recreational use of Internet services, as long as these are in keeping with the framework defined in this policy document and do not interfere with one's duties, studies or the work of others;

• advertising via electronic notice boards, intended for this purpose, or via other University approved mechanisms

However such use must not be regarded as an absolute right and may be withdrawn if abused or if the user is subject to a disciplinary procedure.

6) Legal Constraints

Introduction

Any software and / or hard copy of data or information which is not generated by the user personally and which may become available through the use of University computing or communications resources shall not be copied or used without permission of the University or the copyright owner. In particular, it is up to the user to check the terms and conditions of any licence for the use of the software or information and to abide by them. Software and / or information provided by the University may only be used as part of the user's duties as an employee or student of the University or for educational purposes. The user must abide by all the licensing agreements for software entered into by the University with other parties, noting that the right to use any such software outside the University will cease when an individual leaves the institution. Any software on a privately owned computer that has been licensed under a University agreement must then be removed from it, as well as any University-owned data, such as documents and spreadsheets. When a computer ceases to be owned by the University, all data and software must be removed from it, in accordance with the University's policies and contractual obligations, including the Staff Redundant Computer Equipment Disposal Policy.

In the case of private work and other personal use of computing facilities, the University will not accept any liability for loss, damage, injury or expense that may result.

The user must comply with all relevant legislation and legal precedent, including the provisions of the following Acts of Parliament, or any re-enactment thereof:

• Copyright, Designs and Patents Act 1988;

• Malicious Communications Act 1988;

• Computer Misuse Act 1990;

• Criminal Justice and Public Order Act 1994;

• Trade Marks Act 1994;

• Data Protection Act 1998;

• Human Rights Act 1998;

• Regulation of Investigatory Powers Act 2000;

• Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000;

• Freedom of Information Act 2000;

• Communications Act 2003;

• Criminal Justice and Immigration Act 2008.

See below for a summary of the main points. Copies of these documents are also available through the University Library. Further advice should be obtained through the Director of IT in the first instance.

Copyright, Designs and Patents Act 1988

This Act, together with a number of Statutory Instruments that have amended and extended it, controls copyright law. It makes it an offence to copy all, or a substantial part, which can be a quite small portion, of a copyright work. There are, however, certain limited user permissions, such as fair dealing, which means under certain circumstances permission is not needed to copy small amounts for non-commercial research or private study. The Act also provides for Moral Rights, whereby authors can sue if their name is not included in a work they wrote, or if the work has been amended in such a way as to impugn their reputation. Copyright covers materials in print and electronic form, and includes words, images, sound, moving images, TV broadcasts and many other media.

Malicious Communications Act 1988

Under this Act it is an offence to send an indecent, offensive, or threatening letter, electronic communication or other article to another person. Additionally under the Telecommunications Act 1984 it is a similar offence to send a telephone message, which is indecent, offensive, or threatening.

Computer Misuse Act 1990

This Act makes it an offence

• to erase or amend data or programs without authority;

• to obtain unauthorised access to a computer;

• to "eavesdrop" on a computer;

• to make unauthorised use of computer time or facilities;

• maliciously to corrupt or erase data or programs;

• to deny access to authorised users.

Criminal Justice & Public Order Act 1994

This defines a criminal offence of intentional harassment, which covers all forms of harassment, including sexual. A person is guilty of an offence if, with intent to cause a person harassment, alarm or distress, they:-

• use threatening, abusive or insulting words or behaviour, or disorderly behaviour; or

• display any writing, sign or other visible representation which is threatening, abusive or insulting, thereby causing that or another person harassment, alarm or distress.

Trade Marks Act 1994

This Act provides protection for Registered Trade Marks, which can be any symbol (words or images) or even shapes of objects that are associated with a particular set of goods or services. Anyone who uses a Registered Trade Mark without permission can expose themselves to litigation. This can also arise from the use of a Mark that is confusingly similar to an existing Mark.

Data Protection Act 1998

The University has a comprehensive Data Protection Policy, of which the following statement is the summary.

Loughborough University is committed to a policy of protecting the rights and privacy of individuals (includes students, staff and others) in accordance with the Data Protection Act. The University needs to process certain information about its staff, students and other individuals it has dealings with for administrative purposes (e.g. to recruit and pay staff, to administer programmes of study, to record progress, to agree awards, to collect fees, and to comply with legal obligations to funding bodies and government). To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully.

The policy applies to all staff and students of the University. Any breach of the Data Protection Act 1998 or the University Data Protection Policy is considered to be an offence and in that event, Loughborough University disciplinary procedures will apply. As a matter of good practice, other agencies and individuals working with the University, and who have access to personal information, will be expected to have read and comply with this policy. It is expected that departments / sections who deal with external agencies will take responsibility for ensuring that such agencies sign a contract agreeing to abide by this policy.

Human Rights Act 1998

This act does not set out to deal with any particular mischief or address specifically any discrete subject area within the law. It is a type of "higher law", affecting all other laws. In the context of the University, important human rights to be aware of include:

• the right to a fair trial

• the right to respect for private and family life, home and correspondence

• freedom of thought, conscience and religion

• freedom of expression

• freedom of assembly

• prohibition of discrimination

• the right to education

These rights are not absolute. The University, together with all users of its IT services, is obliged to respect these rights and freedoms, balancing them against those rights, duties and obligations which arise from other relevant legislation.

Regulation of Investigatory Powers Act 2000

The Act states that it is an offence for any person to intentionally and without lawful authority intercept any communication. Monitoring or keeping a record of any form of electronic (including telephone) communications is permitted, in order to:

• Establish the facts;

• Ascertain compliance with regulatory or self-regulatory practices or procedures;

• Demonstrate standards, which are or ought to be achieved by persons using the system;

• Investigate or detect unauthorised use of the communications system;

• Prevent or detect crime or in the interests of national security;

• Ensure the effective operation of the system.

Monitoring but not recording is also permissible in order to:

• Ascertain whether the communication is business or personal;

• Protect or support help line staff.

The University reserves the right to monitor e-mail, telephone, and any other communications in line with its rights under this act. The Lawful Business Practice Regulations allow exceptions to the basic principle of non interception as stated in the RIPA, and allows interception without consent in certain instances.

Freedom of Information Act 2000

The Act, intended to increase openness and transparency, obliges public bodies, including Higher Education Institutions, to disclose a wide range of information, both proactively and in response to requests from the public. The types of information that may be have to be found and released are wide-ranging, for example minutes recorded at a board meeting of the institution or documentation relating to important resolutions passed. Retrieval of such a range of information places a considerable burden on an institution subject to such an information request. In addition to setting a new standard of how such bodies disseminate information relating to internal affairs, the Act sets time limits by which the information requested must be made available, and confers clearly stated rights on the public, regarding such information retrieval. Therefore all staff have a responsibility to know what information they hold and where and how to locate it. The University has adopted a comprehensive publication scheme.

Communications Act 2003

This act makes it illegal to dishonestly obtain electronic communication services, such as e-mail and the World Wide Web.

Criminal Justice and Immigration Act 2008

This act increased the penalties for publishing an obscene article. It also introduced fines for data protection contraventions when organisations 'knew or ought to have known that there was a risk that the contravention would occur, and that such a contravention would be of a kind likely to cause substantial distress or damage, but failed to take reasonable steps to prevent the contravention.'

7) University Discipline

Staff or students who break this Acceptable Use Policy will find themselves subject to the University's disciplinary procedures. In particular, students should familiarise themselves with the University's Ordinance XVII, Conduct and Discipline of Students. The Director of IT, as well as an individual's department or the Chief Operating Officer, may take such disciplinary action. Individuals may also be subject to criminal proceedings. The University reserves its right to take legal action against individuals who cause it to be involved in legal proceedings as a result of their violation of licensing agreements and / or other contraventions of this policy.

8) Policy Supervision and Advice

The responsibility for the supervision of this Acceptable Use Policy is delegated to IT Services. A senior member of IT Services will be designated as the person responsible for the day-to-day management of the policy's enforcement. They will liaise with the Director of IT, the University Librarian, the Security Manager, the Copyright Officer, the Intellectual Property Office, the Chief Operating Officer, and Heads of Department and Sections, as required. Procedural guidelines will be published from time to time as a separate document.

Any suspected breach of this policy should be reported to a member of IT Services staff. The responsible senior member will then take the appropriate action within the University's disciplinary framework, in conjunction with other relevant branches of the University. IT Services staff will also take action when infringements are detected in the course of their normal duties. Actions will include, where relevant, immediate removal from online information systems of material that is believed to infringe the law. The University reserves the right to audit and / or suspend without notice any account pending any enquiry. Where necessary, this will include the interception of electronically mediated communications.

This policy is not exhaustive and inevitably new social and technical developments will lead to further uses, which are not fully covered. In the first instance students should address questions concerning what is acceptable to their supervisor; staff should initially contact their School IT Co-ordinator or Head of Department / Section. Where there is any doubt the matter should be raised with IT Services, whose staff will ensure that all such questions are dealt with at the appropriate level within the University.

7th edition - Approved by IT Committee, October 2010.

Footnotes

1. "Bringing the University into disrepute" is defined by the University, as established via the appropriate channels. This reference to it has formed part of this policy since its original inception. Its interpretation in the context of this policy is dependent upon the agreements currently in operation. The meaning of "bringing the University into disrepute", as applied to staff, is currently (April 2010) the subject of negotiation between the staff unions and University management. The resulting definition will apply to this policy.

2. This section is currently, as at July 2010, under review, and is likely to be updated during the 2010 - 2011 academic year.

Service Catalogue | IT Accessibility | Acceptable Use Policy | About Us
July 2011