Acceptable Use Policy

Scope

This policy covers authorized users who access information technology (IT) resources under the control of the University of Wisconsin (UW) System including but not limited to: currently enrolled students; employees; authorized contractors, vendors, and guests; and other authorized users as determined by UW institutions.

Purpose

The purpose of this policy is to outline the expectations of the Board of Regents regarding the acceptable use of IT resources by authorized users and to establish the parameters for the use of IT resources.

Policy Statement

IT resources are essential tools in accomplishing the UW System’s mission of disseminating and extending knowledge, fostering the free exchange of ideas, and providing effective support for teaching, research, and public service functions. It is the policy of the UW System Board of Regents that access to and use of UW System IT resources is a privilege that extends to authorized users for use in fulfilling the missions of the UW System and UW institutions, and for appropriate university-related activities.

UW System IT resources include all electronic equipment, facilities, technologies, and data used for information processing, transfer, storage, display, printing, and communications by the UW System and/or any UW institution. These include, but are not limited to, computer hardware and software, computer labs, classroom technologies such as computer-based instructional management systems, and computing and electronic communications devices and services, modems, email, networks, telephones, voicemail, facsimile transmissions, video, multi-function printing devices, mobile computer devices, data, multimedia and instructional materials. This definition also includes services that are owned, leased, operated, provided by, or otherwise connected to UW System resources, such as cloud computing or any other connected/hosted service provided.

Acceptable and Unacceptable Uses of Information Technology Resources

Acceptable use of UW System IT resources includes any purpose related to the direct and indirect support of the System’s educational, research, service, student and campus life activities; administrative and business purposes; financial systems; and human resources administration. Authorized users are provided access to IT resources in order to support their studies, instruction, research, duties as employees, official business with the UW System and/or any UW System institution, and other university-sanctioned activities according to their roles and responsibilities.

Authorized users must not engage in unacceptable use of UW System IT resources, which includes but is not limited to the following:

1.  Sharing or transferring authentication details to others, or using another user’s authentication credentials such as network IDs and passwords, or other access codes or circumventing user authentication which could allow unauthorized users to gain access to UW System IT resources, except as required for administrative or business purposes;

2.  Violation of federal, state, or local laws; institutional policies, rules or guidelines; or licensing agreements or contracts;

3.  Harassment of, threats to or defamation of others; creation of a hostile environment; stalking; and/or illegal discrimination;

4.  Widespread dissemination of unauthorized email messages (e.g., mass mailings, spam, email chain letters); or

5.  Intentionally damaging, disrupting, or exposing IT resources or data to unauthorized access or harm.

In addition to the examples stated above, unacceptable use of UW System IT resources for employees, authorized contractors and vendors, also includes the following:

6.  Storage, display, transmission, or intentional or solicited receipt of material that is or may reasonably be regarded as obscene, sexually explicit, or pornographic, except as such access relates to bona fide, university-related academic or research pursuits or as needed to investigate violations of this policy or laws;

7.  Outside employment, commercial activities, or other forms of private financial gain;

8.  Campaigning for public office or soliciting political contributions;

9.  Political lobbying, except for specific employees designated to lobby on behalf of the UW System or one of its institutions;

10.  Wagering or betting, except as it relates to bona fide, university-related academic or research pursuits;

11. More than minimal use for private or personal purposes that interferes with work or job performance or that interferes with the activities of other employees, students, or other authorized users.

Authorized users must not use UW System IT resources to speak on behalf of the UW System or use the UW System trademarks or logos without authorization. Affiliation with the UW System does not, by itself, imply authorization to speak on behalf of the UW System. The UW System is not responsible for the content of documents, exchanges or messages, including links to other information locations on the internet that reflect only the personal ideas, comments, and opinions of individual members of the university community, even when this content is published or otherwise circulated to the public at large by means of UW System IT resources.

Privacy and Security

The UW System shall take reasonable measures to protect the privacy of its IT resources and accounts assigned to authorized users. However, the UW System cannot guarantee absolute security and privacy. Any activity on UW System IT resources may be monitored, logged and reviewed by UW System-approved personnel or may be discovered in legal proceedings or in response to public records requests. Generally, the contents of user accounts will be treated as private and not examined or disclosed except:

• as required for system maintenance or business necessity, including security measures;
• when there exists reason to believe an individual is violating the law or UW System or institutional policy;
• to meet the requirements of the Wisconsin Public Records Law or other laws; regulations; or institutional policies, rules, or guidelines; or
• as permitted by applicable law or policy.

The UW System has the right to employ appropriate security measures, to investigate as needed, and to take necessary actions to protect UW System IT resources. The UW System may also have a duty to provide information relevant to ongoing investigations by law enforcement. UW institutions will work with authorized users to protect their privacy interests, as well as those of the UW System.

Authorized users must not violate the privacy of other users. Technical ability to access unauthorized resources or others’ accounts does not by itself imply authorization to do so, and it is a violation of this policy to access others’ accounts unless authorized to do so for a legitimate business purpose.

Other Limitations on Use of Information Technology Resources

In addition to the general principles set forth in this policy, the use of IT resources may be affected by other laws and policies; included among these are: federal copyright laws and privacy laws related to student records; state statutes related to computer crimes and political activities of state employees; ethical standards of conduct; dismissal for cause; standards and disciplinary processes related to academic and nonacademic misconduct by students; and conduct on university lands.

Failure to Comply with Information Technology Resource Policies

Failure to adhere to the provisions of this policy may result in the suspension or loss of access to UW System IT resources; appropriate disciplinary action as provided under existing procedures applicable to students, faculty, and staff; civil action; or criminal prosecution. To preserve and protect the integrity of UW System IT resources, there may be circumstances where a UW institution may immediately suspend or deny access to the resources.

Oversight, Roles, and Responsibilities

This policy constitutes the UW System’s policy on the acceptable use of IT resources. It applies systemwide and may not be replaced, superseded, or substantially recreated by other systemwide or institutional policies. Institutions may supplement this policy only for specific programs or services after consultation with the UW System Chief Information Officer. In order to assist members of the university community in fulfilling their responsibilities with respect to use of IT resources, each UW System institution shall post this policy on its website.

It is the responsibility of authorized users to comply with this policy.

The chancellor is responsible for implementing this policy and operating the institution’s IT resources consistent with the above-stated provisions.

Related Regent Policies and Applicable Laws

• Family Educational Rights and Privacy Act (FERPA)
• Gramm-Leach-Bliley Act (GLBA)
• Federal Copyright Law
• Chapter 11, Wisconsin State Statutes, Campaign Financing
• Chapter 19, Subchapter II, Wisconsin State Statutes, Public Records and Property
• Section 943.70, Wisconsin State Statutes, Computer crimes.
• Chapter UWS 4 Wisconsin Administrative Code, Procedures for Dismissal
• Chapter UWS 7 Wisconsin Administrative Code, Dismissal of Faculty in Special Cases
• Chapter UWS 8 Wisconsin Administrative Code, Unclassified Staff Code of Ethics
• Chapter UWS 11 Wisconsin Administrative Code, Dismissal of Academic Staff for Cause
• Chapter UWS 14 Wisconsin Administrative Code, Student Academic Disciplinary Procedures
• Chapter UWS 17 Wisconsin Administrative Code, Student Nonacademic Disciplinary Procedures
• Chapter UWS 18 Wisconsin Administrative Code, Conduct on University Lands
• Chapter UWS 21 Wisconsin Administrative Code, Use of University Facilities
• Regent Policy Document 20-22, Code of Ethics
• Regent Policy Document 21-4, Identity Theft Detection, Prevention, and Mitigation
• Regent Policy Document 25-4, Strategic Planning and Large or High-Risk Projects
• Regent Policy Document 25-5, Information Technology: Information Security

The Regent Policy Document 25-3 is located at: https://www.wisconsin.edu/regents/policies/acceptable-use-of-information-technology-resources/

UW-Whitewater Campus Guidelines

Approved: March 27, 2017

Scope

The University of Wisconsin (UW)-Whitewater Network (the "Network") incorporates all electronic communication and computing equipment, along with associated peripherals and infrastructure at locations both on the UW-Whitewater campus, and at off-campus educational and research centers or external service providers. The Network is provided to support the University's mission of education, research, and service as well as to provide support for administrative needs. Any other uses, including uses that jeopardize the integrity of the Network, the privacy or safety of other Users, or that are otherwise illegal are prohibited.

By using or accessing the UW-Whitewater campus network or resources under the control of the UW-Whitewater residing at other locations, you agree to adhere to all local, state and federal laws, and all other applicable University and UW-System policies and guidelines. You are responsible for staying informed about University policies regarding the use of computer and network resources. You are also responsible for complying with all applicable polices. The current UW-Whitewater Network Infrastructure Use Policy, UW-Whitewater Email Policy and other policies dictating access to information resources can be found at http://uww.edu/icit/policies-agreements. The current UW System Information Security Acceptable Use and other policies related to Information Security can be found at https://www.wisconsin.edu/uw-policies/uw-system-administrative-policies/

Appropriate and Reasonable Use Definitions

Appropriate and responsible use of the University of Wisconsin-Whitewater's computing and networking infrastructure, as well as electronic information, is defined as use that is consistent with the teaching, learning, research and administrative objectives of the University. Appropriate use includes: instruction, independent study, research, communications, and official work of UW-Whitewater units, recognized campus organizations, and entities or persons formally associated with the University.

Unacceptable Use

The following activities are NOT acceptable use of the campus network resources:

• Damaging or performing unauthorized removal of networking equipment, software or data
• Tampering with network hardware, wiring, or software
• Disrupting or interfering with the normal operation of network communications, generating excessive network activity, or performing unauthorized monitoring of network traffic
• Willfully introducing computer viruses or other disruptive programs into the University Network, which are intended to damage or create excessive load on network resources
• Intentionally violating or attempting to bypass network security strategies
• Using unauthorized accounts, passwords, IP addresses or other network access information
• Accessing or modifying any software, files, data or other University information for which an individual has not been given authorization
• Using network resources to harass or intimidate others
• Using network resources to impersonate others or to forge another's identity
• Interfering with the computing activities of others
• Setting up network services or equipment without knowledge or involvement of the UW-Whitewater Instructional, Communication and Information Technology (ICIT) department
• Violating state, federal and/or copyright laws
• Not complying with all licenses and contracts relative to Information Technology Systems which are owned, leased, or subscribed to by UW-Whitewater or the UW System
• Using network resources for commercial activity or financial gain which does not conform to UW-Whitewater rules and regulations
• Sharing UW-Whitewater computer account credentials
• Sharing data with others who are not authorized to access the data, or as defined as not allowed by applicable policies, procedures, or contracts

Network Security Requirements

Information security at UW-Whitewater is a shared responsibility of all users. To maintain security users must adhere to the following guidelines:

• Protect your login ID and password. The person to whom an account is assigned will be held accountable for any activity originating from that account
• Do not access data or systems for which you have not been given specific authority
• Take reasonable steps to ensure that your computer, tablet, or mobile device does not create a security risk when connected to the network; that includes keeping operating systems, antivirus and all other software up-to-date
• Report any security violations to the University IT department
• Be aware of all official University communications regarding Network security threats

Access Restrictions

Access to campus network resources may be wholly or partially restricted by the University without prior notice and without the consent of the user when:

• It is required by and consistent with law
• There is reason to believe that violations of policy or law have taken place
• The continued access/use of network resources by an individual significantly affects the integrity, performance, or security of the campus network as a whole
• When there is reason to believe that a device has been infected or compromised by malicious software that jeopardizes the security of the campus network as a whole

The individual will be notified of the reason and duration of the access restriction as soon as possible. Access will be restored when the situation has been resolved. Penalties for violating University of Wisconsin-Whitewater and UW-System policies may include:

• Restricted access or loss of access to the Network
• Disciplinary actions
• Termination and/or expulsion from the University
• Civil and/or criminal liability 

Confidentiality

While all efforts will be made to ensure confidentiality, users should be aware that data (including e-mail) might, due to software or hardware failure, become accessible to those who are not explicitly authorized for that access. No guarantee of complete privacy is made or implied by this policy. The University reserves the right to review and/or monitor any transmissions sent or received through the UW-Whitewater Network. Access may occur in the following circumstances:

• In accordance with generally accepted, network administration practices
• To prevent or investigate any actual or potential information security incidents and/or system misuse, if deemed necessary by authorized personnel
• To investigate reports of violations of local, state, or federal law, and/or University and/or UW-System policy
• To comply with legal requests for information (such as subpoenas and public records requests)
• To retrieve information in emergency circumstances where there is a threat to health, safety, or University property involved
• To secure information, as deemed necessary due to security concerns, reports of misuse, departure or death of user

Policy Acknowledgement 

Any individual or entity that has been provided access to the UW-Whitewater network, email, or equipment, or has access to protected UW-Whitewater resources data must:

• Upon hire and annually thereafter, acknowledge and accept the UW System Acceptable Use Policy and any applicable UW-Whitewater Acceptable Use Policies
• All contractors, consultants and business partners are required to abide by UW System and UW-Whitewater Acceptable Use Policies prior to being given access to university systems and data resources
• Students with access to only their own data will receive notification at least annually of the UW System and any applicable UW-Whitewater Acceptable Use Policies

Access to UW System and UW-Whitewater data and information technology resources may be withheld until the Acceptable Use Policies have been accepted.