Information Technology: Acceptable Use

Section I: Access to Information Technology Facilities

  1. Governing Principles
    1. In support of its essential mission to enhance educational, economic and cultural opportunities for the people of West Kentucky, Murray State University offers information technology resources to its students, faculty and staff. These resources contribute to the work of all members of the University community. They advance the scholarly pursuit of knowledge and those administrative functions necessary for the operation of the University.
    2. Users of the University's information technology facilities are required to comply with and be subject to the MSU Information Technology Acceptable Use policy, university policies, federal and state statutes and applicable vendor policies, a list of which can be obtained from the office of the Chief Information Officer. The University reserves the right to amend this document at any time without prior notice.
    3. All information technology users are expected to demonstrate respect for the rights of other users and to promote equitable use by all, enabling necessary access to all.
    4. User access to information technology resources is contingent upon prudent and responsible use.
  1. Authorization and Equity of Access
     

    University information technology resources are provided to faculty, staff, and students for the purposes of study, research, service and other academic and university related activities. Access to information technology resources is granted to an individual by MSU for that individual's sole use in furthering the University’s mission and purpose. Information technology resources must be shared among users in an equitable manner. The user may not participate in any behavior that unreasonably interferes with the equitable use of information technology resources by another.

  1. Acknowledgement of Receipt Authorization

Signature on an account application form, acceptance of a user ID, or online registration denotes that the applicant has read and understands the guidelines available and also denotes acceptance of this Acceptable Use document.

  1. Priority for Access and Resource Allocation

The priority guiding information technology access and resource allocation is teaching and learning. Service, research and administrative priorities will be determined as they support teaching and learning.

Section II: Security of University Information Technology Resources

  1. Protection of Information Technology Resources and Institutional Data

To protect the integrity of the University's information technology facilities and the users thereof against unauthorized or improper use of those facilities, MSU reserves the right, without notice, to temporarily limit or restrict any individual's use and to inspect, copy, remove, or otherwise alter any data, file, or system resource which may undermine the authorized use of any information technology facility.

  1. Investigation and Review of Policy Infractions
    1. University sanctions are imposed by the appropriate university authority and may include, but are not limited to, limitation or revocation of access rights and/or reimbursement to the university for all costs incurred in detecting and proving the violation of these rules, as well as from the violation itself.
    2. Users must use only those information technology resources which the University has authorized for their individual use. The unauthorized use of information technology resources or providing false or misleading information for the purpose of obtaining access to information technology facilities is prohibited and may be regarded as a criminal act and will be treated accordingly. Users may not use university information technology facilities to gain unauthorized access to other institutions, organizations, or individuals.
    3. Failure to comply with one or more of the specific requirements of this policy may jeopardize access to or use of Murray State facilities and services and could result in a review and investigation into the identified violation.
    4. Supervisors of systems and facilities have the authority to immediately terminate any program or access that is suspected to be inappropriate or detrimental to operations.
  2. Control and Licensing of Software
    1. All users are expected to comply with all intellectual property laws including copyright law.
    2. Users may not copy, distribute, display, or disclose third party proprietary software without prior authorization from the licenser. Proprietary software may not be installed on systems not properly licensed for its use. The University does not condone or authorize the copying or possession of illegal software. University students and employees are prohibited from copying software illegally and possessing illegal copies of software, whether for course-related, job-related, or private use. Any violations of this policy is the personal responsibility of the user. The University assumes no liability for such acts.
    3. Any user who suspects or has knowledge of copyright or intellectual property law violations must immediately report this activity to the University Chief Information Officer. Failure to report such activity will be considered a violation of the Information Technology Acceptable Use Policy.
  3. Individual Privacy
    1. Users are authorized to access, use, copy, modify, delete or grant others access to their personal files or data, as specified in this policy. However, users are not authorized to perform any of these functions on another user's account or a university system unless specifically authorized by the account holder, job description, the Chief Information Officer or designee, or the appropriate system administrator.
    2. Users may not monitor another user's data communications.
    3. User privacy is not to be violated. However, user privacy is subject to all university policies. As such, authorized individuals may access and disseminate private information in performance of their official job duties. Unauthorized personal use of a user’s private information is prohibited .
    4. Failure to protect the privacy of others by intentionally or unintentionally permitting access to systems or data is unacceptable. Violations of this requirement include, but are not limited to:
      1. Leaving confidential or protected information on a screen where it could be viewed by unauthorized individuals
      2. Giving a personal password to someone else
      3. Leaving a personal password where it can easily be found
      4. Allowing someone to use a system signed on under a personal password
      5. Knowingly failing to report a personal password that has been used by another person, with or without permission
      6. Leaving a system signed on and accessible while unattended
  4. Confidentiality
    1. The unauthorized release of any personal or confidential information may violate state and federal law and will not be tolerated. Failure to protect confidential information is unacceptable.
      1. Users are responsible for their information technology accounts; they should maintain secure passwords and take precautions against unauthorized access to their information technology resources. Users may be charged with a violation if someone uses their accounts inappropriately.
  5. General Security
    1. General security infractions include, but are not limited to:

 

 

Section III: Copyright and the Use of MSU’s Information Technology Resources

  1. General Copyright Principles
    1. The nature and purpose of copyright in general.
    1. Infringement
    1. Limitations on copyright protections.
      1. Copyright protections are not absolute and there are exceptions to the rights afforded by copyright.
      2. The “fair use” doctrine is one such exception.
        1. The “fair use” doctrine recognizes instances in which use of a copyrighted work in connection with certain activities is considered “fair” and not infringing although such behavior could be infringing in other contexts.
        2. Application of the “fair use” exception entails a fact intensive inquiry and the consideration of various factors.
          1. It cannot be assumed the “fair use” exception automatically applies to a particular situation or that all rights afforded by copyright give way merely because a use occurs, for example, within the context of the classroom.
          2. The United States Copyright Office has stated, “There is no specific number of words, lines, or notes that may safely be taken without permission. Acknowledging the source of the copyrighted material does not substitute for obtaining permission.” “Fair Use,” U. S. Copyright Office Fact Sheet.
      3. The United States Copyright Office has prepared the publication “Reproduction of Copyrighted Works by Educators and Librarians” which is found at http://www.copyright.gov/circs/ and which may be relevant to common situations at MSU.
  2. Application of Copyright Principles to Users of MSU’s Information Technology Resources
    1. Copyright principles apply to materials posted to and downloaded from the internet.
      1. As stated in the “Frequently Asked Questions” found on the website of the United States Copyright Office, “Uploading or downloading works protected by copyright without the authority of the copyright owner is an infringement of the copyright owner's exclusive rights of reproduction and/or distribution. . . . [S]ince any original work of authorship fixed in a tangible medium (including a computer file) is protected by federal copyright law upon creation, in the absence of clear information to the contrary, most works may be assumed to be protected by federal copyright law.”
      2. Users of MSU’s Information Technology Resources must be aware that potential copyright issues exist with respect to materials copied from or posted to the internet.
      3. If posting or downloading information to or from the internet, the MSU website or any webpage, or any other site is required as part of a regular university function or activity, those involved are responsible for ensuring copyright is not violated.
    2. Copyright compliance by users of MSU’s information technology resources
      1. MSU’s Information Technology Resources must be used in accordance with copyright law.  The following policy statements do not limit the breadth of the preceding statement.
        1. It is a violation of this Acceptable Use Policy to use MSU’s information technology resources to place materials protected by copyright on the internet or any other site in violation of the rights of the holder of the copyright.
        2. It is a violation of this Acceptable Use Policy to use any information technology resources to place materials protected by copyright on any MSU webpage or website in violation of the rights of the holder of the copyright.
        3. It is a violation of this Acceptable Use Policy to use MSU’s Information Technology Resources to download or distribute copyrighted materials in violation of the rights of the holder of the copyright.
        4. Peer-to-peer (p2p) file sharing often involves works which are protected by copyright. It is a violation of this Acceptable Use Policy for users of MSU’s Information Technology Resources to download protected music or movies in violation of the rights of the holder of the copyright.
        5. Distribution of copyrighted material in violation of the rights of the holder of any copyright interest, including unauthorized p2p file sharing, may lead to civil and criminal penalties.
        6. Users of MSU’s Information Technology Resources, like the users of other resources, are responsible for determining whether their use of the information technology resources violates copyright and whether materials posted to or copied from the internet or MSU’s website or any MSU webpage are protected by copyright and for complying with the copyright applicable to the work.
          1. It has been held that the rationale “try before you buy” is not a “fair use” which prevents the unauthorized downloading of music from being infringing.
          2. The unauthorized downloading of only a “few” songs is no defense to a claim of copyright infringement

b. Actions by MSU to foster copyright compliance by users of its Information Technology Resources

  1. Penalties for Violation of MSU policy regarding copyright and Information Technology Resources
    1. Penalties under the law for copyright infringement.
      1. Users may be sued for their infringing activities. Acts can be infringing and result in civil penalties even though there is no intent to violate a copyright. Under certain circumstances, the infringer may be responsible for the other party's attorney's fees. Statutory civil damages can be as high as $150,000 for each work infringed if a violation is committed willfully.
      2. Willful copyright infringement can also be a crime.  Even a first time offense can carry a prison term of from 1 to 5 years plus fines depending upon the facts and circumstances.
    2. Institutional penalties.
      1. Procedures are discussed above with respect to notifying MSU of the presence of infringing materials on its website.
      2. The procedure for handling complaints against any individual suspected of violating this policy regarding copyright and the use of MSU’s Information Technology Resources is described in Section V.
      3. Users of MSU Information Technology Resources who engage in activity contrary to this copyright policy, including unauthorized p2p file sharing, will be disciplined.
      4. Complaints against students should be referred to the Vice President for Student Affairs.
        1. Such referral may result in proceedings before the University Judicial Board. 
        2. Sanctions which may be imposed against any student violating this policy include, depending upon the circumstances, referral to alternative services, warning, loss of privileges, probation, restitution, a program of self-improvement and education, recommendation of suspension, and recommendation of expulsion.
      5. Complaints against faculty and staff who violate this policy will be handled in accordance with established university policy or practice.
        1. Penalties assessed against faculty and staff who violate this policy may include written warning, loss of privileges, suspension of employment, and termination of employment depending upon the circumstances. 
        2. Complaints against employees subject to receipt of employee disciplinary reports will be handled in accordance with provisions of the Personnel Policies and Procedures Manual regarding employee discipline. The severity of the violation will be taken into account in assessing any penalty.
        3. Established grievance procedures will be utilized to review any penalty imposed.
        4. Temporary or permanent loss of access to MSU’s information technology resources may occur with a first violation of this policy. In appropriate circumstances, repeat offenders will permanently lose access.
      1. In the event MSU becomes aware of a user’s alleged violation of this policy, it may take advantage of the provisions regarding “Protection of Information Technology Resources and Institutional Data” and “Investigation and Review of Policy Infractions” found in Section II above.
      2. As provided under Section II, under “Control and Licensing of Software,” any user who suspects or has knowledge of copyright violations must immediately report this activity to the University’s Chief Information Officer, whose contact information is found above in Section B.2.b.ii.  Failure to report such activity will be considered a violation of the Information Technology Acceptable Use Policy.
  2. Periodic Policy Review
    1. This policy related to copyright and the use of MSU’s Information Technology Resources will be reviewed periodically in order to assure that it addresses the changing needs and concerns of Murray State University and to remain compliant with law.
    2. The Information Technology Advisory Committee will perform the periodic review stated in the preceding paragraph by applying assessment criteria it deems relevant.

 

Section IV: Ethical Practices

  1. Expectations
    1. All users are expected to conduct themselves in a legal, professional, fair, considerate, and ethical manner. Each individual should use equipment safely, responsibly and only for its intended function. Users should keep all equipment clean and in good operating condition.
  2. Protection and Maintenance of Equipment
    1. Protection and maintenance of equipment includes, but are not limited to:
      1. Having only authorized staff perform installations
      2. Plugging all equipment into an Underwriter's Laboratory approved surge protector or uninterruptible power supply
      3. Locating equipment according to manufacturer’s specifications. Equipment should be protected from extreme heat or cold, excessive humidity, smoke, dust, overloaded circuits, stressed or worn cords, or any other potentially damaging situation
      4. Keeping food and beverages away from equipment
      5. Scheduling routine maintenance
    2. Equipment, software, tools, supplies, etc., are not to be removed from their assigned locations without authorization from the administrator responsible for those items.
    3. Repair or replacement of any item damaged when used for purposes other than those related to university functions or when used without authorization will be at the user's expense. Unpaid debts incurred in this manner will be handled in accordance with the usual Accounting and Financial Services procedures.
  3. Harassing or Abusive Material or Use
    1. University information technology resources may not be used by any person to harass, intimidate, or abuse another person or group in a manner that violates state or federal laws or regulations, or opinions issued by the Kentucky Attorney General.
  4. Commercial Use
    1. University information technology resources may not be used for personal or commercial profit. Individuals may not use information technology resources for any commercial purpose without prior written authorization from the Chief Information Officer, or designee.

Section V: Violations

  1. Procedure for Reporting Violations
    1. Violations should be reported to the faculty/immediate supervisor of the individual, the Chief Information Officer, or the administrator responsible for the system that was breached or misused. The notified party will inform the appropriate university official.  Violations may result in one or more of the following actions:
  2. Procedure for Appeal
    1. Appeals may be filed using existing procedures for staff, faculty, and students. All other appeals will go to the Vice President for Administrative Services for disposition.

Section VI: Administration of Policy

  1. Procedure for Development, Review and Modification of this Policy
    1. The Policy Review Subcommittee of the Information Technology Advisory Committee will be a body comprised of at least four members of the larger committee in addition to the Chief Information Officer. The Policy Review Subcommittee will meet at the call of the Chief Information Officer.
    2. Proposals for new policies and/or modifications to existing policies will be forwarded to the Chief Information Officer. The proposals and comments will be brought before the ITAC Policy Review Subcommittee by the Chief Information Officer.
  1. Communication of Policy
    1. Signature on an account application form, acceptance of a user ID, or online registration denotes that the applicant has read and understands the guidelines available and also denotes acceptance of the Information Technology Acceptable Use Policy.
    2. The policy is available online at http://campus.murraystate.edu/aup/ and in print form in Waterfield Library.
  2. Other Information Technology Policies
    1. Departments with their own information technology labs will adhere to the same general operating guidelines as established by this policy.

 


Glossary of Terms

Technical Terms used in the Technology Policy

PDF file icon Information Technology Acceptable Use Policy (downloadable PDF)
Requires Adobe Acrobat Reader

Get Adobe Reader