IT Acceptable Use Policy FAQ

The following links contain important background information related to Acceptable Use of Information Technology Resources at IUP:

What is an "Acceptable Use of Information Technology Resources Policy," and why does IUP need one?
Information Technology (IT) resources are intended to support the university's instructional, research, and administrative operations. The objective of the Acceptable Use of Information Technology Resources Policy (AUP) is to create a framework to ensure that IT resources are used in an appropriate fashion and support the university's mission and institutional goals. In addition to legal requirements surrounding computingsuch as compliance with those regulating copyrightIUP must create additional requirements upon its user community so its computer network and university-owned computer equipment function in an efficient, cost-effective manner in support of the university's mission as well as within requirements of the Pennsylvania State System of Higher Education. The Acceptable Use Policy is intended to address these additional requirements.
I understand that I must abide by the law when using the IUP computer network and university-owned IT equipment. As long as I do this, am I automatically in compliance with IUP's AUP?
No. See the AUP's Responsibilities of Users of IT Resources section for details.
What are considered to be "unacceptable" uses of IUP IT resources in addition to those uses that are illegal?
A variety of activities would violate the AUP. See the AUP's Prohibited Uses of IT Resources section for details.
I am a student that uses the internet for social networking, gaming, and downloading movies and music. Are these considered acceptable?
Yesto the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met).
What happens if I am charged with violating the Acceptable Use Policy?
Specifics can be found in the AUP's Procedures section.
I am interested in learning more about illegal computer activities, such as those related to copyright infringement. Where can I learn more?

There are numerous websites with important information. The following links are just some of these:

I am a university employee and would like to use the internet for personal use over lunch, during my break time, or during off hours. Is this permissible?
Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Employment restrictions could exist that are outside the scope of the AUP.
What is considered to be confidential communication via email?
Email contents should always be considered "public" because the sender does not know who the receiver will forward the email to. Thus, while IUP does have an EMail as an Official Means of Communication Policy, designed to reduce paper and delivery costs, this policy never requires that sensitive and/or confidential information be transmitted via email, and users should be extremely cautious in using this medium for that purpose.
How can I interfere with the normal operation and proper IT function?
IUP deploys a variety of restrictions in order to protect network integrity for all users. For example, IUP controls wireless bandwidth within the university setting so that non-university traffic does not interfere with IUP wireless users. IUP also prohibits the connecting of devices to the network that could compromise the monitoring of the entire network.
How does IUP define a "user" of the IUP computer network?
Anyone using an information technology-related resource that is owned and/or operated by the university is considered to be a user of the network. See the Definitions portion of the AUP for more details.
I am a faculty member with a business related to my academic discipline. Is use of the IUP network for my business an acceptable use of the network?
Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Restrictions could exist from other agreements or requirements outside the scope of the AUP.
IUP encourages civic engagement among students and faculty. May students, faculty, and staff use the IUP computing network to engage in civic activities?
Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Restrictions could exist from other agreements or requirements outside the scope of the AUP.
May the university monitor my use of the IUP computing network?
While the university recognizes the role of privacy in institutions of higher learning and will endeavor to honor that ideal, there is no expectation of privacy of information stored on or sent through State System and/or university-owned IT resources, except as required by law.
Who is responsible for providing security for my internet-connected devices on the IUP network?
The user and their actions are at the core of security practices. See the Responsibilities of Users of IT Resources section in the AUP for details.
What happens to my use of the system if my computer becomes infected with a virus?
No explicit action is taken by the university. If, however, the virus subsequently results in activity that in some manner violates the AUP, it is possible IUP may take steps to disable connections to the network by that individual and/or machine until the situation is resolved.
If a user uses too much of the system, can the user be disconnected from the system?
The university is obligated to maintain the integrity of its IT resources, and therefore reserves the right to disable access when the integrity is jeopardized by an individual user's excessive bandwidth usage.
If so, how would I know when I'm using too much of the system?
Only extreme situations would typically result in a user having their access disabled due to excessive use, though the university retains the right to adjust these measures as the situation warrants. In a shared user community such as IUP's, a number of factors would determine if the usage was considered excessive for the given situationsuch as the demands of other users at the time.
May I use the system to help me find my lost pet or to sell my house?
Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Restrictions could exist from other agreements or requirements outside the scope of the AUP. However, members of the IUP community are strongly encouraged to utilize website-centric avenues such as IUP Daily and/or the Beak to communicate this type of information.
I am an employee who has been assigned a university-owned mobile device. Am I permitted to use this device for personal use?
Yes. However, employees must reimburse the university if notified that the additional personal device usage resulted in the university paying for additional expenses.
The definition of Personally Identifiable Information (PII) given in the IT Acceptable Use Policy is broad. Can you list some specific examples of sensitive information that need to be protected?
Care should be taken when storing all forms of PII; however, Social Security numbers, credit card numbers, debit card numbers, bank account numbers, driver's license numbers, and passport numbers are particularly high-risk items. High-risk PII should only be stored when absolutely necessary, and proper care should be taken when storing and transferring this information
My network use involves directory images and photographs that could be considered PII. Can I store directory images on the IUP network?
Directory images are not considered high-risk information; however, proper care should be taken when storing all forms of PII. Consider encrypting, or the need for storing, any information that has value if stolen
The policy affirms that storing PII is acceptable when necessary. How could a user determine when storing PII is "necessary" since the policy does not provide a definition?
Storage of sensitive PII outside of our protected information systems (Banner and SAP) is appropriate when needed to fulfill a current university business need. In these cases, the sensitive PII should be stored encrypted such that only necessary personnel and/or processes have access. All long-term storage of sensitive PII should be in a protected information system.
What method will be used to identify stored PII?
Additional details related to the PII scanning procedure can be found here: PII Scanning