The following links contain important background information related to Acceptable Use of Information Technology Resources at IUP:
Information Technology (IT) resources are intended to support the university's instructional, research, and administrative operations. The objective of the Acceptable Use of Information Technology Resources Policy (AUP) is to create a framework to ensure that IT resources are used in an appropriate fashion and support the university's mission and institutional goals. In addition to legal requirements surrounding computing—such as compliance with those regulating copyright—IUP must create additional requirements upon its user community so its computer network and university-owned computer equipment function in an efficient, cost-effective manner in support of the university's mission as well as within requirements of the Pennsylvania State System of Higher Education. The Acceptable Use Policy is intended to address these additional requirements.
I understand that I must abide by the law when using the IUP computer network and university-owned IT equipment. As long as I do this, am I automatically in compliance with IUP's AUP?
No. See the AUP's Responsibilities of Users of IT Resources section for details.
What are considered to be "unacceptable" uses of IUP IT resources in addition to those uses that are illegal?
A variety of activities would violate the AUP. See the AUP's Prohibited Uses of IT Resources section for details.
I am a student who uses the internet for social networking, gaming, and downloading movies and music. Are these considered acceptable?
Yes, to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met).
Specifics can be found in the AUP's Procedures section.
I am interested in learning more about illegal computer activities, such as those related to copyright infringement. Where can I learn more?
There are numerous websites with important information. The following links are just some of these:
- Fraud and Related Activity in Connection with Computers (Cornell University Law School)
- What is illegal under local, state, and federal laws? (Cornell University)
I am a university employee and would like to use the internet for personal use over lunch, during my break time, or during off hours. Is this permissible?
Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Employment restrictions could exist that are outside the scope of the AUP.
Email contents should always be considered "public" because the sender does not know who the receiver will forward the email to. Thus, while IUP does have an Email as an Official Means of Communication Policy, designed to reduce paper and delivery costs, this policy never requires that sensitive and/or confidential information be transmitted via email, and users should be extremely cautious in using this medium for that purpose.
IUP deploys a variety of restrictions in order to protect network integrity for all users. For example, IUP controls wireless bandwidth within the university setting so that non-university traffic does not interfere with IUP wireless users. IUP also prohibits the connecting of devices to the network which could compromise the monitoring of the entire network.
Anyone using an information technology-related resource that is owned and/or operated by the university is considered to be a user of the network. See the Definitions portion of the AUP for more details.
I am a faculty member with a business related to my academic discipline. Is use of the IUP network for my business an acceptable use of the network?
Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Restrictions could exist from other agreements or requirements outside the scope of the AUP.
IUP encourages civic engagement among students and faculty. May students, faculty, and staff use the IUP computing network to engage in civic activities?
Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Restrictions could exist from other agreements or requirements outside the scope of the AUP.
While the university recognizes the role of privacy in institutions of higher learning and will endeavor to honor that ideal, there is no expectation of privacy of information stored on or sent through State System and/or university-owned IT resources, except as required by law.
The user and their actions are at the core of security practices. See the Responsibilities of Users of IT Resources section in the AUP for details.
No explicit action is taken by the university. If, however, the virus subsequently results in activity that in some manner violates the AUP, it is possible IUP may take steps to disable connections to the network by that individual and/or machine until the situation is resolved.
The university is obligated to maintain the integrity of its IT resources, and therefore reserves the right to disable access when the integrity is jeopardized by an individual user's excessive bandwidth usage.
Only extreme situations would typically result in a user having their access disabled due to excessive use, though the university retains the right to adjust these measures as the situation warrants. In a shared user community such as IUP's, a number of factors would determine if the usage was considered excessive for the given situation—such as the demands of other users at the time.
Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Restrictions could exist from other agreements or requirements outside the scope of the AUP. However, members of the IUP community are strongly encouraged to utilize website-centric avenues such as IUP Now to communicate this type of information.
I am an employee who has been assigned a university-owned mobile device. Am I permitted to use this device for personal use?
Yes. However, employees must reimburse the university if notified that the additional personal device usage resulted in the university paying for additional expenses.
The definition of Personally Identifiable Information (PII) given in the IT Acceptable Use Policy is broad. Can you list some specific examples of sensitive information that need to be protected?
Care should be taken when storing all forms of PII; however, Social Security numbers, credit card numbers, debit card numbers, bank account numbers, driver's license numbers, and passport numbers are particularly high-risk items. High-risk PII should only be stored when absolutely necessary, and proper care should be taken when storing and transferring this information.
My network use involves directory images and photographs that could be considered PII. Can I store directory images on the IUP network?
Directory images are not considered high-risk information; however, proper care should be taken when storing all forms of PII. Consider encrypting, or the need for storing, any information that has value if stolen.
The policy affirms that storing PII is acceptable when necessary. How could a user determine when storing PII is "necessary" since the policy does not provide a definition?
Storage of sensitive PII outside of our protected information systems (Banner and SAP) is appropriate when needed to fulfill a current university business need. In these cases, the sensitive PII should be stored encrypted such that only necessary personnel and/or processes have access. All long-term storage of sensitive PII should be in a protected information system.
Additional details related to the PII scanning procedure can be found at PII Scanning.