This policy addresses the use of information technology resources (IT resources) at Indiana University of Pennsylvania (“the university”). IT resources are intended to support the university’s instructional, research, and administrative operations.
This policy applies to all users of IT resources owned or operated by Indiana University of Pennsylvania. Users include students, faculty, staff, contractors, and guest users of computer network resources, equipment, or connecting resources.
The objective of this policy is to create a framework to ensure that IT resources are used in an appropriate fashion, and support the university’s mission and institutional goals.
Use of the university’s IT resources is a privilege and signifies agreement to comply with this policy. Users are expected to act responsibly and follow the university’s policies and any applicable laws related to the use of IT resources. This policy provides regulations to assure IT resources are allocated effectively.
While the university recognizes the role of privacy in an institution of higher learning, and will endeavor to honor that ideal, there should be no expectation of privacy of information stored on or sent through university-owned IT resources, except as required by law. For example, the university may be required to provide information stored in IT resources to someone other than the user as a result of court order, investigatory process, or in response to a request authorized under Pennsylvania’s Right-to-Know statute (65 P.S. §67.101 et seq.). Information stored by the university may also be viewed by technical staff working to resolve technical issues.
For the purposes of the IUP Acceptable Use of IT Resources Policy (AUP), IT resources include the university computer network, all university-owned devices, and all university-provided software systems regardless of what computer network is being used. This is inclusive of all content transmitted over the university computer network by any device regardless of ownership.
The National Institute of Standards and Technology (NIST) defines Personally Identifiable Information (PII) as any information about an individual, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, Social Security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
Violations of this policy will be reported to appropriate levels of administrative oversight, depending on the statutes and policies violated. Suspected violations of federal and state statutes and local ordinances shall be reported to the director of Public Safety (chief of campus police) for official action.
Non-statutory violations of the Acceptable Use Policy, such as “excessive use,” may be reported to the chief information officer, the associate vice president for Human Resources, the Office of Student Conduct, and/or the director of Public Safety (chief of campus police).
A university employee or student who violates this policy risks a range of sanctions imposed by relevant university disciplinary processes, including denial of access to any or all IT resources. He or she also risks referral for prosecution under applicable local, state or federal laws.
The University Senate—via the Library and Educational Services Committee—is responsible for recommending the university’s Acceptable Use Policy. Questions regarding the applicability, violation of the policy, or appropriate access to information should be referred to the chief information officer.
This policy should be published in the following publications:
April 2018 - Added Protect Personally Identifiable Information responsibility per 3/6/2018 Senate approval
April 2017 - Updated language per Senate
April 2014 - Removed ambiguous phrase