PG-55 Technology Resource Acceptable Use

SCOPE

This policy applies to all technology resources owned or managed by MSU, resources administered by the Office of Information Technology (OIT), resources administered by individual departments, personally owned computers and electronic devices connected by wire or wireless to the campus network, and off-campus devices that connect remotely to the University's technology systems.

This policy applies to MSU faculty and visiting faculty, staff, students, alumni, guests or agents of the administration, external individuals and organizations accessing the University's technology systems.

ACCEPTABLE USE OF MSU TECHNOLOGY

Users are responsible for informing themselves of policies, regulations, and formal guidance that govern the use of MSU IT resources.

MSU is the owner of all data/information stored on MSU technology systems, including email, voice mail, centralized storage, and desktop computers. The data/information remains subject to all state and federal copyright laws and the University’s intellectual property policy. Any personal information stored on University owned systems is subject to inspection in the same manner as University information.

Prohibited activity with MSU technology resources include:

Using University technology resources to gain unauthorized access to other technology resources (regardless of ownership or location), to engage in illegal activity, or to violate University policies, regulations, or rules.

Damaging or disrupting operation of University technology applications, technology infrastructure, or other technology resources and services.

Granting or providing access to University technology resources to unauthorized persons, even if those persons are members of the University community.

Sharing an MSU user ID and associated password or deliberately leaving a logged in account unattended.

Accessing, modifying, or transferring University data without authorized permission.

Failing to protect sensitive University data from loss or theft. Users have responsibility to take reasonable precautions to safeguard critical and/or sensitive University data on electronic devices.

Using University licensed software for personal or external use without prior written approval by the University and/or licensee.

Installing unlicensed or unauthorized software on University technology resources.

Operating an unauthorized device or service including peer-to-peer hosts, radio frequency broadcast stations, streaming video servers, wireless (WIFI) access points, or other technology resource that may conflict with or impair the University’s technology resources.

Using University technology resources to operate a personal or private business or for commercial purposes unrelated to University business.

Using University technology resources to engage in partisan political activities on behalf of, or in opposition to, a candidate for public office. These prohibitions do not apply to private devices that are attached to the University’s network, provided that technology resources are not used in a way that suggests the University endorses or supports the activity originating on the private device.

Unless such use is for a scholarly purpose or pursuant to a University investigation or request, Users may not use University technology resources to download, store, display, or disseminate pornographic materials including specifically child pornography. Any such use must be reported immediately to the MSU Police Department.

OPERATIONS 

Responsible authorities at all levels shall perform technology management tasks in a manner respectful of individual privacy and promotion of User trust.

The University’s routine operation of its IT resources may result in the creation of log files and other records about usage. This information is necessary to analyze trends, optimize performance, and complete essential administrative task Administrative database managers and data custodians have primary responsibility for ensuring that access to data is restricted to those persons with authorized access.

The University may, without notice to Users, take action in furtherance of University business to maintain the stability, security, and operational effectiveness of its technology resources. Such actions may include, but are not limited to, scanning, sanitizing, or monitoring of stored data, network traffic, usage patterns, and other uses of its information technology, and prevention of unauthorized access to, and unauthorized uses of, its technology networks, systems, and data. 

INSPECTIONS AND DISCLOSURE OF INFORMATION

Access of an individual User’s email or other electronic records shall only be done at the request of the University President, Chief Information Officer, a University Vice President, the University General Counsel, or the Title IX coordinator. The University may be compelled to disclose Users’ electronic records in response to various legal requirements, including subpoenas, court orders, search warrants, discovery requests in litigation, and requests for public records under the Kentucky Open Records Act (KRS 61.870 to KRS 61.884).

The University may access or permit access to the contents of communications or electronically stored information in connection with an investigation by the University or an external legal authority into any violation of law or of any University policy, rule, or regulation. When the investigation process, and/or other legal proceedings, require the preservation of the contents of a User’s electronic records to prevent their destruction, the Chief Information Officer may authorize such an action.

The University may disclose the results of any general or individual monitoring or inspection of any User’s record, account, or device to appropriate University authorities and law enforcement agencies. The University may use these results in disciplinary proceedings. 

ENFORCEMENT

As the use of MSU IT resources is a privilege and not a right, a User’s access to MSU IT resources may be limited, suspended, or terminated if that User violates this Policy or University regulations. Users who violate this Policy, University regulations, and/or laws governing technology, may be subject to disciplinary action and/or other penalties. Disciplinary action shall be handled through the University’s established student and employee disciplinary procedures. Guests and other Users may have access to MSU IT resources suspended or revoked.

The Chief Information Officer may temporarily suspend or deny a User’s access to MSU IT resources when he/she determines that such action is necessary to protect such resources, the University, or other Users from harm. In such cases, the Chief Information Officer will promptly inform other University administrative offices, as appropriate, of that action. Employee violations will be reported to appropriate supervisors, while student violations will be reported to the Dean of Students. In addition to an administrative review of violations, the University may report potential violations of MSU IT resources to law enforcement agencies.