|Approved by:||The President|
|History:||Issued -- June 16, 2003|
|Revised -- January 25, 2019|
|Last Reviewed -- January 25, 2019|
|Related Policies:||Copyright Policy; Code of Student Conduct; Information Security and Assurance Policy; University Code of Conduct|
|Additional References:||Computer Account Disposition Procedures; Copyright Guidelines|
|Responsible Official:||Chief Information Officer tel. (202) 319-5373|
I. Policy Statement
The Catholic University of America requires that all users of its Technology Resources do so in a responsible manner in accordance with standards of normal academic and professional ethics, University codes of conduct and policies, and all applicable laws and regulations.
This policy sets forth the University's ownership and monitoring of its Technology Resources, as well as the requirements for obtaining access to, and proper usage of those resources by Authorized Users.
Violations of this policy may result in disciplinary action up to and including separation from the University, and may result in legal action.
A. Authorized Users: Authorized Users are current students, faculty, staff and invited guests of the University.
B. Technology Resources: All computers or devices owned, operated or contracted by the University, including hardware, software, data, communication networks associated with these systems, and all allied services. The systems range from multi-user systems, desktop computers, tablets and phones, whether free standing or connected to networks . University provided email accounts are Technology Resources for the purposes of this policy.
III. University Ownership and Monitoring
A. University Ownership of and Access to Electronic Resources
Technology Resources are the property of the University. The University's ownership of a file, record, data or a message does not transfer ownership to the University of any intellectual property therein. Incidental personal uses are permitted as provided in this policy and are included in the definition of Technology Resources for the purposes of University access and use. Records of electronic communications pertaining to the business of the University are considered Technology Resources.
The Provost or the cognizant Vice President may grant access to the account of an Authorized User to other University employees or designated individuals when specifically authorized in writing, as long as the request includes the following:
- What access/user account is being requested?
- Why is this being requested? and
- Who is going to access this information and for what duration.
The University President, Chief of Staff and Counselor to the President, General Counsel, or Chief Information Officer also may provide written authorization to grant access following the procedure set forth herein.
Refer to the Computer Account Disposition Procedures for obtaining access to e-mail upon separation from the University.
B. University Monitoring
- The University may monitor the activity and accounts of users of Technology Resources, with or without notice, when:
- The user has voluntarily made them accessible to the public, as by posting to a blog or a web page;
- It is necessary to protect the integrity, security, or functionality of University or other computing resources, or to protect the University from liability;
- There is reasonable cause to believe that the user has violated, or is violating, this Technology Use Policy, other applicable University guidelines or policies, or applicable laws or regulations;
- An account appears to be engaged in unusual or excessive activity, as indicated by the monitoring of general activity and usage patterns; or
- It is otherwise required or permitted by law.
Any such monitoring, other than of information made available voluntarily, required by law, or necessary to respond to perceived emergency situations, must be authorized in advance by the Chief Information Officer or their designee.
The University, in its discretion, may also disclose the results of such monitoring, including the contents and records of individual communications, to appropriate University personnel or law enforcement agencies, and may use those results in appropriate University disciplinary proceedings.
Under certain circumstances, the University may access and modify the contents of an email account. In cases concerning the health, safety or welfare of the University community, as determined by senior University officials, the University may authorize accessing or modifying an employee's email account. In cases where personally-identifiable information may have been inappropriately disclosed, University officials may authorize modification of the email accounts of both senders and recipients.
IV. Requirements for Authorized Users
A. Authorized Use of Accounts and Access Required
Only Authorized Users may use University Technology Resources.
Authorized Users of Technology Resources may be assigned one or more accounts with appropriate access restrictions. Individuals may only use Technology Resources to which they have been given access through an established University process.
Individual users may not seek to change the permission associated with otherwise authorized accounts other than through approved processes by Technology Services. Authorized Users should use only those technology resources that they have been authorized to use, and only in the manner and to the extent so authorized. Users are responsible for any and all activity conducted with their login credentials.
B. Interference Prohibited
Users of University Technology Resources shall not cause or attempt to cause, either directly or indirectly, excessive strain on any computing component or significant degradation of other users' ability on any University system, service or network resource.
Users of University Technology Resources shall not post unsolicited electronic mail to lists of individuals who have not requested membership in such list outside of a legitimate business purpose of the University. Nor shall users post obscene, harassing or otherwise inappropriate messages.
The University may take action to protect users from sending and/or receiving certain or all messages if they have a reasonable belief that such messages are the result of, or are causing, unauthorized interference with University Technology Resources or University operations.
C. Protection of Privacy and Information Security
Users of University Technology Resources must respect the privacy of others, and must protect the security, confidentiality, integrity and availability of information entrusted to them per the University's Information Security and Assurance Policy. Users must not inspect, disclose, access, modify, render inaccessible or delete University data unless specifically authorized to do so.
D. Protection of Copyrighted Material and Intellectual Property
Users of University Technology Resources may only use legally-obtained, licensed tools and materials in compliance with all copyright and/or intellectual property laws or regulations, as well as the University's Copyright Policy.
E. Limitation on Use
Technology Resources may be used for limited personal purposes if such personal use does not:
- Directly or indirectly interfere with the University operation of computing facilities;
- Obligate the University in any business transaction or effort for any reason;
- Burden the University with noticeable incremental cost;
- Interfere with the computer user's employment or other obligations to the University; or
- Violate other University policies, or applicable laws or regulations.
F. Use of Resources Provided
All work activities should be accomplished using only University-provided applications (e.g.: University e-mail, file sharing programs, calendaring software, and Cardinal tools). The only exception is for sponsored research projects where the terms of the grant, contract, or award require use of other resources.