Information Technology Ethics Policy

Definition

Technological and information resources are defined to include: data; records; software; facilities; equipment; storage media; networks and network services; and electronic voice, video, and multimedia communications.

Policy

University technological and information resources are provided to allow faculty, staff,  and students to pursue the mission of John Carroll University, and are to be used to the extent that they promote that mission either directly in teaching and research or indirectly in supporting the offices and agencies that maintain university operations.

Technological and information resources are to be accessed and utilized in an ethical manner. All users of technological and information resources are expected to observe high moral, legal, and professional standards, and are expected to support the mission, and act in the best interests of John Carroll University.

All users of technological and information resources are responsible for the protection of university assets and for the accuracy, integrity, and confidentiality of the information to which they have access. Resources are not to be abused or employed in such a way as to interfere with, or cause harm or damage to, another person, institution, or company within or outside the John Carroll University community. While the university encourages the exploration of educational and scholarly opportunities through the use of its technological resources, respect for the rights and privacy of others must be observed.

University community members and their guests may not access the files or communications of others without authorization. Those who are authorized to access confidential files must respect the privacy rights of others and use data only for legitimate academic or administrative purposes.

John Carroll University supports accessibility to technological resources and strives to provide state-of-the-art, environmentally sound facilities for all members of the university community. The university acknowledges its responsibility to all faculty, staff, and students to provide a safe and healthful technical environment for work and study.

All members of the university community must comply with the following policies, procedures, and security controls.

Access

Many of the technological and information resources of John Carroll University may be accessed by all members of the university community, and by the public as well.

However, access to some resources is restricted to specific positions or organizational units as determined by the appropriate unit head. Organizational unit heads should determine and authorize the appropriate degree of access for each member of their units, and should provide unit members with adequate orientation and training regarding the ethical use of all technological and information resources.

Individuals should take precautions to prevent unauthorized use of their access codes (passwords). Active sessions should not be left unattended. Access codes may not be shared with others, and their confidentiality is to be strictly maintained. In choosing access codes, individuals should avoid the use of common words, proper names, readily associated nicknames or initials, and any other letter and/or number sequences that might easily be guessed. Individuals will be held accountable for all actions performed under their access codes, including those performed by other individuals as a result of negligence in protecting the codes. Individuals are responsible for monitoring access on their accounts and for changing access codes on a regular basis. If an individual’s access code(s) become compromised, it (they) must be changed immediately.

The following activities are strictly prohibited:

1. Attempts to access, search, or copy technological and information resources without proper authorization; 

2. Use of accounts other than one’s own individual or group account(s);

3. The provision of false or misleading information in order to gain access to technological and information resources;

4. Attempting to compromise internal controls, even for purposes of systems improvement; (such actions require the advance, written approval of the authorized organizational unit head, or must be included among the security evaluation responsibilities of one’s position function).

Suspected activities such as those listed above should be promptly reported to the director of computing systems and services at the Department of Information Services so that timely preventative measures can be taken to safeguard the integrity of data or facilities.

Protecting Confidentiality

Disclosure of confidential information is prohibited, unless disclosure is a normal and authorized requirement of one’s position function. Individuals with access to confidential data must safeguard the accuracy, integrity, and confidentiality of that data by taking appropriate precautions and following appropriate procedures necessary to ensure that no unauthorized disclosure of confidential data occurs. Such precautions and procedures include the secure storage of data backups and the protection of sensitive data with access codes (passwords).

Privacy

For purposes of this policy, privacy is defined as the right of an individual or an organization to create, maintain, send and receive electronic data, software, and communications files that are safe from examination and disclosure by others. John Carroll University recognizes that individuals have a substantial interest in, and reasonable expectation of, privacy. Accordingly, John Carroll University respects the privacy rights of all members of the university community.

The university will not monitor an individual’s private electronic data, software, and communications files as a routine matter. Users should note that some electronic files are copied to backups and stored for indefinite periods in specific locations. In such instances, deletion of an electronic file, such as an e-mail message, will not necessarily delete a previously archived copy of that file.

It is a violation of university policy for any member of the university community to engage in electronic “snooping,” or to employ technological resources for the purpose of “prying into” the affairs of others, i.e., to access or attempt to access electronic files without proper authorization to do so for genuine business purposes of the university.

The university reserves the right to access and to disclose the contents of an individual’s electronic data, software, and communications files, but will do so after obtaining the proper approvals, only when a legitimate need exists and the urgency of the need is sufficiently strong to offset the university’s commitment to honor the individual’s privacy.

Such grounds might include: maintaining system integrity (e.g., tracking viruses and other potentially destructive software agents); protecting system security; investigating indications of impropriety; protecting the university’s property rights; and meeting legal obligations (e.g., subpoenas).

Copyright Issues

Copyright is a form of protection provided by law to authors of “original works of authorship” for intellectual works that are “fixed in any tangible medium of expression,” both published and unpublished (Title 17, United States Code). It is illegal to violate any of the rights provided by the law to the owner of a copyright. John Carroll University respects the ownership of intellectual material governed by copyright laws.

All members of the university community must comply with the copyright laws and the provisions of licensing agreements that apply to: software; printed and electronic materials, including documentation; graphics; photographs; multimedia, including musical works, video productions, sound recordings, and dramatic works; and all other technological resources licensed and/or purchased by the university or accessible over network resources provided by the university. Individual author, publisher, patent holder, and manufacturer agreements should be reviewed for specific stipulations.

All technological and information resources developed by university employees, students, and contractors for use by the university, or as part of their normal employment activities, are considered “works for hire.” As such, the university is considered the “author” and owner of these resources. (For information regarding the ownership of technological resources developed with grant funding, contact the associate academic vice president.)

Integrity and Protection of Technological and Information Resources

Viruses

It is the responsibility of the individual to ensure that any imported or exported executable software code or data is free of destructive codes, such as a “virus.”

Backups

It is the responsibility of the organizational unit head or network administrator to ensure that appropriate procedures and resources are in place to backup data on a regular basis.

Backups are to be stored in a location that is physically secure and that protects the confidentiality of the data. It is the responsibility of the individual user to perform any actions necessary to comply with these procedures.

Physical Security

Individuals are responsible for the physical security of technological and information resources assigned to them. Organizational unit heads must help to ensure appropriate physical security by instituting and enforcing adequate policies and procedures governing entrance locks and/or for the use of the security devices made available by the university for the protection of equipment. Adequate power regulators and surge suppressors should be employed. To avoid loss by fire or theft, backups of important data must not be stored in the same locations as the original sources.

University Property

Technological and information resources that are the property of the university may not be copied, altered, manipulated, transferred, retained for personal use, or removed from campus. (The ownership of technological resources purchased with grant funding is determined by the individual granting agency. For additional information, contact the associate academic vice president.)

Appropriate Personal Use of University Technological Resources

Authorization for the personal use of university technological resources by employees is to be determined on an individual basis by, and at the discretion of, the responsible unit head. The use of university technological resources, including data/voice/video networks, for revenue generating activity that benefits an individual employee is strictly prohibited. Personal telephones and data connections in student residence halls are considered to be part of the private residence. However, use of these and other university technological resources in the residence halls that is deleterious to the general university community, or that consumes excessively disproportionate resources, is prohibited.

Individuals may not attempt to alter any restrictions associated with their access privileges or to attempt to breach internal or external security systems. Individuals may not attempt to impersonate other individuals or to misrepresent themselves in any way when using university technological resources.

Individuals may not use data/voice/video networks for criminal purposes or to compromise the privacy or security of other individuals or organizations. Networks external to the university (e.g., those on the Internet, AOL, etc.) must be used in an ethical, responsible, and courteous manner; members of the JCU community must observe the policies of such entities.

Access or Transmission of Potentially Offensive Material

Material might be accessible via network resources which some individuals may consider to be objectionable or offensive. John Carroll University does not encourage or endorse accessing/transmitting such material except for legitimate academic purposes.

Individuals should exercise caution and good judgment if there is a reasonable expectation that accessed/transmitted material may be considered objectionable by some. The use of university technological resources for creating or sending nuisance, harassing, or obscene materials or messages is prohibited. Individuals should be aware that university technological and information resources can be accessed by minors. Moreover, individuals are prohibited from engaging in any activity using network resources that is proscribed by federal or state law.

Reporting Suspected Violations

Suspected violations of any provisos of this policy are to be reported to the appropriate organizational units or unit heads, which may include the dean of students, the director of judicial affairs, the executive director of Information Services, and the associate academic vice president.

Individuals found, upon due process, to be in violation of any provisos of this policy may be subject to disciplinary action, including the loss of computer/network access privileges, suspension or dismissal from the university, and to criminal prosecution under applicable state and/or federal laws. The university reserves the right to seek restitution for any financial losses sustained by John Carroll University, or by others, as a direct result of violations of this policy.