-
Ownership of Resources
Computer facilities and data owned by the university are to be used solely for university-related activities. All access to centralized computer systems shall be approved through the Computer Center. Access to departmental computer systems shall be approved by the department chairman or authorized representative.
Computerized Institutional Data
All computerized institutional data is considered to be an asset of the university and shall be protected from loss, corruption, misuse, and inappropriate disclosure. Certain computerized institutional data, by law or by university policy, is confidential and may not be released without permission. Users of university computer resources are responsible for the privacy and protection of data over which they have control.
-
Authorized Users
Computer facilities are provided to support the instructional, research, and administrative functions of the university. Students, staff members, and faculty members (including emeritus faculty and members of the Board of Trustees) are permitted, upon proper validation, to use the academic portion of these facilities without charge. The facilities available will be determined by the intended use of the facilities and the resources available at the time. Because of limited resources the university does not provide computer facilities for use by relatives or friends who do not otherwise qualify as users.
-
General Policies
Policy:
Computer users may log in only to their own computer accounts
Rationale:
System managers are more able to make systems run smoothly when they know who is using the system. Users are less likely to interfere with each other if they each have their own account. Unauthorized users can then be identified more readily. On systems that charge for computer resources, one user may be paying for the computer usage of another. Some systems limit the number of simultaneous users of a single account. Private information is available to the legitimate owner of an account.
Exceptions:
Some systems have generic accounts (e.g., guest) that almost anyone is authorized to use.
Policy:
Computer users must ensure that their work does not interfere with others
Rationale:
Students, faculty, and staff depend on reliable and efficient computer systems to do work and schoolwork. Disrupting computer systems causes lost productivity and frustration.
Exceptions:
Nearly everyone, from time to time, unknowingly does something on the computer that has an adverse effect on the network, the hard drive space, or some other shared resource. This is usually quite innocent and unintentional. Users are responsible for educating themselves regarding their computer work, so as to have a minimum of impact on other users. The Computer Center will help with that educational process by making users aware of resource-consuming activities when they are discovered.
Examples:
Exceeding assigned disk quotas Attaching incompatible equipment to the campus network Releasing a virus program Sending harassing messages
Policy:
Computer users may not examine, copy, modify, or delete files belonging to other users without their consent.
Rationale:
Computer users have a reasonable expectation of privacy for their data stored on campus computer systems. Most systems have security protections in place to make it difficult for users to look where they have no permission to look. This policy applies to System Managers as well as regular computer users.
Examples:
Attempting to discover other users' or system passwords. Attempting to read or modify other users’ files without their permission. Attempting to circumvent data protection schemes or uncover security loopholes. Attempting to read or modify another’s E-mail. Attempting to modify system software or configuration files.
Note:
Users who encounter or observe a gap in system security should report it to the Computer Center.
Exceptions:
It is generally considered acceptable for work supervisors to access the work related files in the accounts of their employees when necessary. This is one reason why student employees are encouraged to keep their work files separate from their personal files. Of course, guidelines for these practices will vary between departments.
Policy:
Computer users must not waste computer resources
Rationale:
Wasting computer resources that could be used by others hurts everyone. Good computer citizens will not use more than their fair share of the computer resources.
Examples:
Generating unnecessary printer output. Using unwarranted or excessive amounts of disk storage. Creating unnecessary processes on multi-user systems. Propagating electronic chain letters. Sending frivolous E-mail to large groups. Creating or posting inappropriate messages to news or list groups. Posting messages to multitudinous news groups, creating unnecessary network traffic.
Policy:
Computer users must not use WWU computer facilities to gain unauthorized access to remote networks or systems or violate the use policies of any remote system.
Rationale:
System managers on the Internet depend on each other's cooperation to enforce policies and keep general order. If a Walla Walla University computer user were to use our facilities to disrupt the operation of remote systems, the only recourse for the remote system manager might be to terminate all access from WWU computers. This could cause the disruption of many Internet facilities upon which our users depend. In addition, if government systems were involved, the user might be in violation of United States and/or Washington State Law (refer to the Washington State Criminal Code).
-
Use and Storage of Potentially Dangerous Programs
The introduction of worm or virus programs into the computer systems can be particularly disruptive. Because of this, the existence of such software as well as other software intended to break security is regulated.
Possession of computer software used to discover passwords or otherwise scan for security loopholes may be allowed for legitimate academic purposes, but must be registered with and approved by the Computer Center before it is stored on a university-owned computer system or system connected to a campus network. To protect the integrity of the network, unregistered copies of such software discovered on campus systems will be promptly removed.
-
Privacy Issues
i. Security
The University makes every reasonable effort to ensure the integrity of its various systems. All computer systems available to users offer some form of data protection which can be modified by an authorized user as needed. However, due to a number of technical, legal, and economic reasons, no system will offer absolute security. Thus, users should never place highly sensitive or confidential information on any computer, especially a networked one, without understanding the risks involved. Steps can be taken by users to improve the security of their data through publicly available cryptographic technologies. Users are encouraged to use these techniques when appropriate.
ii. Privacy and Confidentiality of User Data
The following policies are intended to create a balance between users' rights to privacy and the right to a smoothly-functioning computer system, free of disruption.
A. Programs and files stored in users' private directories are considered private unless their owners have explicitly made them available. However, in the case of system problems, violation of federal, state, or local law, or violation of university policy, system managers (as authorized below) may examine user files and system logs in order to gather sufficient information to diagnose and correct system problems or to investigate potential violation of law or university policy. Any examination of this sort must be reported promptly to the Director of Computing.
B. Personal user files -- whether stored on disk or backup tape -- are considered private and will not be scanned or read by computer center staff except as specifically authorized below. If system managers discover private information as an incidental result of performing their duties, they are obligated to keep this information confidential. However, such information, if evidence of legal or policy violations, may be used in legal or disciplinary proceedings.
C. System Operation
System managers are authorized to examine user files or processes only as far as necessary to ensure reliable and secure system operation. If reliable system operation is in jeopardy, system operators are also authorized to kill or suspend user processes, move user files to alternate storage media or delete files that can be easily recovered (for instance, from off the Internet). The users affected will be promptly notified of the actions taken and the reasons why. System Managers will make every reasonable attempt to assist users in recovering work files that were destroyed in the process of attempting to keep the system running properly.
D. Violation of Law
System managers are authorized to take action as required by federal, state, or local law or court order. System managers are authorized to investigate alleged violations of federal or state law and to take action as required to comply with the law.
E. Violation of University Policy
System managers are authorized to examine user files to collect evidence of specific university policy violations only when authorized by the president or an appropriate vice president, provided that reasonable cause exists for such a search. Reasonable efforts must be made to conduct searches in a manner that protects individual privacy.
F. Note that not all data created by users is considered personal. In particular, logs of user activity created automatically by system programs (such as login) are not considered personal or private.
G. Some systems run programs which periodically scan disk volumes looking for problem files such as viruses and large graphical images. The system program will report these potential problems to the System Manager. Private disk volumes not mounted on the network are never scanned.
iii. Being Logged In is Considered Public Information
Most systems have publicly available software that can be used to list the user names of currently logged-in users, and on some systems the last command executed by each user. On some systems, this information is available even from off-campus computers. In short, being logged into a system is considered public information
iv. Disclaimer for Loss of Data
The University disclaims liability for the loss of data or interference with files resulting from its efforts to maintain the operation, privacy, and security of the computer facilities. For additional information regarding procedures in place to protect system and user data, refer to Information Services Backup Policy.
-
Copyright Policies
Illegally copying or storing of copyrighted images, music, or other materials on university computer facilities is expressly prohibited by copyright statute and by the university computer policy. The university reserves the right to search files when it suspects copyright violation, to remove illegally copied material, and in appropriate circumstances to terminate the accounts of users who are repeat offenders. The university will not interfere with standard technical measures used by copyright owners to identify protected copyrighted works.
Many copyrighted programs are made available on campus systems under license agreements with the publishers. These license agreements generally do not allow campus computer users to make copies of these programs. Unless otherwise specified, users are not allowed to make personal copies of software stored on central systems. For additional information refer to Appendix J: Copyright and Intellectual Property Policies.
-
Non-Commercial Use Policy
University computer accounts are to be used for the university-related activities for which they are assigned. University computing resources are not to be used for commercial activities without written authorization from the university administration. In these cases, the university will require payment of appropriate fees.
-
Electronic Mail Policies
Electronic mail, once received, belongs to the recipient. A user's mailbox is treated in the same manner as any other file belonging to that user and is subject to the same privacy protections as regular files. (See Section 2)
The university will not attempt to regulate the content of electronic mail except for cases involving violations of law or other university policies. The university accepts no liability for the content of users’ electronic mail. The university has policies against racism, sexism, and sexual harassment; if necessary, individuals may direct their concerns to the appropriate administrator.
E-mail in departmental accounts (such as alumni@wallawalla.edu) has no expectation of privacy and may be accessed by supervisors or other department employees.
The university does not guarantee the delivery of e-mail, nor can confidentiality be guaranteed during transmission.
All authorized computer users (as defined in Section 2) may have campus e-mail accounts. In addition, e-mail accounts may be opened for prospective students.
Accounts may be terminated on the following conditions:
-
Repeated or flagrant violation of e-mail policy
-
Termination of employment at WWU
-
Graduation or termination of enrollment at WWU
Non-enrolled students planning to return to WWU may request that e-mail accounts remain open until their return.
E-mail sent to terminated accounts will be forwarded for a period of 6 months from the date of termination when a forwarding address is provided to the Information Services department. WWU assumes no responsibility for guaranteeing the delivery of e-mail forwarded from terminated accounts.
E-mail is not archived. Short-term backups are performed to ensure system function, but e-mail backups are kept no longer than 48 hours. Requests to retrieve e-mail messages cannot be honored.