Computer Use Regulation

REG 08.00.2

Information Technology

Print-friendly version

Authority: Issued by the Chancellor. Changes or exceptions to administrative regulations issued by the Chancellor may only be made by the Chancellor.

History: First Issued: January 8, 1999. Last Revised: September 2, 2008. Additional History Information.

Additional References:
Advice Memo on Public Computers and Pornography
NCSU Trademark Licensing Office

Contact Info: Director of Security & Compliance, Office of Information Technology (919-515-2794)

1. Introduction

North Carolina State University's (hereinafter "University") Information Technology (IT) Resources consists of computer networks, equipment, and resources are owned by the University and are provided primarily to support the academic and administrative functions of the University. The use of these IT Resources is governed by federal and state laws and University policies and procedures.

2. Regulatory Limitations

2.1. University computer accounts are for the exclusive use of the individual to whom they were assigned and users may not allow or facilitate access to University computer accounts or IT Resources by others. Users may not set up a proxy or anonymous remailer for purposes of allowing access to others.

2.1.1. Students and employees of NC State receive computer accounts and are authorized users of IT Resources unless access privileges have been revoked under University procedures.

2.1.2. Departments may establish guest and temporary accounts for authorized use of University IT Resources by non-university personnel. The department that is responsible for the guest and temporary accounts must ensure that the Computer Use Policy and Computer Use Regulation is understood and adhered to by the users of the accounts. The users of the accounts are responsible for personally adhering to University regulations and all state and federal laws.

2.2. Use of University IT Resources must comply with federal and state laws.

2.3. Use of University IT Resources must not violate any policy or directive of the UNC Board of Governors, the NC State Board of Trustees, the UNC General Administration, or the NC State administration.

2.4. The University may examine the content of personal electronic information stored on or passing over University IT Resources, for the following purposes:

2.4.1. To insure the security and operating performance of its IT Resources.

2.4.2. To enforce University policies or compliance with state or federal law where examination is approved in advance by a Dean, Vice Chancellor, or Vice Provost, and either

2.4.2a. there is a reasonable suspicion that a law or University policy has been violated and examination is appropriate to investigate the apparent violation, or

2.4.2b. examination is necessary to comply with a state or federal law.

2.5. Computer users should have no expectation of privacy in personal material stored by them on the University IT Resources when the conditions of subparagraph 2.4.1, 2.4.2(a), or 2.4.2(b) above have been satisfied.

2.6. The University may authorize confidential passwords or other secure access identification; however, users should have no expectation of privacy in the material sent or received by them over the University IT Resources. While general content review will not be undertaken, monitoring of this material may occur for the reasons specified above.

2.7. For information related to university business, a supervisor or other designated university official may have appropriate access for work-related purposes. No permission or approval from the user is needed for such access. If personal and business information are not clearly separated, the designated university official may examine all information to the extent needed to separate and access business information for work-related purposes. Deans or Vice Chancellors may approve rules to exclude personal files from storage on network drives, in which case all files and data on the affected systems may be treated as information related to University business.

2.8. Authorized University personnel may examine server/desktop "log" information to identify computer users and the electronic addresses to which they have connected (e.g., websites or email) to the extent consistent with privacy laws and necessary for University business purposes.

2.9. The University reserves the right to limit or revoke access to University IT Resources when

2.9.1. federal or state laws or University policies are violated , or

2.9.2. where University contractual obligations or University operations may be impeded.

2.10. All material prepared and utilized for purposes of University business and posted to or sent over University IT Resources must be accurate and must correctly identify the sender, unless a University administrator (department head or higher) approves anonymity for a University business purpose.

2.11. Any traffic on the University's IT Resources may be monitored by designated university personnel for operational or research purposes. Access to information content should be consistent with University regulations, state and federal laws, and the purpose for which the traffic is being monitored.

2.12. Individuals using University IT Resources may not convey personal statements that could be construed as representing the positions or beliefs of the University. For example, religious views, political campaign positions, proselytizing remarks, quotations, and etc. are not allowed in email signature blocks.

2.13. University computers must be registered with NC State in University approved domains. It is forbidden to register a non-University approved domain for any computer that is connected to the NC State network without approval of the Vice Chancellor for Information Technology or his designee. If such approval is given, it must be made clear that this domain is using NC State IT Resources for delivery.

2.14 Software will be used only in accordance with its license agreement. Unless otherwise provided in the license, any duplication of copyrighted software, except for backup or archival purposes may be a violation of copyright law.

3. Personal Use

Authorized users may access University IT Resources for personal uses if the following conditions are met:

3.1. The use does not overload the University IT Resources, or otherwise negatively impact their performance.

3.2. The use does not result in commercial gain or private profit, except as allowed under University intellectual property policies and the external activities for pay policy. However, in no case may University IT Resources be used for solicitation of external activity for pay.

3.3. The use does not violate any University licensing agreements or any law or University policy on copyright and trademark.

3.4. The use does not state or imply University sponsorship or endorsement.

3.5. The use does not violate any law or University policy, regulation, or rule.

3.6. The use does not involve unauthorized passwords or identifying data/tools that attempt to circumvent system security or in any way attempts to gain unauthorized access.

3.7. The use does not involve sending or soliciting chain letters, nor does it involve sending unsolicited bulk mail messages (e.g., "junk mail," or "spam," or "MLM.").

3.8. The use does not result in any direct cost to the University.

3.9. Any creation of a personal World Wide Web page or a personal collection of electronic material that is available to others must include a disclaimer that reads as follows:

"The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University."

4. Use of Computing Facilities for Commercial, Advertising, and Broadcast Purposes

4.1. No paid advertising will be allowed on official University Websites. However, an NC State Website may contain a simple acknowledgment of sponsorship by an outside entity in the following form: "Support for this Website [or university unit] has been provided by _____________." The acknowledgment may include the sponsorship's logo only if permission is granted by the sponsor and the use of the logo does not imply commercial endorsement by the University.

4.1.1. An "official University Website" is any World Wide Web address that is sponsored, endorsed or created on authority of a University department or administrative unit. Websites on University servers are either "University Websites" or personal Websites allowed by the University.

4.1.2. "Paid advertising" means advertising or promotional information provided in exchange for legal consideration, including money or other valuable benefits.

4.2. Personal Web pages that are maintained by University computer account holders may not contain paid advertising.

4.3. University employees may post advertisements to newsgroups, Web sites, or other Internet resources dedicated to advertising. The ads may not refer readers to a University telephone number. Like other personal use of State computing resources, the ads must be sent on an employee's own time, not during hours when they are being paid to work.

4.4. University computer account holders may not "broadcast" E-mail messages without prior approval from the Chancellor, Provost, Vice Chancellor for Finance and Business, Vice Chancellor for Information Technology, or their designees. "Broadcast," means transmission of an unsolicited message to a significant number of computer accounts on a University server or servers; the intent is to prevent mass mailings from tying up employee time and computer resources.

4.5. Registered marks of the University as designated by the NCSU Trademark Licensing Office may be used in the Websites of University computer account holders on the conditions that (a) they are not used for or related to private profit or commercial purposes, and (b) they do not mislead or confuse viewers as to whether the Web page is University-sponsored.

4.6. The Chancellor or designee may approve specific exceptions to the prohibition on paid advertising.

5. Violation of Policies and Regulations

5.1. Any violation of this policy by employees may be "misconduct" under EPA policies (faculty and EPA non-faculty), or "unacceptable personal conduct" under SPA policies. For students, violations are "misconduct" under the applicable student disciplinary code. For approved guests, violations will result in appropriate action depending on their affiliation. Violators may be referred to the appropriate disciplinary procedure, and violations of law may also be referred for criminal or civil prosecution. Sanctions may include revocation of access privileges in addition to other sanctions available under the regular disciplinary policies.

5.2. Apart from referrals to disciplinary procedures, an authorized University system administrator (or designees) may suspend a user's access privileges or suspend services to a computer, for as long as necessary to protect the University's IT resources, to prevent an ongoing threat of harm to persons or property, or to prevent a threat of interference with normal University functions. As soon as practicable following the suspension of access privileges, the system administrator must take the following actions:

5.2.1. The user must be sent written or electronic notice of the suspension of access and the reasons for it, along with notice of the time, date, location, and person with which the suspension may be discussed.

5.2.2. The user must be given an opportunity to meet with the system administrator or his/her designee in a timely manner to discuss the suspension and present any reasons the user has why the suspension should be lifted. The system administrator must reconsider his or her suspension decision in light of the information received at this meeting.

5.2.3. Following the meeting, the user must be sent a written or electronic copy of the system administrator's decision upon reconsideration, and must be notified that the user may appeal to the system administrator's immediate supervisor if the user is dissatisfied with the outcome of the meeting.

6. Application of Public Records Law

6.1. Duty to preserve records: All information created or received for University work purposes and contained in University IT Resources, or electronic mail (e-mail) depositories are public records and are available to the public unless an exception to the Public Records law applies. As with hard-copy documents, e-mail users are responsible for the retention of e-mail messages that have lasting or archival value in accordance with the N.C. Public Records Law and NC State University's published guidelines regarding records retention and disposition.

6.2. Additional duty regarding records requests and potential litigation: Any University employee or authorized guest (e.g., volunteers and students serving in a University office) who receives notice of a public record request or possible lawsuit or other legal claim must promptly (a) notify the Office of Legal Affairs of the request or possible claim, and (b) locate and preserve all relevant records.

6.3. Duty to provide access to information content: Employees and approved guests with a network account or University computing device must provide appropriate assistance for access to information content (including decryption and entry of passwords). This assistance should only be provided when an identified University official (e.g., supervisor or person in employee's chain of command) needs access to any of the University's records/data the employee may have stored on University machines, systems, or storage devices, or on non-university machines, systems, or storage devices.

7. Additional Rules

Additional rules on computer use may be adopted by various divisions/departments to meet specific administrative or academic needs. Any adopted requirement must:

7.1. Comply with applicable federal and state laws;

7.2. Be consistent with the policies of NC State University and the University of North Carolina;

7.3. Be adopted and posted in writing or electronically in a manner that is available to all affected users in accordance with the Procedure for Formatting, Adopting, and Publishing Policies, Regulations, and Rules (PRR Protocol); and

7.4. Be filed with the General Counsel and the Vice Chancellor for Information Technology.

Left Navigation