Policy Governing the Use of Information Resources

Policy Statement

To support its missions of teaching, research, and public service, Saint Joseph's University provides access to Information Resources for its Users.  The University requires all Users of its Information Resources to do so in a responsible manner, abiding by all applicable federal and state laws and regulations, as well as all Saint Joseph’s University policies.  This policy describes the appropriate use of all Information Resources, including, computers, networks, and any related technology and data.

Capitalized terms used in this policy have the meaning defined in the Glossary of Terms for Information Security and Related Policies.

General Requirements

All Users of Information Resources must do so in a sensible and trustworthy manner.  Every User is responsible for protecting the Confidentiality, Integrity, and Availability of Information Resources, including data created, received, stored, transmitted, or otherwise used by the University, irrespective of the media on which the data reside, and regardless of the format (e.g. electronic, paper, fax, DVD, CD, or other physical or intangible form).  All Users of Information Resources must respect the rights of other Users; respect the integrity of facilities and controls; comply with all pertinent licenses and contractual agreements; and, follow all applicable federal and state laws and regulations, as well as all Saint Joseph’s University policies.  See the University’s Data Stewardship Policy for more details.

Information Resources and Accounts are owned or licensed by the University, and must be used strictly for the University-related activities for which they are assigned. Information Resources may not be used for commercial purposes or non-University-related activities without prior written authorization from the University. The University may require payment of appropriate fees for commercial use or use unrelated to University activities.

The University reserves the rights to limit, restrict, or extend privileges or access to its Information Resources.  Data Stewards may allow individuals other than University faculty, staff, and students to access Information Resources for which they are responsible, so long as such access does not: violate any license or contractual agreement; violate University policy; or violate any federal, state, county, or local law or ordinance.  See the University’s Data Stewardship Policy for more details.

Users and System Administrators must guard against abuses that disrupt or threaten the viability of Information Resources, including Resources stored at the University and those residing on networks to which the University's systems are connected. Violations of University standards for conduct as outlined in the Staff and Administrative Handbook, the Faculty Handbook, and the Student Handbook include:

• Access to Information Resources without proper authorization from the designated Data Steward.
• Unauthorized use of Information Resources, including exceeding the scope of authorized access.
• Repeated overuse of Information Resources that degrades the performance of Information Resources.
• Intentional corruption or misuse of University Information Resources.

Such violations may also be considered civil or criminal offenses.

Your Responsibilities

As a member of the University community, the University provides you with access to Information Resources. In turn, you are responsible for knowing the laws, regulations and policies of the University that apply to your use of Information Resources. You are responsible for exercising good judgment in the use of Information Resources. The fact that an action is technically possible does not imply that it is appropriate to perform that action.

As a representative of the University community, you must respect the University's reputation in your electronic dealings with those inside and outside the University. You have the following responsibilities in this regard:

• Use only those Information Resources and Accounts that the University has authorized you to access.  You may not use another individual’s Account or attempt to use or compromise other Users’ login credentials or passwords or exceed the level of authorized access.
• Use Information Resources only for the purpose(s) for which your authorized access is granted.
• Be responsible for the use of your Account and for protecting your Account's password. You may not divulge Account passwords. See the Password Management Policy for additional requirements.
• You may not grant anyone access to Information Resources via a University computer or via a personally owned computer connected to the University’s network.
• Immediately report unauthorized use of Information Resources to the Office of Information Technology (OIT).
• Ensure that either you or the University properly license all software that you use. Do not use or share unlicensed software including computer programs, audio or video files, and other digital media. The unauthorized sharing of audio or video files and other digital media is a violation of the Digital Millennium Copyright Act and University policy.  Unauthorized sharing of digital media may result in civil or criminal penalties, as well as discipline from the University or termination of your access to Information Resources.
• Take reasonable and appropriate steps to see that all hardware and software license agreements are executed on any system, network, or other technology that you operate.  The University may use reasonable efforts to monitor its computing systems to attempt to detect any unlicensed software on its systems. Individuals who install software on University computers must keep records to show that this software is properly licensed.
• Cooperate with requests from System Administrators and IT Security staff for information about computing activities. Under certain circumstances, a System Administrator or IT Security Staff may access your computer systems and files.
• You may not attempt to gain control of any Account, files or computer without the prior consent of the owner of those Information Resources. With the exception of System Administrators and IT Security Staff, the University never gives consent for Users to attempt to gain control of any systems, routers, switches or any other types of infrastructure resources, nor does it permit browsing Information Resources stored on any system.
• You are not permitted to use tools that are used to assess security or to attack computer systems or networks (e.g., password 'crackers,' vulnerability scanners, network sniffers, etc.) on Information Resources unless you have been specifically authorized in writing to do so by the Information Security and Compliance unit within OIT.
• Your use of electronic mail must be treated as the use of postal services. Email messages must be opened and read by the User to whom they are addressed. Do not attempt to read, delete or otherwise tamper with email addressed to another User. Do not attempt to distort or forge the "sender address" information contained in email messages. Do not send harassing or offensive email.  Refer to the section entitled Use of Email for further detail.
• All Users should become familiar with the University Academic Honesty Policy as it pertains to the use and abuse of Information Resources.

Any observed failure to adhere to these responsibilities must be reported to the appropriate administrative officers and to the OIT.

The University is not responsible for loss of information from computing misuse, malfunction of computing hardware or software, external contamination of data, or programs or acts of third parties. Employees in OIT take reasonable precautions designed to protect the integrity of the Information Resources, and the information stored therein.

Use of Email

University email services shall not be used for the creation or distribution of any disruptive, offensive or pornographic messages, including such comments about race, gender, disabilities, age, sexual orientation, religious beliefs and practice, political beliefs, or national origin. Individuals who receive any emails with this content from any University account should report the matter to their Unit Head or to the OIT immediately.  This applies to all individuals who are provided email access by the University.

Using a reasonable amount of University resources for personal emails is acceptable, unless a Unit Head determines that work is impacted.  Sending chain letters, joke emails, virus or other malware warnings from a University email account is prohibited. Attempts to send mass mailings (messages addressed to several hundred recipients) must be approved by a Unit Head or Data Steward. Only authorized accounts and individuals are permitted to send mass mailings.

Any requirement to email to a large distribution list (mass mailings) should be coordinated with OIT staff to ensure minimal disruption to services, and when appropriate, reviewed and approved by the University’s Institutional Review Board.  Mass mailings require approval by a Unit Head or Data Steward irrespective of the content.  Excessive use of mail privileges results in the suspension of activity within an email account.  The User and their Unit Head are notified by OIT when excessive email use has occurred.

Confidential and sensitive information as defined in the University’s Data Classification Policy is not permitted to be sent in a standard email.  Encryption of this restricted information is required for any transmission of it via email.  

Automatic forwarding of emails is not a recommended practice due to the risk of disclosure of personally identifiable information.  Individuals should evaluate their practices to ensure that no data loss occurs.  All Users are responsible for the choice to auto-forward email in the event of a data loss.

University employees shall have no expectation of privacy in anything they store, send or receive in email. OIT, and any third party mail provider acting as an agent of the University, may monitor messages without prior notice as required by law enforcement or directed by the Office of General Counsel or the Office of Internal Audit.

Compliance with Copyright Laws for Text, Audio and Video

Nearly all written, audio and video material is protected by copyright laws, regardless of whether it is in a hard copy, in an electronic copy, or accessible via Information Resources. Users of Information Resources should assume that all written audio and video materials in hard copy, electronic form or available through Information Resources are protected by copyright laws, including The Digital Millennium Copyright Act of 1998, unless there is clear information to the contrary. Simply stated, the copyright laws allow a User to read the copyrighted material. The copyright laws do not allow a User to modify a copyrighted work, make copies of it (beyond those allowed by fair use), distribute copies of a work through the Internet, or broadcast a copy of a work (such as in the case of video) on any channel or network. As with materials from a library or other sources, the User is responsible for using materials obtained off the Internet in compliance with the copyright laws.  See the University’s Copyright Infringement Policy for further information.  

Compliance with Copyright Laws for Software

Copyright laws protect nearly all computer software. Users of Information Resources should assume that all software accessible on or via University Information Resources is protected by copyright, unless there is clear information to the contrary. Users may only use software in accordance with its associated license agreement. Unless otherwise permitted by the applicable license agreement, the copyright laws do not allow a User to modify the software, make more copies of it, store copies on both a home and a campus computer, or distribute the software through the Internet. Unless a User of Information Resources knows that such activities are permitted by the applicable license agreement, Users shall not copy any software, modify any software, load copies of it onto a network or on multiple hard drives, or distribute the software in any way, including through the Internet.

Impacts

As described above, every User is required to uphold the Confidentiality, Integrity and Availability of University Information Resources, and comply with all of the terms and conditions set forth in this Policy.  There are penalties for abuse of Information Resources in violation of this Policy.  User activities deemed to cause harm to the University, other Users, or to others outside of the University while using Information Resources, whether intentional or unintentional, will be reported to the Unit Head of the responsible party’s area to determine an appropriate response.  If the violation is caused by the Unit Head, then the Unit Head’s manager will determine the appropriate action.  Violations of this policy are subject to disciplinary action and may result in Human Resources sanctions for employees, and Community Standards disciplinary sanctions for students.

Any or all of the following steps may be pursued to protect the user community, the University and the Information Resources:

• Notification to the User’s supervisor, project director, instructor, academic advisor or Unit Head of the investigation.
• Referral of the matter for processing through the University’s discipline systems.
• Suspension or restriction of the User’s access to Information Resources. Disciplinary action may include the loss of computing privileges and other disciplinary actions up to and including non-reappointment, discharge, dismissal, and legal action, including in some cases civil or criminal prosecution under Pennsylvania Code Title 18 Crimes and Offenses § 5742 (2010), or other appropriate legislation.

It should be understood that nothing in this policy precludes enforcement under the laws and regulations of the Commonwealth of Pennsylvania, any municipality or county therein, and/or the United States of America.

If you have questions about this policy, please email policyhelp@sju.edu. 

Last Updated:  January, 2021