Responsible Use Policy

Please note that the CSU is developing a system-wide Responsible Use Policy.  We anticipate that the new policy will be released in Fall 2009.  At that time CSUSM will revise the campus' Interim Acceptable Use Policy (below) to ensure compliance.  The previously approved Acceptable Use Policies can be found at Computer Equipment Access - Faculty & Staff and Computer Equipment Access - Student.

Definition    POLICY GOVERNING USE OF CAMPUS INFORMATION TECHNOLOGY RESOURCES (Interim)
Authority     Government Code 8314; Executive Order 999
History    Version 2.3 updated 12/8/2006.
Scope    This policy applies to all users of CSUSM information technology, whether initiated from a computer located on or off of CSUSM property.  This policy applies to all information systems or resources for information or data that either resides on the system or is conveyed by it.  CSUSM information technology resources include those owned or managed by the campus and/or any campus-affiliated organization.

1. Policy Purpose

1.1. The CSUSM computer and information network is a continually growing and changing resource that supports thousands of users and systems. These resources are vital for the fulfillment of the academic, research and business needs of the campus. In order to ensure a reasonable and dependable level of service, it is essential that each individual exercise responsible, ethical behavior when using these resources. Misuse by even a few individuals has the potential to disrupt campus business, and, even worse, the legitimate academic and research work of faculty and students.  This document is intended to provide a baseline acceptable use policy which will apply to the use of CSUSM information technology resources.

2. Policy Scope

2.1. This policy is intended to address those acceptable use issues which may expose the campus to liability due to violations of state or federal laws, or to civil claims, and to assure the effective and efficient use of information technology resources. 
2.2. This policy exists within a framework of state and federal laws, along with CSU and campus policies that may be related to the use of technology. Where an existing law or policy applies to an activity that may be conducted via or stem from the use of technology, that existing law or policy will be observed in conjunction with this policy .
2.3. It is the policy of the CSU to use any and all information technologies in a manner consistent with the federal laws governing copyright protection. These include, but are not limited to, the Digital Millennium Copyright Act of 1998, the Teach Act of 2002 and all subsequent amendments. Updated information about such laws can be found at http://www.copyright.gov/title17/.

3. Policy Application

3.1. Access to CSUSM computing facilities and equipment is granted to CSUSM faculty, staff and students. An individual may have this privilege revoked if he or she violates the rules set forth in this policy statement.
3.2. "Access" is considered to be physical use of a computer or terminal, or remote access to a computer via a network or telephone line.
3.3. Access to campus computer equipment may be suspended during the course of an investigation, but shall not be revoked without formal review with campus administration.

4. Privacy of Electronic Information

4.1. CSUSM supports each individual user’s right to privacy and will take reasonable steps to ensure the security of CSUSM information technology resources. However, electronic messages, electronic files and electronic data residing on CSUSM computing resources are potentially accessible to others through normal system administration activities or troubleshooting, in response to subpoenas or other court orders, and to the public through public records laws. Hence, the absolute privacy of electronic communication cannot be guaranteed.  All users of CSUSM information technology resources are advised to consider the open nature of information disseminated electronically, and should not assume any degree of privacy or restricted access to such information.
4.2. The consent of an electronic communication holder or account owner shall be obtained prior to the inspection, capture or disclosure of the contents of electronic communication records except as provided in paragraph 4.3.
4.3. CSUSM may inspect, capture, lock, or disclose of electronic communications records without the consent of the holder of such records or the owner of the account:
4.3.1. when required by and consistent with the law;
4.3.2. when there is a substantiated reason to believe that violations of law or of policies, have taken place;
4.3.3. when there are compelling circumstances that limit the ability of the record holder to give permission; or
4.3.4. under time-dependent, critical operational or security-related circumstances.
4.4.5. Original electronic materials and/or copies may be retained for specified periods of time on system backups and other locations; however the campus does not warrant that such information can be retrieved.

5. Protecting the Confidentiality of Electronic Information

5.1. Information stored on CSUSM computers are be subject to laws or policies related to confidentiality or privacy concerns and those persons who store such information must use due diligence to prevent unauthorized access to and disclosure of confidential, private or sensitive information. 
5.2. Due to the increasing legal requirements addressing protection of confidential or private information, files containing such information must be stored on campus systems in a secure manner. Individuals shall not store information on non-campus computer systems, personal storage media or otherwise make copies of sensitive or confidential information without express prior authorization of the CSUSM Information Security Officer.
5.3. Copies or backups of such data shall be stored in a secure manner.  Individuals who create backups or copies of sensitive or confidential data shall store such backups or copies in a locked enclosure.
5.4. Confidential or sensitive information must be thoroughly eliminated from computing equipment when no longer needed and/or prior to disposing of the equipment.

6. Legal Use of Equipment

6.1. Users shall not use CSUSM computing and network services for purposes that are inconsistent, incompatible, violate or are in conflict with federal, state laws, as well as campus and CSU regulations and policies.  Violations may include but are not limited to harassment, defamation, making threats, committing computer-related crimes, impermissible use of campus resources for political advocacy, copyright infringement, sexual harassment, and child pornography.  Users must adhere to protections provided by software licensing agreements as well as CSU and campus policies regarding intellectual property and state law or policy regarding the use of university names and trademarks. 
6.2. Use of any university resource such as computers (hardware or software), network connections, servers, routers, facsimile machines, copy machines and other electronic equipment by any university constituent (faculty, student, staff or general public) to circumvent legitimate copyright protections or illegally access, copy or disseminate copyrighted material is unacceptable and may constitute violation of Federal law and Title 5 of the California Code of Regulations.

7. Passwords and Credentials

7.1. Users who have been authorized to use a password-protected account must follow established procedures for setting, maintaining and changing passwords and may not disclose the password or otherwise make the account available to others without explicit authorization per established procedures.

8. Authorized Use

8.1.    Use of CSUSM information technology resources is granted to faculty, staff and students in support of their instruction, research, studies, duties as employees, official business with the campus and/or other campus-sanctioned activities.
8.2.    Use may also be granted to individuals outside the university if such use is consistent with the mission of the university.
8.3.    With the exception of implicitly publicly accessible resources such as websites, permission to use information technology resources may not be transferred or extended by members of the campus community to individuals or groups who are not associated with the campus without prior approval of an individual designated as having authority to permit use of the information technology resource.  Such use must be limited in nature and fall within the scope of the mission of the institution.  The authorizing official is expected to ensure that access granted under these circumstances is not abused.
8.4.    Incidental and minimal personal use is permitted provided it does not violate California Government Code Section 8314 or Section 9.1 of this document, does not consume a significant amount of campus resources, does not interfere with the individual’s or other users’ ability to perform campus-related responsibilities, and otherwise complies with applicable laws, rules, policies, contracts and licenses.

9. Commercial Activity


9.1. Individuals are strictly prohibited from using campus information technology resources for unauthorized commercial activities, personal gain or activities unrelated to campus business.  Unauthorized commercial activities includes soliciting, promoting, selling, marketing or advertising products or services, or raising monies for non-CSU-related organizations, non-profit or otherwise.
9.2. Entities, such as CSU auxiliary organizations, may be authorized by contract to provide commercial services and products to students, faculty and staff, and invited guests of the campus.

10. Identity Misrepresentation

10.1. Users of campus information technology resources shall not purposefully misrepresent their identity, either directly or by implication, while communicating electronically.  This provision is not intended to limit anonymity, where appropriate, but rather to address purposeful and deliberate use of false identities.

11. Damage to or Impairment of CSUSM Information Technology Resources

11.1. Individuals shall not use any technology resource in a manner that may cause damage to or impair CSUSM’s information technology resources including but not limited to, any manner that adversely affects the work of others or intentional, reckless or negligent behaviors that might interfere with, disrupt or inflict damage to any computer system, network or related service. Examples include but are not limited to introducing a computer “malware” application, purposefully altering the system or network configuration in such a way as to impact availability, accessing or using any computer, network or electronic data without permission, misusing or allowing misuse, and intentionally inflicting virtual or physical damage to a technology resource.   Such behaviors are prohibited on both campus-owned and privately-owned equipment operated on or through campus resources.

12. Access Restrictions


12.1. Individuals shall  not access, attempt to access, or intentionally enable others to access information or systems to which they have not been granted access.  Exploratory activities which extend beyond an individual’s assigned computer resources such as port scanning and security scanning are prohibited unless specific authorization has been granted.  Unless part of their approved job description, users shall not monitor systems or networks or capture the data residing on or transmitted through CSUSM resources.

13. Reporting of Violations

13.1. Effective security is a team effort involving the participation and support of every CSUSM employee, student and affiliate who uses information and/or information systems.  Every employee or affiliate who has knowledge or reasonable suspicion of a violation of this policy must follow the applicable procedures for reporting the violation to the proper authorities at their institution. 

14. Compliance

14.1. Compliance with this policy is required as a condition of use.  Failure to comply may result in prosecution under existing laws (federal, state and local), private civil action, and/or disciplinary action under applicable CSUSM policies and procedures for students and employees, including collective bargaining agreements where appropriate.  
14.2. Individuals physically located in other states, countries or jurisdictions are subject to the applicable laws of that jurisdiction in addition to California and federal law when accessing materials electronically through campus information technology resources.  When electronically accessing material housed in other states or countries through CSUSM information resources, individuals may also be required to comply with applicable laws of that state or country. 

15. Content

15.1. Freedom of thought, inquiry, and expression is a quintessential academic value.  Material considered offensive to one person may not be to others and may constitute expression protected by the First Amendment of the United States Constitution.  CSUSM relies on the integrity and responsible use of resources by each of its members and expects adherence to the highest academic standards.  Materials that violate applicable laws (e.g., child pornography, copyright infringement, etc.)  or CSUSM policy (e.g., sexually explicit content creating a hostile work environment, etc.) may not be accessed through or stored on CSUSM information technology resources.

16. CSUSM Rights and Responsibilities


16.1. The campus is committed to protecting users of information technology resources from illegal or damaging actions by individuals either within or external to the university community.  The campus will take steps to help employees, students and affiliates understand the principles described in this acceptable use policy.
16.2. The campus reserves the right to limit access to its resources when policies or laws are violated and to use appropriate means to safeguard its resources, preserve network/system integrity, and ensure continued service delivery at all times. This includes monitoring routing information of communications across its network services and transaction records residing on CSUSM resources, scanning systems attached to the campus network for security problems, disconnecting systems that have become a security hazard, and restricting the material transported across the network or posted on CSUSM system as per the Computer & Network Security Policy .
16.3. Unless otherwise required by law and/or policy, the campus reserves the right to archive and/or remove stored files and messages in order to preserve system integrity. Except in an emergency, users will be given advance notice to delete files and messages.

More questions?  Contact the ISO at 760.750.4787