Sidebar
Questions?
Please use the contact section below.
Policy Statement
Computers and other Information Technology (IT) Resources (as defined below) are essential in accomplishing the University's mission. IT Resources need to be used and managed responsibly to ensure the integrity, confidentiality, and availability of those resources for the University's education, research, outreach, and administrative objectives. University community members are granted access to these resources in support of accomplishing the University’s mission.
All users of University IT Resources, whether or not they are affiliated with the University, are responsible for their appropriate use. By making use of these resources, users of IT Resources agree to comply with Board of Regents policies; University administrative policies; federal, state, or local laws; and contractual obligations.
University IT Resources are provided for individuals who are enrolled, employed, or formally affiliated with the University of Minnesota. Units that grant guests access to IT Resources must make their persons aware of their acceptable use responsibilities. The University accepts no responsibility or liability for any unauthorized or personal use of its IT Resources by users.
Acceptable Use Responsibilities
Acceptable use includes respecting the rights of others, avoiding actions that jeopardize the integrity, confidentiality, or availability of IT Resources, and complying with all relevant legal or contractual requirements.
Acceptable use includes but is not limited to the following list. Users of University of Minnesota IT Resources must agree to and accept the following:
- Comply with Applicable Laws, Regulations, and Policies
- Comply with all state, federal, and local laws, regulations, and University policies.
- Comply with all legal, licensing, and intellectual property rights, terms of service, and contractual obligations related to the IT Resources used.
- Users must understand that any records and communications they create related to University business, electronic or otherwise and regardless of whether a personally owned device or resource is used, may be subject to disclosure under the Minnesota Government Data Practices Act. If further advice is needed, consult the the Data Access and Privacy Office under the Office of the General Counsel.
- Comply with the University's records retention schedule as defined, see Appendix: Records Retention Schedule.
- Appropriate Use of IT Resources
- Only use IT Resources you are authorized to use, and only in the manner and to the extent authorized. An ability to access a resource does not imply authorization to use that resource.
- Comply with all measures of security controls on all IT Resources used for University business whether University or personally owned.
- Do not share authentication credentials with other individuals, including family members, and protect authentication credentials from unauthorized use.
- Do not circumvent or attempt to circumvent security controls.
- Do not interfere with the integrity, confidentiality, and availability of IT Resources.
- Do not scan University IT Resources without authorization.
- Do not use IT Resources to harass, intimidate, or engage in inappropriate behavior.
- Do not knowingly download or install software or applications onto University IT Resources that do not follow relevant University policies, do not meet University security requirements and standards, disrupt service, or that do not have a reasonable business or academic use. See Administrative Policy: Entering into Contracts.
- Do not engage in widespread dissemination of unsolicited or unauthorized electronic communications.
- Do not engage in excessive use of IT Resources, including network capacity, personal use that could disrupt or delay University service, or that results in any measurable cost to the University.
- Do not resell or grant access to University IT Resources without authorization.
- Do not use IT Resources for personal commercial gain, campaigning for political candidates, or ballot initiatives that would otherwise be inconsistent in accordance with the University’s tax exempt status. See Administrative Policy: Public Service: Campaigning for or Holding Public Office.
- Respect the Privacy and Rights of Others
- Users must not violate the privacy and rights of others. Technical ability to access others’ information or Resources does not, by itself, imply authorization to do so.
- Safeguard University IT Resources
- All users of IT Resources are required to use security controls provided by the University, including user specific controls as defined in Administrative Policy: Information Security.
- Failure on the part of the user to employ in good faith the available security controls and to secure their personal information appropriately means that the University may not reimburse the loss of misdirected salary, expense reimbursements, financial aid or any other assets.
- All users of IT Resources are required to use security controls provided by the University, including user specific controls as defined in Administrative Policy: Information Security.
Privacy and Security Controls
The University takes reasonable steps to protect its IT Resources; however, use of IT Resources does not guarantee absolute security and privacy. Users should be aware that any use of University IT Resources may be monitored, logged, and reviewed by University approved personnel or discovered via legal proceedings.
When the University becomes aware of violations, either through routine system administration activities or from a complaint, it is the University's responsibility to investigate; take action to protect its resources and provide information relevant to an investigation as necessary.
IT Resources are not examined or disclosed except:
- as required for routine system maintenance;
- as part of maintaining the security of University IT Resources;
- where there exists reason to believe a law or University policy is being violated; or
- as permitted by relevant policy or law.
Enforcement
Individuals who use IT Resources in a way that violates a University policy, law, regulation, or contractual agreement, or violates an individual’s rights, may be subject to limitation or termination of user privileges and appropriate disciplinary action, legal action, or both. Alleged violations will be referred to the appropriate University office or law enforcement agency.
The University may temporarily or permanently restrict access to IT Resources if it appears necessary to protect the integrity, security, or continued operation of these Resources or to protect itself from liability.
Individuals or units should report non-compliance with this policy to University Information Security ([email protected]). To report anonymously, use the University UReport confidential reporting system. See Administrative Procedure: Report Information Security Incidents.
Units within the University may define additional conditions of use for IT Resources or facilities under their control. Such additional conditions must be consistent with or at least as restrictive as any governing Board of Regents or Administrative policy, and may contain additional details or guidelines.
Reason for Policy
The purpose of this policy is to outline the acceptable use of information technology resources at the University of Minnesota in order to:
- Comply with legal, regulatory, and contractual requirements.
- Protect the University against damaging legal consequences.
- Safeguard University Resources and the University Community.