Reg. 31 Regulations governing the use of University Computing Facilities
Definitions:
(a) The phrase computing facilities as used in this and in all other University regulations shall be interpreted as including: any computer hardware or software owned or operated by the University; any University rooms or other accommodation containing computers; any allocation of time, memory or other measures of space on any of the University’s computer hardware, software, rooms, networks or links to networks; any of the University’s computer networks or other communications systems involving computers; any of the University’s connections to external computer networks or information or communication systems involving computers; or any computer hardware or software used on campus or connected to the University network.
(b) The phrase University Computing Facilities shall be interpreted as including the computing facilities of any part of the University or associated company.
(1) Authorisation
No person shall use any University computing facility who has not been appropriately and individually authorised.
(2) Acts of Parliament
Users shall comply with the relevant Acts of Parliament which include:
Data Protection Act 1998
(a) All data held or used by users in conjunction with University activities (whether or not held on University or departmental computers) is defined as University-owned data within the terms of the Data Protection Act 1998.
(b) Any holdings of data on living individuals shall be reported to the University’s Data Protection Officer prior to the use of the data.
(c) Users shall be aware of, and comply with the provisions of the Data Protection Act 1998, and with the terms of the University’s registration under the Act.
Computer Misuse Act 1990
This Act makes it an offence to try to access any computer system for which authorisation has not been given. Thus any attempt to bypass or interfere with the security controls on a system is an offence. Obtaining or trying to obtain the usernames or passwords of other users, or accessing or modifying files belonging to other people are also offences.
Copyright Design and Patents Act 1988
Under this Act it is an offence to copy software without the permission of the owner of the copyright.
Defamation Act 1996
Under this Act it is an offence to publish untrue statements which adversely affect the reputation of a person or group of persons.
(3) Use of facilities
(a) All authorised users shall be allocated a user name, which, together with any facilities authorised, may only be used for the purposes for which they have been allocated.
(b) Users shall abide by the Code of Conduct for the Use of Software issued from time to time by the Director of IT Services.
(c) Users shall not attempt to gain access to, copy, or otherwise make use of any other user’s program or data. This includes acquiring knowledge of any other user’s password.
(d) Users shall take all reasonable precautions to protect their programs, data and other resources from unauthorised access by other users.
(e) Users shall not disclose their usernames or passwords to any other person, nor shall they use or attempt to use any system which they have not been authorised to access.
(f) Users shall abide by the University Anti-Virus Policy and shall not knowingly introduce any virus or other harmful program or file into any computing facility, nor take deliberate action to circumvent any precautions taken or prescribed by the University to prevent this.
(g) Users shall not attempt to gain access to systems management facilities or other facilities not available for general use.
(h) Computing facilities shall not be used to display, print, transmit or store text or images or other data which could be considered offensive such as pornographic, racially abusive or libellous material.
(i) No one shall make use of the University’s computing facilities to harass any person or group of persons.
(j) No member of the University shall produce, use or promulgate material via the University’s computing facilities which could bring the University, or any part of the University, into disrepute. Where such a question might arise, in the case of academic activity, or any other matter, prior permission should be sought in writing from the Registrar or his/her nominee.
(k) No one shall make any use of the University’s computing facilities to undertake or assist in a criminal act.
(l) The sending of unsolicited bulk email is not permitted; this includes but is not limited to advertisements and political and religious materials.
(m) Use of the open access computer work areas is subject to the Code of Practice for the Use of Computer Work Areas issued from time to time by the Director of IT Services.
(n) Any use of University computing facilities to create, store or disseminate information or to access external computer networks or other computer based communication systems must conform both to the JANET policy on acceptable use and to the University of Warwick’s Code of Practice for Operation of Computer-Based Information Services including the World Wide Web. The JANET Policy on acceptable use is available on the Web*.
(o) Users shall abide by the information security policies and codes of practice as issued from time to time by the Director of IT Services.
*(https://community.ja.net/library/acceptable-use-policy)
(4) Disciplinary Action
(a) The facilities are provided for University purposes, that is, for research, teaching and learning and for administrative functions. Authorised University officers have the power to require any member of staff or student to cease any other use of University computing facilities. Staff and students must comply with such a request.
(b) Any attempt or actual breach of security or discipline by a student under these regulations may lead to the suspension or withdrawal of a user’s authorisation and shall constitute an offence under the University’s disciplinary regulations. This includes the Code of Practice for the Use of Computer Work Areas and the Code of Practice for Operation of Computer-Based Information Services referred to in paragraph 31(3)). Any such offences shall be reported to the Registrar by the Director of IT Services. If the Director of IT Services considers that the offence is of a particular gravity he or she will treat it as a major disciplinary offence and instigate the procedure indicated in Regulation 23(8) (b)(vi).
(c) Failure to comply with the JANET Policy on Acceptable Use may lead to the suspension or a period of withdrawal of individual user authorisation and, if the offence is deemed serious enough, to disciplinary procedures.
(d) These regulations form part of the terms and conditions of appointment of members of staff and breaches of the regulations may be dealt with under the disciplinary procedures contained in those terms and conditions.
(e) It is the duty of all users of University computing facilities to be aware of all University and Departmental regulations and codes of practice covering the areas of computing use in which they participate.
(5) Chargeable services
(a) All usage for private purposes and all usage in connection with research projects for which outside funds for computing costs are available, shall be declared as such; a charge may be levied for such usage.
(b) Any financial or commercial advantage arising out of the use of computing resources shall be reported to the Director of IT Services immediately, irrespective of when this advantage would arise and of who should benefit. The user shall abide by any conditions which the University may place on the exploitation of such financial or commercial benefits.
(c) Charges may be levied for any use of computing facilities as the University deems appropriate from time to time.
(6) Interception, monitoring and logging
The University may make interceptions for the purposes authorised under the Regulation of Investigatory Powers Act 2000. The Regulations above provide essential information to users of University computing facilities about what does and does not constitute acceptable use. All inappropriate use of computing facilities, including e-mail and the Internet, no matter how encountered, will be investigated. The University reserves the right to investigate and inspect electronic communications, under the terms of the Act. In particular, files, access logs, e-mail etc relating to individuals may be monitored in the following circumstances:
(a) in the investigation of an incident e.g. alleged contravention of University rules, regulations, contracts, codes etc or alleged criminal activity
(b) investigation of abnormal systems behaviour in an operational context e.g. abnormally high network traffic from a particular device, degradation of systems for other users resulting from the activity on a specific device etc
(c) problem-solving e.g. ensuring a file transfer takes place; the user would normally instigate this but, on occasions, the intended recipient raises the query and the sender is unavailable
(d) to establish charges where these are based on utilisation of electronic resources.
This policy on the privacy and the interception of electronic communications is intended to achieve a balance between the rights of individuals and the need to protect users and the University from the consequences of misuse or illegal activity.