This notice is from the archives of The Notice Board. Information contained in this notice was accurate at the time of publication but may no longer be so.
A Look at the New Acceptable Use Policy
On April 17, 2019 the University of Lethbridge Board of Governors approved a revised “Acceptable Use of Computing, Information and Technology Resources” policy. This policy replaced a 2003 version with updated terms and content to better reflect the current use of technology and information on campus. A significant amount of research went into this new document with comparable policies from across the country being analyzed to try and ensure the University is keeping current with best practices.
The new policy focuses on four main areas of content:
- Use of Technology and Computer Resources
- Confidentiality and Integrity of Data
- Systems Administration
- Compliance
Use of Technology and Computer Resources
In balancing the need for enterprise computing controls and that of academic freedoms, this section identifies some of the industry best practices and accommodations that our institution provides to create a constructive and fair place of learning. Highlights in this section include Personal and Commercial use, Copyright and Intellectual Property, Illegal and Malicious Activity, Network Devices, and Credentials/Identity rules.
Personal Use
Of note, the personal use clause in this policy allows for the infrequent personal use of University resources. However, we do not recommend using the provided @uleth.ca email address as a primary email for personal correspondence or for non-U of L services, as this practice places both the users’ and the University’s information at risk. In particular utility bills, tax information, and other personal correspondence should not be coming to a University email address, as users will lose access to these mailboxes when they leave the institution. Furthermore, any data in the custody or control of the University (i.e. on University webserver(s)) is subject to retention policies and the Freedom of Information and Protection of Privacy Act. Mixing personal information with University data may result in an inadvertent disclosure of personal information. As such we highly recommend using a trusted service provider to handle personal correspondence and services that is not tied to your employment at the University.
Password Use
In addition, sharing of University credentials with other people is prohibited and the reuse of your University password across multiple websites is highly discouraged. Password sharing and reuse is the largest contributor to compromised accounts at the University by a significant margin. IT Services encourages everyone to keep their password secret and if shared access is required, to pursue alternative solutions with the Solutions Centre.
Confidentiality and Integrity of Data
We strive to ensure that data kept at the University remains confidential and uncorrupted for its intended business purpose. All employees and researchers are bound by confidentiality clauses in their contracts, University policies, and applicable laws/regulations to not share or remove data from the University without receiving appropriate permission. If anyone observes a violation of this practice, they should report incidents to the Information Security Office or other appropriate channels.
Systems Administration
In order to maintain our technology infrastructure, Systems Administrators will monitor and utilize various solutions which may grant them access to user’s information. This includes email, P-Drive contents, shared drives, and OneDrive contents. It is important to realize that our systems are meant for enterprise services and do not guarantee 100% privacy at all times. Once again, the University discourages users from storing personal and private data that is not related to the University on any of its systems. If they choose to do so, they do it understanding that its contents could be viewed if system operations requires administrators to access their services.
Compliance
The University expects all users to comply with this policy, as failure to do so may result in disciplinary action as prescribed in the student, AUPE, APO, and ULFA manuals. The University is obligated to report incidents to a variety of regulatory bodies and law enforcement agencies if breaches or violations of this policy are observed. IT Services appreciates everyone’s efforts to maintain compliance and keep our University computing systems safe.
Access and Review
You can access the full policy at https://www.uleth.ca/policy. Search for “acceptable use” and follow the links to the document. We would welcome any feedback you might have on how to improve it, so we can make the technology experience for all users at the University productive and safe.
More Information
For additional information about the Information Security program, we encourage you to visit our communication site which can be found at:
https://uleth.sharepoint.com/sites/information-security-office
Contact:
Kevin Vadnais | kevin.vadnais@uleth.ca | (403) 332-4056