Guidelines for students* on use of IT facilities, including
email and the internet
*For the purposes of policy governing the use of IT facilities,
research postgraduate students come under the Guidelines for Staff.
These Guidelines are issued by the Director of Information Strategy
and Technology Services (ISTS) under the authority of Council.
These guidelines provide clarification for students on the practical
application of the
University's Policy on Acceptable Use of IT Facilities and they
should be read in conjunction with it.
IT facilities includes all computing and communication equipment,
software, services, data and dedicated building space used in connection
with information technology, which is owned by, leased by or used under
licence or agreement by the University.
1. Responsibilities of students
2. Unacceptable or prohibited use of IT facilities
3. Privacy
4. Monitoring use of IT facilities
1. Responsibilities of students
The following sections set out requirements that are particularly
significant and provide relevant information about some of the
legislation that governs the use of IT facilities. All students who use
University IT facilities must comply with the policy, legislation and
principles that are referred to here as well as to other directives from
the Director of Information Strategy and Technology Services that may be
issued.
1.1 Acceptable Use of IT facilities
Information technology facilities may be used only as set out in the
University's Policy on
Acceptable Use of IT Facilities.
Students must not use IT facilities for the purpose of personal
profit making or for commercial activities other than those of the
University. Student use of University IT facilities including email and
the internet is conditional upon compliance with all University policies
procedures and guidelines, including the Sexual Harassment Policy &
Grievance Procedures (C - 12.3) and Equal Opportunity Policy C - 2.3) as
well as with State and Commonwealth law.
A list of relevant documents and Government legislation with which
staff must comply is set out in Appendix A of the Policy on Acceptable
Use of IT Facilities.
1.2 Copyright Law
Copyright law restricts the copying of software and other material
subject to copyright (documents, music, broadcasts, videos etc) except
with the express permission of the copyright owner.
A more detailed
discussion of copyright.
1.2.1 Software
Students may not make use of, or copy, software contrary to the
provisions of any agreement entered into by the University. The onus is
on students to consult with ISTS to clarify the permitted terms of use
if they wish to use any software for purposes other than those for which
the University has a licence.
1.2.2 Email and Copyright
The copyright of an email message is owned by the sender, or the
sender's employer. Consider the expectations of the originator; did that
person set any conditions on the further communication of their email,
or expect that it would not be forwarded to anyone else, or would not be
forwarded to a particular recipient?
1.2.3 Spam Act 2003
All email messages sent from a University email account must comply
with the Spam Act 2003. This Act sets up a scheme for regulating
commercial e-mail and other types of commercial electronic messages. The
Spam Act refers to spam as "unsolicited commercial electronic
messaging". "Electronic messaging" includes emails, instant messaging,
SMS and other mobile phone messaging. A single message may be spam. The
message does not need to be sent in bulk, or received in bulk.
1.3 Honesty in representation and identity
1.3.1 User Identification
On request of relevant University managers and supervisors, a student
must provide evidence (eg. current student id card) of their eligibility
to use the University's IT facilities.
1.3.2 User Misrepresentation
Students must not under any circumstance, in messages or otherwise,
represent themselves as someone else, fictional or real, without
providing their real identity or username.
1.3.3 Public statements on behalf of the University
Communications using University IT facilities should not give the
impression that the writer is representing, giving opinions or making
statements on behalf of the University or any part of it unless
appropriately authorised to do so.
1.4 Security
The following practices should be observed to maintain the security
of the University's IT facilities.
- Students must not attempt to interfere with or bypass the
operation or security of IT facilities including restrictions or
quotas relating to usage.
- Students must keep their user name and password safe and not make
their password available to others or use any account set up for
another user or make any attempt to find out the password of a
facility or an account for which they do not have authorised access.
- Students must ensure that the confidentiality and privacy of data
is maintained.
- Students must not seek access to data that is not required as part
of their study.
- Students who inadvertently obtain data to which they are not
entitled or who become aware of a breach of security pertaining to
data from any information technology facility must immediately report
this to the IT Help Desk. Unauthorised release or use of data
inadvertently obtained may lead to legal action.
1.5 Non - Interference
1.5.1 Inconvenience and damage
Students must not behave in a manner which, in the opinion of
relevant University managers and staff, unduly inconveniences other
people or which causes or is likely to cause damage to University IT
facilities.
1.5.2 Installation of software
Students must not install software on any University IT facility.
2. Unacceptable or prohibited use of IT facilities
2.1 Purpose
IT facilities are provided for use in the University's teaching and
learning, research, administrative and business activities. Some types
of unacceptable use, for example transmission of material of an obscene
nature, are specifically prohibited by the Policy on Acceptable Use
of IT Facilities and by State and Commonwealth law. The policy
contains an appendix listing relevant legislation and University policy
and procedures.
2.2 Examples of unacceptable use
Unacceptable use of IT facilities is set out in section 5.3 of the
Policy on Unacceptable Use. Further examples of unacceptable use
include:
- circumventing system security provisions or usage quotas
- visiting inappropriate internet sites concerned with pornography
and down loading materials that are pornographic or storing or
transmitting any such material
- sending or soliciting obscene, profane or offensive material (this
includes accessing erotic materials via news groups)
- sending email messages or jokes that contain discriminating or
sexually harassing material, or messages that create an intimidating
or hostile work environment for others
- using University IT facilities in the conduct of personal
businesses or for commercial purposes
- using University email facilities to send chain letters
- unauthorised forwarding of confidential University messages to
persons outside the University
- using another person's mailbox without authorisation
- using another's identify or concealing or misrepresenting one's
name or affiliations or address
- sending unsolicited personal opinions on social, political,
religious or other non-University related matters, where sending such
opinions is not a legitimate part of study
- soliciting to buy or sell goods or services, except on mail groups
that have been established specifically for that purpose
- using or transmitting copyrighted information in a way that
infringes the copyright.
2.3 Inadvertent inappropriate use
In relation to use of the web, it may not always be possible to tell
if a web page is relevant until it has been read and web search engines
and links can sometimes lead to irrelevant and inappropriate websites.
In these cases usage logs may be used to demonstrate that access to
inappropriate sites was inadvertent.
2.4 Seeking advice on use
Where a student is in doubt concerning their authorisation to use any
IT facility or about whether a particular use is acceptable, they should
seek the advice of their lecturer, a member of Information Strategy &
Technology Services (ISTS) or the Division/School IT officer.
2.5 What to do when misuse is observed
If the incident is happening Report the incident directly to
University Security
If the incident has happened Report it to the IT Help Desk (x25000)
2.6 What happens following a report of alleged misuse
Where an alleged misuse has been reported to the IT Help Desk or
brought to the attention of the Director: Information Strategy &
Technology Services or staff members responsible for managing any part
of the University's information technology facilities, the Director (or
nominee) may:
- act immediately to prevent any continuation of the alleged misuse
pending an investigation
- promptly notify other authorities, including the relevant Head of
School
- advise the student of the Acceptable Use of IT Facilities policy
and direct the student to discontinue immediately the alleged misuse
If an investigation of alleged misuse requires a student's use of IT
facilities to be examined or monitored they will not necessarily be
notified.
Allegations that constitute misconduct or breaches of the law will be
referred to the appropriate authority for investigation. The University
will give that authority all reasonable assistance requested including
disclosing:
- relevant financial and personal data, and
- data which may be limited by contractual obligation including
copyrighted software and software that is patented or which contains
trade secrets
2.7 Penalties for misuse of IT facilities
If a student does not abide by University policy when using IT
facilities, access to IT facilities may be suspended and disciplinary
action, or civil or criminal legal action may be taken. See the
Policy on Acceptable Use of
IT Facilities.
3. Privacy
3.1 Privacy limitations
The use of individual password may suggest that privacy is ensured.
However, privacy is limited in the following ways.
- use of computers, email and the internet can be accessed by IT
administrators.
- IT systems automatically log the internet sites visited, the
downloads made and the time spent at each site as well as information
about emails sent and received. This automatically logged information
can be accessed by IT administrators.
- while contents of emails and web sites are not routinely recorded,
contents may be stored on staff computers or on servers.
- it is possible to retrieve deleted records from back ups and
archives.
3.2 Privacy legislation
To ensure fairness, the University has provided these Guidelines to
inform students about its practice of monitoring and accessing records
relating to use of University IT facilities, including computers, email
and the internet.
For information about how the University protects the privacy of
information it holds in relation to its students, see the
Policy on Confidentiality of
Student Information (C 46.1).
The University also informs members of the public about how the
University monitors their use of the University web site. See the
Privacy statement.
3.3 Freedom of Information
Another limitation on privacy arises from the University's obligation
to comply with Freedom of Information legislation.
Under the Freedom of Information (FOI) Act of South Australia, a
document is defined as "anything in which information is stored or from
which information may be reproduced". Email messages created in the
course of studying may be official records covered by the State Records
Act (1997) and the Freedom of Information Act (1991), and as such are
subject to the same requirements as hardcopy records. The content of
email messages arising from this use remains the property of the
University and may be subject to release in accordance with the FOI Act.
For further information or advice, contact the Records and Copyright
Officer.
4. Monitoring use of IT facilities
4.1 Routine monitoring
The University provides IT facilities for use in relation to the
University's teaching and learning, research, administrative and
business activities. Routine monitoring of the use of IT facilities is
conducted to monitor the costs and acceptable use of University
resources. The type of information automatically collected includes:
| Internet |
Email |
- the name of the person who accessed the internet site
- the date and time the site was accessed
- the site address (or "URL")
- the computer the person used to access the internet
- the size of the site or web page accessed or the amount of
material downloaded.
|
- the email address of the person who sent the message.
- the name of the person who received the message.
- the email addresses of other people who received the message.
- the date and time at which the message was sent and received.
- the server(s) from which the message was sent.
|
4.2 Other monitoring
In normal circumstances, staff supporting IT services will not
monitor the contents of electronic mail messages or other communications
or files they access as a result of their work (eg auditing operations).
However, the University will inspect, copy, store and disclose the
contents of email when appropriate to prevent or correct improper use,
satisfy a legal obligation, or to ensure proper operation of IT
facilities.
|
