Acceptable Use Policy

 

Preface

San Francisco State University is an academic community dedicated to creating and maintaining an environment for learning that promotes respect for and appreciation of scholarship, freedom, and human diversity. In keeping with this commitment, San Francisco State University makes certain University computing resources available to faculty, staff, and students. These resources include educational, research, and communication facilities, disk storage, and selected software. Access to and usage of these facilities is a public trust, and certain expectations, responsibilities and requirements are inherent to this trust.

A. Scope

This Information Technology Resources Acceptable Use Policy (AUP) applies to any user of the University's information technology resources, whether initiated from a computer located on or off-campus. This includes any computer and information system or resource, including means of access, networks, and the data residing thereon. This policy applies to the use of all University information technology resources whether centrally administered or locally administered. Administrators of individual or dedicated University resources may enact additional policies specific to those resources provided they do not conflict with the provisions of this and other official policies and laws. Users are subject to both the provisions of this policy and any policies specific to the individual systems they use.

B. Purpose

The principal concern of this Acceptable Use Policy is the effective and efficient use of information technology resources. The primary focus is to insure that the resources are used in a manner that does not impair or impede the use of these resources by others in their pursuit of the mission of the University. This policy is intended to ensure:

  1. the integrity, reliability, and acceptable use of University resources;
  2. that the resource-user community operates according to established policies and applicable laws; and
  3. that these resources are used for their intended purposes.

The policy is intended to permit, rather than proscribe, reasonable resource-user access within institutional priorities, financial capabilities and legal constraints.

This policy is intended to promote and encourage responsible use while minimizing the potential for misuse and not imposing broad-based restrictions on all users.

This policy is not intended to prevent or prohibit the sanctioned use of campus resources as required to meet SF State's core mission and academic and administrative purposes.

C. Guiding Principles

The following principles underlie this policy and should guide its application and interpretation:

  1. Freedom of thought, inquiry, and expression is a paramount value of the SF State community. To preserve that freedom, the community relies on the integrity and responsible use of University resources by each of its members.
  2. Information technology resources are provided to support the University's mission of education, research and service. To ensure that these shared and finite resources are used effectively to further the University's mission, each user has the responsibility to:
    a. use the resources appropriately and efficiently;
    b. respect the freedom and privacy of others;
    c. protect the stability and security of the resources; and
    d. understand and fully abide by established University policies and applicable public laws.
  3. Responsible use of University information technology resources (i.e., supporting the academic mission and managing the business of the University) is the only appropriate use of the University's IT resources.
  4. Users of information technology resources are expected to uphold the highest academic standards in accordance with the Student Conduct and other University policies and practices.

D. Policy Application

As a general guideline, the institution regards the principle of academic freedom to be a key factor in assuring the effective application of this policy and its procedures and practices. The law is another source of guidance.

  1. All existing laws (federal, state and local) and State of California, California State University and SF State regulations and policies apply, including not only laws and regulations that are specific to computers and networks, but also those that may apply generally to personal conduct. This may also include laws of other states and countries where material is accessed electronically via University resources by users within those jurisdictions or material originating within those jurisdictions is accessed via University resources.
  2. The accessibility of certain University information technology resources, such as network-based services, implies a degree of risk that the existence, viewing or receipt of such information/content may be offensive. As a matter of policy, the University protects expression by members of its community and does not wish to become an arbiter of what may be regarded as "offensive" by some members of the community. However, in exceptional cases, the University may decide that such material directed at individuals or classes of individuals presents such a hostile environment under the law that certain restrictive actions are warranted.
  3. The University reserves the right to limit access to its resources when policies or laws are violated and to use appropriate means to safeguard its resources, preserve network/system integrity, and ensure continued service delivery at all times. This includes monitoring routing information of communications across its network services and transaction records residing on University resources, scanning systems attached to the SF State network for security problems, disconnecting systems that have become a security hazard, and restricting the material transported across the network or posted on University systems.
  4. Hyperlinks within the policy to external documents are provided for the reference and convenience of readers. They should not be viewed as implying that the referenced document is being incorporated into this policy except as stated or otherwise specified in the policy itself.

E. Policy Provisions

This section is not intended to provide a full accounting of applicable laws and policies. All users are expected to abide by all University, local, state and federal laws. This AUP is intended to highlight major areas of concern with respect to responsible use of SF State resources and specific issues required by law or CSU policy to be included.

1. Authorized Use / Access

Access to SF State's information technology resources is a privilege granted to faculty, staff and students in support of their studies, instruction, duties as employees, official business with the University, and/or other University-sanctioned activities. Access may also be granted to individuals outside of SF State for purposes consistent with the mission of the University.

With the exception of implicitly publicly accessible resources, such as websites, access to SF State information technology resources may not be transferred or extended by members of the University community to outside individuals or groups without prior approval of an authorized University official. Such access must be limited in nature and fall within the scope of the educational mission of the institution. The authorizing University official is expected to ensure that such access is not abused.

Gaining access to the University's information technology resources does not imply the right to use those resources. The University reserves the right to limit, restrict, remove or extend access to and privileges within, material posted on, or communications via its information technology resources, consistent with this policy, applicable law or as the result of University disciplinary processes, and irrespective of the originating access point.

It is expected that these resources will be used efficiently and responsibly in support of the mission of the University as set forth in this policy. All other use not consistent with this policy may be considered unauthorized use.

Top of Page

2. Data Security, Confidentiality and Privacy

SF State users are responsible for ensuring the confidentiality and appropriate use of institutional data to which they are given access, ensuring the security of the equipment where such information is held or displayed, ensuring the security of any accounts issued in their name, and abiding by related privacy rights of students, faculty and staff concerning the use and release of personal information, as required by law or existing policies, including the Student Privacy Rights Policy and Procedure, Information Security Program, and the Information Notice on Student Privacy (FERPA).

Students and employees may have rights of access to information about themselves contained in computer files, as specified in federal and state laws. Files may be subject to search under court order. In addition, system administrators may access user files as required to protect the integrity of computer systems. For example, following organizational guidelines, system administrators may access or examine files or accounts that are suspected of unauthorized use or misuse, or that have been corrupted or damaged.

SF State is required by State law to disclose any breach of University system security to California residents whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

Electronic mail and computer files are considered private to the fullest extent permitted by law. Access to such files will generally require permission of the sender/recipient of a message or the owner of the account in which the material resides, court order, or other actions defined by law. However, in the event of a sanctioned University investigation for alleged misconduct, e-mail or files may be locked or copied to prevent destruction and loss of information. Users may employ methods to increase the privacy of their files, provided they do not violate any provision of this policy or degrade system/network performance.

All users of SF State's information technology resources are advised to consider the open nature of information disseminated electronically, and should not assume any degree of privacy or restricted access to such information. SF State provides security safeguards for the transfer of data, but is not responsible if information is intercepted, copied, read, forged, destroyed or misused by others.

Top of Page

3. Electronic Information Retention and Disclosure

Original electronic materials and/or copies may be retained for specified periods of time on system backups and other locations; however the University does not warrant that such information can be retrieved. Unless otherwise required by law and/or policy, SF State reserves the right to delete stored files and messages to preserve system integrity.

Electronic files or messages, whether or not created and stored on University resources, may constitute a University record subject to disclosure under the California Public Records Act or other laws, or as a result of litigation. Electronic copies must be provided in response to a public record request or legally issued subpoena, subject to very limited exceptions, as with other documents created and retained by the University.

Disclosure of confidential information to unauthorized persons or entities, or the use of such information for self-interest or advantage, is prohibited. Access to non-public institutional data by unauthorized persons or entities is prohibited.

Requests for disclosure of confidential information and retention of potential evidence will be honored when approved by authorized University officials or required by state or federal law.

Top of Page

4. Network and System Integrity Policy

All use covered under the scope of this IT Resource AUP must comply with California State Penal Code Section 502 and other policies and laws. Activities and behaviors that threaten the integrity of computer networks or systems are prohibited on both University-owned and privately-owned equipment operated on or through University resources. These activities and behaviors include but are not limited to:

a. Interference with or disruption of computer systems and networks and related services, including but not limited to the propagation of computer "worms," "viruses" and "Trojan Horses;"

b. Intentionally or carelessly performing an act that places an excessive load on a computer or network to the extent that other users may be denied service or the use of electronic networks or information systems may be disrupted;

c. Failure to comply with authorized requests from designated University officials to discontinue activities that threaten the operation or integrity of computers, systems or networks;

d. Negligently or intentionally revealing passwords or otherwise permitting the use by others of University-assigned accounts for computer and network access. Individual password security is the responsibility of each user. The user is responsible for all uses of their accounts, independent of authorization.

e. Altering or attempting to alter files or systems without authorization;

f. Unauthorized scanning of ports, computers and networks;

g. Unauthorized attempts to circumvent data protection schemes or uncover security vulnerabilities;

h. Connecting unauthorized equipment to the campus network or computers. University authorized business and other activities directly related to the academic mission of the University are excluded; however, network communication devices must have prior approval from the Division of Information Technology before they can be connected to the campus network. Unauthorized network communication devices or any networked device that may negatively impact management, reliability or integrity of the campus network or other University resource may be disconnected from the network.

i. Attempting to alter any University computing or network components without authorization or beyond one's level of authorization, including but not limited to bridges, routers, hubs, wiring, and connections;

j. Utilizing network or system identification numbers or names that are not assigned for one's specific use on the designated system;

k. Using campus resources to gain unauthorized access to any computer system and/or using someone else's computer without their permission;

l. Providing services or accounts on University computers or via University networks to other users from a personal computer unless required to meet the normal activities of students working as individuals or in collaborative groups to fulfill current course requirements. University authorized business and other activities directly related to the academic mission of the University, are also excluded; however, any computers running services that may negatively impact management, reliability or integrity of the campus network or other University resource may be disconnected from the network;

m. Registering an SF State IP address with any other domain name.

Top of Page

5. Commercial Use

Use of the University's information technology resources is strictly prohibited for unauthorized commercial activities, personal gain, and private, or otherwise unrelated to the University, business or fundraising. This includes soliciting, promoting, selling, marketing or advertising products or services, or reselling University resources.

Top of Page

6. Political Advocacy

It is generally inappropriate for individual employees to use University resources to engage in political advocacy in election campaigns. State law generally prohibits the use of public funds for this purpose and Government Code Section 8314 makes it illegal for any state employee or consultant to use or permit others to use state resources for any campaign activity not authorized by law.

An employee can be held personally liable for intentionally or negligently violating Government Code Section 8314 for up to $1,000 per day the violation occurs plus three times the value of the unlawful use of state resources. Due to the personal nature of this activity, the State of California would not indemnify or defend the employee if an action was pursued against them for violating this statute.

The courts have yet to address the specific issue of whether an individual's use of state supported e-mail for political purposes violates the law. While the University may choose not to be involved in deciding whether a personal communication violates this provision, other policy provisions may apply and an employee may still be subject to personal liability under the law. Employees should exercise appropriate caution prior to engaging in such activities, which may have negative consequences for them and the University.

This provision does not apply to political activities related to on-campus student government, including the conduct of student elections, or student club activities and sponsored events conducted with prior approval of the University. It does not apply to individual student activities, e.g., websites, which constitute free speech. Such activities must comply with all other provisions of this policy, including the section on electronic communications, when using University resources.

Top of Page

7. Harassment

Harassment of others via electronic methods is prohibited under California State Penal Code Section 653m, other applicable laws and University policies. It is a violation of this policy to use electronic means to harass, threaten, or otherwise cause harm to an individual, whether by direct or indirect reference. It is a violation of this policy (and applicable laws) to use electronic means to harass or threaten groups of individuals by creating a hostile environment.

Top of Page

8. Copyright and Fair Use

Illegal file-sharing and other copyright infringements violate Title 5 of the California Code of Regulations and Federal copyright law. These laws apply to all forms of information, including electronic communications, music and entertainment videos.

It is the policy of the CSU to use any and all information technologies in a manner consistent with the federal laws governing copyright protection. These include, but are not limited to, the Digital Millennium Copyright Act of 1998, the Teach Act of 2002 and all subsequent amendments.

Use of any university resource such as computers (hardware or software), network connections, servers, routers, facsimile machines, copy machines and other electronic equipment by any university constituent (faculty, student, staff or general public) to circumvent legitimate copyright protections or illegally access, copy or disseminate copyrighted material is unacceptable.

Infringements of copyright laws include, but are not limited to, making unauthorized copies of any copyrighted material (including software, text, images, audio, and video), and displaying or distributing copyrighted materials over computer networks without the author's permission except as provided in limited form by copyright fair use restrictions. The "fair use" provision of the copyright law allows for limited reproduction and distribution of published works without permission for such purposes as criticism, news reporting, teaching (including multiple copies for classroom use), scholarship, or research. The University will not tolerate academic cheating, plagiarism or theft of intellectual property in any form.

Users should be aware that the unauthorized sharing of peer-to-peer file copyrighted works, including music, pictures, and movies, is a violation of this Acceptable Use Policy. It is also illegal and may carry significant monetary and/or criminal sanctions. It is the responsibility of users who are downloading or uploading documents to make certain that they are not improperly using copyrighted works, or that they have the necessary permission of the copyright holder.

Submit any violations of copyright law to doit@sfsu.edu.

Top of Page

9. Trademarks and Patents

The Faculty, Staff, Students and Administration of San Francisco State University recognize the value of the intellectual property created as a result of the educational mission of the University. All members of the University community benefit from research, scholarship and creative activity and such activities are encouraged and supported.

Student, faculty and staff use of University information technology resources in the creation of inventions and other intellectual property that may be patented, trademarked or licensed for commercial purposes must be consistent with SFSU's Memorandum of Understanding: Intellectual Property Rights and the Intellectual Property Policy and Procedures for the Development of Online Instructional Materials. Unauthorized use of trade secrets and trademarked names or symbols is prohibited. Use of SF State's name and symbols must comply with University policy.

Top of Page

10. Electronic Communications

University electronic communications are to be used to enhance and facilitate teaching, learning, scholarly research, support academic experiences, to facilitate the effective business and administrative processes of the University, and to foster effective communications within the academic community. Electronic mail, news posts, chat sessions or any other form of electronic communication must comply with all provisions of this Acceptable Use Policy and all applicable laws and university policies affecting the use of e-mail and related systems, including but not limited to responsible use, computer accounts, passwords, data security and integrity, and software licensing.

SF State reserves the right to send e-mail to its own users.

The university reserves the right to limit the size of individual mail messages being transmitted through university resources.

 

Specific Prohibitions:

a. Altering electronic communications to hide one's identity or to impersonate another individual is considered misrepresentation and/or forgery and is prohibited under this policy. All e-mail, news posts, chat sessions, or any other form of electronic communication must contain the sender's real name and/or e-mail address.

b. Initiating or forwarding "chain letters" or e-mail is prohibited on university e-mail systems and the Internet as a whole. Chain e-mail can be identified by phrases such as "please pass this on to your friends" or similar inducements that encourage you to forward the message.

c. The practice of bombarding someone with a large volume of unsolicited mail in an attempt to disrupt them or their site is known as "mail bombing". Mail bombs have the effect of seriously degrading system performance and may have legal consequences. This practice is strictly prohibited on SF State systems.

d. The practice of sending unsolicited commercial advertisements or solicitations via e-mail is regulated by Sections 17511.1, 17538.4 and 17538.45 of the Business and Professions Code and Section 502 of the California Penal Code, relating to advertising.

e. On-campus users found in violation of these laws could be subject to criminal prosecution, civil prosecution, administrative action, and/or loss of some or all computing privileges.

f. Anti-spam software filters incoming mail to the sfsu.edu server. Spam that is suspect will be delivered, but will be tagged. Forward any messages that are spam and are not tagged as spam, to abuse@sfsu.edu with full message headers. If there are any messages that are inadvertently tagged as spam that shouldn't be, also forward to abuse@sfsu.edu with full message headers - DoIT will identify these as legitimate and they will not be marked as spam in the future.

g. Use of electronic communications, including e-mail, with the intent to annoy, harass and/or physically threaten other individuals is prohibited under Section 653m of the California Penal Code.

h. Use of State resources, including e-mail, for anyone's personal or political gain is prohibited. This includes promoting off-campus sales and services.

i. Operation of unofficial e-mail reflectors is prohibited. An e-mail reflector is the automated or otherwise forwarding of a mail message to multiple recipients triggered by the content or headers of the mail message being forwarded.

j. Users are prohibited from sending messages to large numbers of users except as defined in the "Mass Email Messages" section of this policy.

k. Email messages may not include any user's identification number (e.g., social security number), should include only unique identifying information that is pertinent to the message being conveyed, and should not reference any student's academic record or confidential employee information.

Top of Page

11. Mass E-mail Messages

The broadcast of mass e-mails on the SF State e-mail system puts electronic messages in the mailboxes of specific groups of account owners (e.g., all faculty, all students, or all staff) or all account owners.

A member of the President's Cabinet must approve any mass e-mail announcement. All mass e-mail announcements must be brief in nature. In order to be approved, a mass e-mail message must meet one of the criteria below. The message must:

  • Be related to the operation of the SFSU e-mail/internet systems (outages, changes, service levels, etc.).
  • Be related to campus physical plant conditions or activities for which short notice is required and most members of the campus community are affected.
  • Be of an urgent nature and affect most members of the campus community.
  • Be related to notices of special events or training sessions open to all account holders in a specific group, and for which other avenues of communication are not available or appropriate.

Announcements of scheduled events that are advertised to the campus via the normal channels (Campus Memo, fliers, special memos) should NOT be distributed through mass e-mail facilities.

Top of Page

12. Web Sites and Accessibility to Digital Content

An official SF State web page is one that is formally acknowledged by the chief officer of a University college, department or division as representing that entity accurately and in a manner consistent with SF State's mission. Without such acknowledgment, a web site, regardless of content, is not "official." Official pages are the property and responsibility of the divisions that create them. This includes official pages developed by and/or hosted on non-University resources.

SF State is strongly committed to ensuring access to web-based information and information technologies for individuals with disabilities as required by Executive Order 926, the Americans with Disabilities Act (ADA), Section 11135 of the California Government Code, and other applicable policies and laws. Official web pages and other official University information, services and learning resources delivered electronically must comply with current campus standards and guidelines to ensure reasonable access by affected individuals.

"Unofficial" information may also be posted and maintained by individual students, faculty, staff and student organizations. SF State does not undertake to edit, screen, monitor, or censor information posted by unofficial authors, whether or not originated by unofficial authors or third parties, and does not accept any responsibility or liability for such information even when it is conveyed through University-owned servers.

Both official and unofficial web sites are subject to the other provisions of this policy if they use University resources such as University-owned servers and the SF State network to transmit and receive information.

Top of Page

F. Reporting Irresponsible or Inappropriate Use

Submit any violations of copyright law to doit@sfsu.edu.

Questions that arise about the content of material on any of SF State's servers may be directed to the offices below:

  • For official pages (e.g., administrative, college, department, and program pages): Publications - pubcom@sfsu.edu
  • For personal/curricular pages:
    Faculty: Faculty Affairs - facaffrs@sfsu.edu
    Staff: Human Resources - hrwww@sfsu.edu
    Students: Student Affairs - vpsa@sfsu.edu
  • For student organizations:
    Office of Student Programs/Leadership Development - ospld@sfsu.edu

Submit any apparent violation of Web policy or law to the appropriate administrative authority (vice president, dean, director, department, or program chair) or to webabuse@sfsu.edu.

The University reserves the right to delete the account of an Internet account holder if a Web site posted on its server violates this or other University policies or practices. This action removes the Web site from SF State's Web server. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.


This Policy receives periodic updates. All users are responsible for review of this document to know current policy. For questions please contact: doit@sfsu.edu.