This policy has been approved by the Executive Committee and any amendments to it require the Committee's approval.

Introduction

1.1 Purpose

The purpose of this IT Acceptable Use Policy is to outline the acceptable use of all IT resources, including computer hardware and software, network systems, internet access, email systems, and other electronic communication systems, by students, employees, contractors, and third-party service providers at the University of Bath. This policy aims to protect the integrity, confidentiality, and availability of the University's IT resources, and to promote responsible and ethical behaviour when using these resources.

1.2 Scope

Members of the University and all other users (staff, students, visitors, contractors and others) of the University's facilities are bound by the provisions of its policies in addition to this Acceptable Use Policy. The University of Bath seeks to promote and facilitate the positive and extensive use of Information Technology in the interests of supporting the delivery of learning, teaching, innovation and research to the highest possible standards. This also requires appropriate and legal use of the technologies and facilities made available to students, staff and partners of the University.

2 Acceptable use policy

2.1 Acceptable Use

2.1.1 Users are encouraged to use the IT facilities to further the goals and objectives of their work, study or research and in accordance with the Dignity and Respect policy. Subject to all of the following, the University permits private use of the IT facilities as a privilege, not a right.

2.1.2 All users of the University's IT resources must comply with all applicable laws, regulations, and policies, including but not limited to the Data Protection Act 2018, General Data Protection Regulation (GDPR), and the University's Information Security Policy.

2.1.3 All users of the University's IT resources are responsible for maintaining the security of these resources by using strong passwords, regularly updating software, and reporting any suspicious activity to the IT department.

2.1.4 The University respects the privacy of its users and expects all users to respect the privacy of others. Any unauthorised access, use, or disclosure of personal information is strictly prohibited.

2.1.5 Users must comply with any request made to them by University Staff in connection with the enforcement of these Regulations.

2.1.6 Users shall not use the IT facilities inappropriately. See 2.2 for the unacceptable use examples.

2.2 Unacceptable Use

2.2.1 Subject to exemptions defined in 2.2.8, the University IT Systems may not be used directly or indirectly by a User for the download, creation, manipulation, transmission or storage of:

1. any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material;
2. unlawful material or material that is defamatory, threatening, discriminatory, extremist or which has the potential to radicalise themselves or others;
3. unsolicited and unauthorised bulk email (spam) which is unrelated to the legitimate business of the University. For the surveying of students, please refer to the protocol for the surveying of students;
4. material which is subsequently used to facilitate harassment, bullying and/or victimisation of a member of the University or a third party;
5. material which promotes discrimination on the basis of race, gender, religion or belief, disability, age or sexual orientation;
6. material with the intent to defraud or which is likely to deceive a third party;
7. material which advocates or promotes any unlawful act;
8. material that infringes the intellectual property rights or privacy rights of a third party, or that is in breach of a legal duty owed to another party; or
9. material that brings the University into disrepute.

2.2.2 The University IT systems must not be deliberately used by a User for activities having, or likely to have, any of the following characteristics:

1. Accessing or attempting to access unauthorised information or resources.
2. Sharing passwords or other access credentials with others.
3. Intentionally wasting staff effort or other University resources;
4. Corrupting, altering or destroying another User’s data without their consent;
5. Disrupting the work of other Users or the correct functioning of the University IT Systems;
6. Engaging in any activity that may disrupt or interfere with the normal operation of the University's IT resources.
7. Denying access to the University IT Systems and its services to other users.
8. Pursuance of commercial activities (even if in support of university business), subject to a range of exceptions. Contact DDaT to discuss your commercial need.
9. Introduce data-interception, password-detecting or similar software or devices to the University's Network;
10. Deliberate unauthorised access to the University's IT systems;
11. Attempt to undermine the security of the University's IT systems. (For the avoidance of doubt, this includes undertaking any unauthorised penetration testing or vulnerability scanning of any University systems);
12. Intentionally or recklessly introduce any form of spyware, computer virus or other potentially malicious software;
13. Installing or using unauthorised software or hardware.
14. Use software which is only licensed for limited purposes for other purpose or otherwise breaching software licensing agreements;
15. Fail to comply with a request from an authorised person for you to change your password.

2.2.3 The University's email system is intended for University-related activities only. It is recommended to use clear and concise language when composing messages and avoid sending large attachments or forwarding chain emails.

All users of the University's email system should not:

• a. harass, threaten, or intimidate others.
• b. solicit or promote personal or commercial activities.
• c. send confidential or sensitive information without using appropriate encryption methods.

2.2.4 The University recognises the value of social media as a communication and engagement tool. Use social media in a responsible and ethical manner.

All users of social media accounts representing as a member of University of Bath should not:

• a. Post offensive or inappropriate content, including but not limited to sexually explicit or discriminatory material.
• b. Harass, threaten, or intimidate others.
• c. Promote personal or commercial activities without prior approval from the University.

2.2.5 The University reserves the right to monitor all activities on its IT resources, including but not limited to email, internet usage, and social media use. Any unauthorised use of IT resources may result in disciplinary action, up to and including termination of employment or contractual relationship.

2.2.6 Any breach of industry good practice that is likely to damage the reputation of the JANET network will also be regarded prima facie as unacceptable use of the University IT Systems.

2.2.7 Where the University IT Systems are being used to access another network, any abuse of the acceptable use policy of that network will be regarded as unacceptable use of the University IT Systems.

2.2.8 Exemptions from Unacceptable Use:

There are a number of legitimate academic activities that may be carried out using University information systems that could be considered unacceptable use, as defined at 2.2.1 to 2.2.7. For example, research involving defamatory, discriminatory or threatening material, the use of images which may depict violence, the study of hate crime, terrorism-related material or research into computer intrusion techniques. In such circumstances, advice should be sought from the University’s Legal Office (if potentially illegal material is involved) and/or notification made to the Director of Policy, Planning and Compliance via the procedure outlined in the University’s Prevent Policy if the material relates to the promotion of extremism/terrorism prior to the introduction of said material onto the University IT Systems.

Also, Exemption requests’ under this policy must be submitted to the Chief Information & Digital Officer (CIDO) or their designate. Exemptions to this policy may only be granted by the CIDO or their designate.

This policy may have an impact on users of assistive technology or assistive software due to their disability. These individual cases will be considered on a case by case basis.

2.2.9 Any potential research involving obscene or indecent material must always be discussed in advance with the University’s Legal Office. If a member of the University community believes they may have encountered breaches of any of the above, they should make this known to an appropriate University authority (such as the University Secretary, Director of HR, Director of DDaT or Head of Security Services).

2.3 Consequences of Breach

In the event of a breach of this Acceptable Use Policy by a User, the University may in its sole discretion:

• a. restrict or terminate a User’s right to use the University IT Systems;
• b. withdraw or remove any material uploaded by that User in contravention of this Policy;
• c. where appropriate, disclose information to law enforcement agencies and take any legal action against a User for breach of this Policy, including but not limited to claiming all costs, fees and disbursements (including but not limited to legal fees) connected therewith.

In addition, where the User is also a member of the University community, the University may take such action, disciplinary or otherwise as it deems appropriate and which is in accordance with its Charter, Statute, Ordinances and Regulations.

2.4 Other notes

2.4.1 Students are additionally reminded of Regulations for Students, particularly section 10. ‘Use of Facilities’.

2.4.2 This Acceptable Use Policy is taken to include the JANET Acceptable Use Policy and the JANET Security Policy published by JANET (UK), the Combined Higher Education Software Team (CHEST) User Obligations, together with its associated Copyright Acknowledgement, and the Eduserv General Terms of Service. The University also has a statutory duty, under Section 26 of the Counter Terrorism and Security Act 2015, termed “PREVENT”. The purpose of this duty is to aid the process of preventing people from being drawn into terrorism.

2.5 Definitions

• 2.5.1 University - University of Bath.
• 2.5.2 Staff – Staff, whether academic, administrative, technical, or other, currently employed by the University, or engaged on a contract of service.
• 2.5.3 Student – An individual currently enrolled or registered with the University, or undertaking study of any kind provided by, at, or under the auspices of, the University.
• 2.5.4 Visitor – An individual, other than Staff or Students, who uses the University IT Systems in any way.
• 2.5.5 University IT Systems – any of the University’s IT facilities, including email, connection from the campus to the Internet and other networks, and all computers, laptops, other mobile devices, and any other related software and hardware.

3 Roles & Responsibilities

3.1 The University Executive board is responsible for approving the Acceptance User Policy and the University’s annual accountability and monitoring return for Students in compliance with the University’s policy.

3.2 All members of staff should be aware of the University’s responsibility under the Acceptable Use Policy and of the measures set out above to comply with it.

4 Related Policies and Procedures

4.1 The following policies and procedures are related to the Acceptable Use Policy:

• Regulations for Students Section 10, Use of Facilities
• Information Security Policy
• Dignity and Respect Policy
• Email Policy
• Protocol for the surveying of students
• JISC Acceptable Use Policy for Use of JANET

Document Control Information

Owner: Chief Information and Digital Officer
Version Number: 4.0
Approval Date: May 2023 Approved By: Executive Committee
Date of Last review: May 2023