IT Acceptable Use Policy

What you may and may not do when you use the University's IT systems, and the consequences of breaking the rules.

This policy has been approved by the Executive Committee and any amendments to it require the Committee's approval.

Introduction

It is the responsibility of all users of the University of Bath’s I.T. services to read and understand this policy. This policy may be updated from time to time, in order to comply with legal and policy requirements.

1.1 Purpose

This Acceptable Use Policy is intended to provide a framework for such use of the University's I.T. resources. It should be interpreted such that it has the widest application and so as to include new and developing technologies and uses, which may not be explicitly referred to.

1.2 Policy

This Acceptable Use Policy is taken to include the JANET Acceptable Use Policy and the JANET Security Policy published by JANET (UK), the Combined Higher Education Software Team (CHEST) User Obligations, together with its associated Copyright Acknowledgement, and the Eduserv General Terms of Service. The University also has a statutory duty, under Section 26 of the Counter Terrorism and Security Act 2015, termed “PREVENT”. The purpose of this duty is to aid the process of preventing people from being drawn into terrorism.

1.3 Scope

Members of the University and all other users (staff, students, visitors, contractors and others) of the University's facilities are bound by the provisions of its policies in addition to this Acceptable Use Policy. The University of Bath seeks to promote and facilitate the positive and extensive use of Information Technology in the interests of supporting the delivery of learning, teaching, innovation and research to the highest possible standards. This also requires appropriate and legal use of the technologies and facilities made available to students, staff and partners of the University.

2 Unacceptable Use

a) Subject to exemptions defined in 2f), the University Network may not be used directly or indirectly by a User for the download, creation, manipulation, transmission or storage of:

any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material;
unlawful material or material that is defamatory, threatening, discriminatory, extremist or which has the potential to radicalise themselves or others;
unsolicited “nuisance” emails;
material which is subsequently used to facilitate harassment, bullying and/or victimisation of a member of the University or a third party;
material which promotes discrimination on the basis of race, gender, religion or belief, disability, age or sexual orientation;
material with the intent to defraud or which is likely to deceive a third party;
material which advocates or promotes any unlawful act;
material that infringes the intellectual property rights or privacy rights of a third party, or that is in breach of a legal duty owed to another party; or
material that brings the University into disrepute.

b) The University Network must not be deliberately used by a User for activities having, or likely to have, any of the following characteristics:

intentionally wasting staff effort or other University resources;
corrupting, altering or destroying another User’s data without their consent;
disrupting the work of other Users or the correct functioning of the University Network; or
denying access to the University Network and its services to other users.
pursuance of commercial activities (even if in support of university business), subject to a range of exceptions. Contact DDaT to discuss your commercial need.

c) Any breach of industry good practice that is likely to damage the reputation of the JANET network will also be regarded prima facie as unacceptable use of the University Network.

d) Where the University Network is being used to access another network, any abuse of the acceptable use policy of that network will be regarded as unacceptable use of the University Network.

e) Users shall not:

introduce data-interception, password-detecting or similar software or devices to the University’s Network;
seek to gain unauthorised access to restricted areas of the University’s Network;
access or try to access data where the user knows or ought to know that they should have no access;
carry out any hacking activities; or
intentionally or recklessly introduce any form of spyware, computer virus or other potentially malicious software.

f) Exemptions from Unacceptable Use: There are a number of legitimate academic activities that may be carried out using University information systems that could be considered unacceptable use, as defined at 2a-e. For example, research involving defamatory, discriminatory or threatening material, the use of images which may depict violence, the study of hate crime, terrorism-related material or research into computer intrusion techniques. In such circumstances, advice should be sought from the University’s Legal Office (if potentially illegal material is involved) and/or notification made to the University Secretary via the procedure outlined in the University’s Prevent Policy if the material relates to the promotion of extremism/terrorism prior to the introduction of said material onto the University network.

Any potential research involving obscene or indecent material must always be discussed in advance with the University’s Legal Office. If a member of the University community believes they may have encountered breaches of any of the above, they should make this known to an appropriate University authority (such as the University Secretary, Director of HR, Director of DDaT or Head of Security Services).

3 Consequences of Breach

In the event of a breach of this Acceptable Use Policy by a User the University may in its sole discretion:

a) restrict or terminate a User’s right to use the University Network;

b) withdraw or remove any material uploaded by that User in contravention of this Policy; or

c) where appropriate, disclose information to law enforcement agencies and take any legal action against a User for breach of this Policy, including but not limited to claiming all costs, fees and disbursements (including but not limited to legal fees) connected therewith.

In addition, where the User is also a member of the University community, the University may take such action, disciplinary or otherwise as it deems appropriate and which is in accordance with its Charter, Statute, Ordinances and Regulations.

4 Other notes

Students are additionally reminded of Regulations for Students, particularly section 10. ‘Use of Facilities’.

5 Definitions

University Network – all computing, telecommunication, and networking facilities provided by the University, with particular reference to all computing devices, either personal or University-owned, connected to systems and services supplied.

6 Document Control Information

Owner: Alex Butler, Chief Digital and Information Officer - Digital, Data and Technology
Version Number: 3.0
Approval Date: April 2016
Approved By: Executive Committee
Date of Last review: July 2016