Title
University of North Carolina at Chapel Hill Information Technology Acceptable Use Policy
Introduction
Purpose
The University of North Carolina at Chapel Hill (“UNC-Chapel Hill” or “University”) supplies Information Technology (IT) to support the University’s mission of research, education, and public service. University IT includes:
- Computers,
- Mobile devices,
- Other equipment,
- Software and software services,
- Internet connection and networking,
- IT support services, and
- IT-related resources at the University.
This IT Acceptable Use Policy ("AUP") sets rules for anyone using University IT.
Scope
Anyone using University IT.
Policy
Policy Statement
The use of University IT is a privilege that can be taken away. By using or accessing the University’s IT systems, networks, or services, you agree to follow this AUP. You also agree to follow other University policies, as well as all relevant federal, state, and local laws and regulations. Only people following this AUP may use or access University IT.
Other uses of University IT are not allowed unless an exception applies. Uses that can harm University IT other privacy or safety of other people, and illegal uses are prohibited.
I. Guiding Principles
Acceptable use of University IT is based on the following guiding principles:
- Act responsibly toward other people and in ways that are consistent with the University's mission.
- Protect the integrity and the security of University IT and data.
- Be considerate of other people’s needs. Try not to interfere with other people using University IT. Be aware of your use of shared resources.
- Respect the rights and property of others including their privacy, confidentiality, and intellectual property.
- Cooperate with the University to investigate potential unauthorized or illegal use of University IT.
II. Prohibitions
Without limiting the general guidelines listed above, unless expressly agreed to by the Chief Information Officer (CIO), the following activities are prohibited:
- Attempting to hide or change a person’s identity, the identity of an account, or the device being used.
- Impersonating another person or organization.
- Misusing the University's name, network names, or network address spaces. Pretending to represent the University when that is not true.
- Attempting to intercept, track, forge, change, or destroy another person's communications or data.
- Engaging in cyberstalking or infringing on the privacy of others' computer or data. unless that person has given you clear permission before you do it.
- Using University IT in a way that:
- Disrupts, harms the security of, or gets in the way of legitimate use of any University IT,
- Interferes with the administration or data protection of any system owned or managed by the University, or
- Is likely to have those effects. Examples include:
- Hacking,
- Spamming,
- Putting unlawful information on any computer system,
- Sending data or programs likely to cause the loss of a person's work or cause system downtime,
- Sending "chain letters" or "broadcast" messages to lists or individuals, or
- Any other use that causes congestion of any networks or interferes with the work of others.
- Storing, displaying, or sharing unlawful communications of any kind. Examples include threats of violence, obscenity, or child pornography. Illegal communications on, through, or starting from within University IT are not allowed. Accessing or sharing pornography using University IT is not allowed unless:
- The use is specific to work-related functions and has been approved by the person’s supervisor or unit manager, and/or
- For scholarly or medical purposes.
- Trying to bypass network security tools unless someone responsible for that system has given you permission beforehand. Unauthorized network scanning (e.g., vulnerabilities, port mapping, etc.) of University IT is prohibited. The University’s Information Security Office must approve all network scans. Call 919-962-HELP to request permission to perform network scans.
- Using University IT to violate copyright, patent, trademark, or other intellectual property rights. Examples of violations include copying, distributing, altering, or translating copyrighted materials, software, music, or other media. To do any of these things, you need the copyright holder’s permission or as allowed by law. See the UNC Libraries Scholarly Communications documentation.
- Using University IT for personal business, commercial or political activities, fundraising, or advertising on behalf of non-University entities. The only exceptions are the limited allowance in the University's Personal Use Policy and the Policy on Use of University Resources in Support of Entrepreneurial Activities.
- Extending or sharing the University network with the public or other people beyond what has been set up by ITS Communication Technologies/Networking. Do not connect any network devices or systems (like switches, routers, wireless access points, VPNs, and firewalls) to the University Network without consulting ITS Communication Technologies (see the University's Data Network Standard for details).
- Failing to maintain security controls on any personal computing equipment that connects to University IT or that uses University Data. (See the Information Security Controls Standard.)
III. IT Security and Monitoring
The University may review or log any use of University IT. University access to e-mail on the University Network is allowed under the University's Policy on the Privacy of Electronic Information.
Reviewing or checking of University IT use may occur in the following situations if authorized personnel consider it necessary:
- For generally accepted, network-administration practices;
- To prevent or investigate actual or potential information security incidents and system misuse;
- To investigate reports of violation of University policy or local, state, or federal law;
- To comply with legal requests for information (such as subpoenas and public records requests); or
- To retrieve information in emergency circumstances where there is a threat to health, safety, or University property involved.
The University, may contact local or federal law enforcement authorities to investigate any matter.
Exceptions
None.
Definitions
Hacking: Gaining unauthorized access to an information system.
Information Technology Systems and Services ("IT"): Any equipment or interconnected system or subsystem of equipment that is used to get, store, manipulate, manage, move, control, display, switch, swap, send, or receive data or information. The term information technology includes computers, mobile devices including phones, peripherals, dedicated smart devices, software (installed or provided by a third-party), services including network and support services, and related resources.
Spamming: Electronic junk mail or the abuse of electronic messaging systems to widely send bulk messages to people who did not request them.
Related Requirements
External Regulations and Consequences
Penalties for violating this Policy may include restricted access or loss of access to University IT.
Failure to follow this policy may put University information assets at risk. Employees who don’t comply may face disciplinary consequences, up to and including losing their job. Students who don’t comply may be referred to the UNC-Chapel Hill Office of Student Conduct. Contractors and vendors who don’t comply may face termination of their business relationships with UNC-Chapel Hill.
Violation of this policy may also carry the risk of civil or criminal penalties.
University Policies, Standards, and Procedures
Please go to the Safe Computing at UNC webpage for more detailed information on securing a personal computer or network device.
Contact Information
Primary Contacts
| Subject |
Contact |
Telephone |
Online/Email |
| Policy Questions |
ITS Policy Office |
919-962-HELP |
help.unc.edu or its_policy@unc.edu |
| Report a violation |
Communication Technologies or Information Security Office |
919-962-HELP |
N/A |