Policy Statement

As part of its educational mission, the University of Florida acquires, develops, and maintains computers, computer systems, and networks. These Information Technology (IT) resources are intended for university-related purposes, including direct and indirect support of the university’s instruction, research, and service missions; university administrative functions; student and campus life activities; and the free exchange of ideas within the university community and among the university community and the wider local, national, and world communities.

Applicability

This policy applies to all users of university IT resources, whether or not the individual is affiliated with the university, and it applies to all users of those resources, irrespective of where the resources are being used.

Definitions

Information System: An individual or collection of computing and networking equipment and software used to perform a discrete business function. Examples include the eLearning System, ISIS, the EPIC electronic medical records system, a lab system and associated PC or the set of desktop computers used to perform general duties in a department.

Policy Specifics

General Rules

The university provides IT resources so that faculty, staff, students, and other members of the university community can pursue the missions of the university. In doing so, the university must protect the integrity, security, or functionality of university or other IT resources. These protective efforts start by complying with all university policies, laws, regulations, contracts, and applicable laws. It is the expectation and responsibility of every user of the university’s IT to comply with all university policies, laws, regulations, contracts, and applicable laws. Examples of these include, but are not limited to:

  • State and federal laws regarding privacy, defamation, copyright, trademark, obscenity, and child pornography
  • The Florida Computer Crimes Act, the Electronic Communications Privacy Act, and the Computer Fraud and Abuse Act
  • The university’s Student Code of Conduct, Sexual Harassment Policy, Workplace Violence Policy, Policy on Use of the University Name and Logos, Web Page Policy, Social Media Use Guidelines and Policy Implications, and the Electronic Mail Policy
  • Laws from other countries or jurisdictions when communicating with persons in other states or countries or using systems or networks that are under another jurisdiction

The university recognizes that technology is essential to the work conducted at the university. The university also recognizes incidental personal use university IT resources, as long as this use does not interfere with the performance of your job or other university responsibilities, does not consume a significant amount of those resources, and does not violate any other university policies. Supervisors may impose further limits on computer use for non-work purposes, in accordance with normal supervisory procedures. IT users may not use university IT resources for personal commercial purposes, personal financial or other gain.

You may not use IT resources to gain unauthorized access to, or impair or damage the operation of computers, networks or other IT resources whether they belong to UF or not. This includes the blocking, interception, or sniffing of communications; running, installing or sharing malicious software; or deliberate attempts to circumvent data protection or other security measures.

You may not use university IT resources to access or store pornographic material, with limited exceptions when pre-approval has been granted for legitimate research purposed.

Security and Privacy

You are responsible for protecting your password, any other security mechanisms the university provides you, and following “safe computing” practices. The university offers training and other resources on information security to help you learn how to do so. You will be held responsible for any activity that occurs using your accounts, so it is vital that you do not share your access or passwords. Likewise, you must never use someone else’s account or password. If you think your password has been stolen, or someone has used your account or access, report it immediately to the UF Computing Help Desk. If you need access to a particular resource, it is your responsibility to determine what authorization is necessary and obtain it.

The university needs IT resources to be available to the entire community, so you must not use IT resources in a way that is disruptive to others ability to do so. Units administering the resources involved will determine whether specific usage is considered normal, excessive or disruptive. If you have questions about your use of a system, please contact your IT support or the UF Computing Help Desk.

The university employs numerous measures to protect the security of its IT resources and users accounts but cannot guarantee complete security and confidentiality. You should be aware that use of university IT resources is not private. While the university does not routinely monitor individual usage of IT resources, the normal operation and maintenance of the university’s IT resources require the backup and caching of data and communications, the logging of activity, monitoring of general usage patterns and other activities necessary or convenient for the provision of service.

Sometimes the university must monitor and/or retrieve the communications, files, and other records of specific users of IT resources without notice to the user. The Monitoring of IT Resources Policy describes the criteria and approval needed for individual monitoring without notice to the user.

Public Records

Communications using university IT resources are generally subject to the Florida Public Records Law (http://www.leg.state.fl.us/statutes/index.cfm?App_mode=Display_Statute&URL=0100-0199/0119/0119ContentsIndex.html) to the same extent as they would be if made on paper. You should be aware that most written communications concerning university matters, regardless of whether university computing resources are used, are public records, many of which are disclosable to the public upon request. However, you are not authorized to determine what records are public or release records. All requests for public records must be referred to University Relations or the Office of the General Counsel for coordinating the response and review of requirements and exemptions.

The state has set retention periods for various types of documents, and you are responsible for retaining and deleting files and records according to university rules and state public records laws. If you have any questions regarding record retention and deletion, contact University Records Management.

Network Infrastructure

The university has built a very large and complex network, which includes wired, wireless, and external connections. Any uncoordinated installation of network infrastructure could cause unintended disruption to this network. Only Network Service Providers authorized by the Chief Information Officer are allowed to implement network infrastructure, including hubs, switches, routers, network firewalls, and wireless access points. You are not allowed to offer alternate methods of access to UF’s IT resources, including by means such as modems and virtual private networks (VPNs) or network infrastructure services such as Domain Name System (DNS) and Dynamic Host Control Protocol (DHCP).

Review and Adjudication

The university may suspend, block or restrict access to an account when it appears necessary to do so: a) to protect the integrity, security, or functionality of university or other IT resources; b) to comply with legal or contractual requirements; c) to investigate alleged or potential violations of law or policy including, without limitation, state, federal, or local law, or university or Board of Governors rules, regulations, policies, or collective bargaining agreements; d) to investigate any asserted, threatened or potential complaint or grievance filed or credibly alleged pursuant to law or university or Board of Governors rules, regulations, policies, or collective bargaining agreements, or subject of law enforcement review or investigation; e) or to protect the university from liability or disruption. The university may also refer suspected violations of law to appropriate law enforcement agencies for further investigation or action.

Policy Violation

Users who violate this policy may be denied access to university IT resources. Failure to comply with this policy could result in disciplinary action for employees, up to and including termination. Volunteers may have their volunteer status terminated.

History

Revision DateDescription
February 6, 2020 Policy originally adopted