Purpose The University of Maryland Global Campus (“UMGC” or “University”) provides University Information Systems to support the administrative, educational, and instructional activities at UMGC. The use of these systems is a privilege that is extended to members of the UMGC community for UMGC-related purposes, provided the Users act responsibly, respectfully, and in a manner that does not infringe upon the rights of others or violate law or this Policy.
The purpose of this Policy is to set forth the standards for responsible and acceptable use of University Information Systems, including, but not limited to computer systems, computer labs, applications, networks, software, and files.
This Policy applies to all Users of Information Systems owned, managed, or otherwise provided by UMGC. Individuals covered by this Policy include, but are not limited to, all University students and Employees as well as third parties performing duties on behalf of the University, including but not limited to adjunct faculty, Contractors, consultants, and temporary employees who access UMGC's network services via UMGC's Information Systems and/or facilities. Information Systems include all UMGC owned, licensed, or managed hardware and software, email domains, and related services and any use of UMGC's network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.
The capitalized terms in this Policy shall have the meaning below:
Account: An established relationship between a User and a computer, network, or Information System which is assigned a credential such as a username and password.
Contractor: A person or a company that undertakes a contract to provide materials or labor to perform a service.
Data: Element(s) of Information in the form of facts, such as numbers, words, names, or descriptions of things from which "understandable information" can be derived.
Employee: University staff and faculty, including nonexempt, exempt, and overseas staff, adjunct and collegiate faculty, and student workers.
High Risk Data: University Data that (i) could be exploited for criminal or nefarious purposes; (ii) the University is obligated by state or federal statute or regulation to keep confidential; (iii) the University is contractually obligated to keep confidential, or (iv) are critical to the University's operational performance and cannot be easily replaced. The loss of Confidentiality, Integrity, or Availability of such Data would cause severe harm to individuals or the University operations, safety, finances and/or reputation if disclosed.
Information Systems: Inter-related components of Information Resources working together for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
Personal Information: Any Information relating to an identified or identifiable natural person, including but not limited to Personally Identifiable Information. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personally Identifiable Information (PII): An individual's first name and last name, personal mark, or unique biometric or genetic print or image, in combination with one or more of the following data elements:
A social security number;
A driver's license number, state identification card number, or other individual identification number issued by a state government unit;
A passport number or other identification number issued by the United States government;
An Individual Taxpayer Identification Number; or
A financial or other account number, a credit card number, or a debit card number that, in combination with any required security code, access code, or password, would permit access to an individual's account.
User: A member of the University community, including but not limited to Staff and Faculty, and other individuals performing services on behalf of University, including Contractors, volunteers and other individuals who may have a need to access, use or control University Data.
Members of the UMGC community outlined above who utilize UMGC's Information Systems must adhere to the following use restrictions:
All Users must comply with all federal, Maryland, and other applicable laws; all applicable University rules and policies; and all applicable contracts and licenses. For example, Users are not permitted to download software, movies, or music from the Internet without proper authorization. Users are also not permitted to transmit unlawful, threatening, or harassing content utilizing University Information Systems. Users who engage in electronic communications with persons in other states or countries or on other systems or networks may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.
All Users must refrain from viewing pornography and other types of inappropriate websites or content on UMGC Information Systems at any time with limited exceptions when pre-approval has been granted by the President or designee, for a legitimate business or academic purpose.
Employees and other third parties performing duties on behalf of UMGC must refrain from unauthorized distribution or sharing of proprietary University Information outside of the University domain.
All Users must safeguard Information Systems provided by the University, including, but not limited to, Account access information such as logon credentials and other authentication factors. Where administratively and technologically practicable, all Users should access the UMGC network via the then-existing UMGC VPN client.
All Users must respect the privacy of other Users and their Accounts, as well as the Personal Information therein, regardless of whether those Accounts are securely protected. Ability to access other Users’ Accounts or their Personal Information does not imply authorization to do so. Users may only access the Account or Personal Information of another within the scope of their employment, for a legitimate academic purpose, or other lawful basis.
Employees and other third parties performing services on behalf of UMGC must refrain from using Information Systems for personal commercial purposes or financial or other gain. Limited personal use of University Information Systems for other purposes is permitted when it does not interfere with the performance of the User's job or other University responsibilities and is in compliance with the law and this Policy. Further limits may be imposed regarding personal use in accordance with normal supervisory procedures.
High Risk Data, including, but not limited to PII, information covered by Family Educational Rights and Privacy Act (“FERPA”), and information covered by Health Insurance Portability and Accountability Act (“HIPAA”) should not be shared with unauthorized persons.
All Users must refrain from stating or implying that they speak on behalf of the University and from using University trademarks and logos without appropriate authorization to do so. Please consult the University’s Social Media Guidelines for more information. Contact the Office of Legal Affairs at firstname.lastname@example.org with questions or concerns.
Security and Privacy
As part of its regular operations, UMGC may monitor the patterns and frequency of use of UMGC's Information Systems by Users. This monitoring may include, for example, the length and frequency of login sessions and communications.
Users should have no expectation of privacy when using UMGC's Information Systems.
UMGC may monitor or inspect the content of communications containing High Risk Data (PII, FERPA, and HIPAA); it may also monitor UMGC's Information Systems under the following circumstances:
For quality assurance and performance management purposes for Employees who have contact with UMGC's students, applicants, and prospective students.
When UMGC reasonably suspects a violation of law or of University policies or practices, or suspects use of UMGC's Information Systems that may harm UMGC or impede its operations, UMGC may monitor and inspect the content of an individual's use of UMGC's Information Systems as well as monitor the patterns of use. Any such individual monitoring must be appropriately authorized in advance by the President or designee.
UMGC, in its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual communications, to a third party for any lawful purpose. All Information created, received, or contained in UMGC's Information Systems is generally available to the public unless an exception to the Maryland Public Information Act or other law or regulation applies.
UMGC, in its discretion, may monitor personal devices when connected to the UMGC network in order to ensure the protection of University Data being accessed by that individual.
While using UMGC Information Technology Resources, UMGC, in its discretion, may remove, take down, or prohibit access to UMGC Information Systems or any content, applications, and/or websites that may harm UMGC, impede its operations, or otherwise compromise the safety, security, or integrity of UMGC Data or Information Systems.
Users who violate this Policy may be denied access to UMGC's Information Systems and may be subject to other penalties and disciplinary action, both within and outside of UMGC. Alleged violations by students will normally be handled in accordance with the procedures outlined in UMGC’s Code of Student Conduct or Academic Integrity Policy, depending on the nature of the violation.
UMGC Employees who violate this Policy may be subject to disciplinary action up to, and including, termination of employment. The Office of Human Resources will be notified of any alleged violations.
UMGC may take down and remove content that violates this Policy, as well as confiscate, temporarily suspend, or terminate use of Information Systems when necessary.