UMGC Policy X-1.12

Acceptable Use

Policy Category Policy No. & Title Policy Owner Effective Date Revision Eff. Date Review Cycle

X
Information Governance, Security & Technology

X-1.12
Acceptable Use (formerly Policy 270.00)

VP of Information Security

August 6, 2013

2: July 1, 2021
1: July 8, 2019

Every 3 years

  1. Purpose

    The University of Maryland Global Campus (UMGC or University) provides University Information Systems to support the administrative, educational, and instructional activities at UMGC. The use of these systems is a privilege that is extended to members of the UMGC community for UMGC-related purposes, provided the Users act responsibly, respectfully and in a manner that does not infringe upon the rights of others or violate law or this Policy.

    The purpose of this Policy is to set forth the standards for responsible and acceptable use of University Information Systems, including, but not limited to computer systems, computer labs, applications, networks, software, and files.

  2. Applicability

    This Policy applies to all Users of Information Systems owned, managed or otherwise provided by UMGC. Individuals covered by this Policy include, but are not limited to, UMGC Employees and students accessing UMGC's network services via UMGC's Information Systems and/or facilities. Information Systems include all UMGC owned, licensed, or managed hardware and software, email domains and related services and any use of UMGC's network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.

  3. Definitions

    The capitalized terms in this Policy shall have the meaning below:

    1. Account: An established relationship between a User and an electronic Information Resource such as a computer, network or information system. Accounts are assigned credentials such as a username and password.

    2. Contractor: A person or a company that undertakes a contract to provide materials or labor to perform a service.

    3. Data: Element(s) of Information in the form of facts, such as numbers, words, names, or descriptions of things from which "understandable information" can be derived.

    4. High Risk Data: University Data that (i) could be exploited for criminal or nefarious purposes; (ii) that the University is obligated by state or federal statute or regulation to keep confidential; (iii) contractually obligated to keep confidential, or (iv) are critical to the University's operational performance and cannot be easily replaced. The loss of Confidentiality, Integrity, or Availability of such Data would cause severe harm to individuals or the University operations, safety, finances and/or reputation if disclosed.

    5. Information Systems: Inter-related components of Information Resources working together for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

    6. Personal Information: Any Information relating to an identified or identifiable natural person, including but not limited to Personally Identifiable Information. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    7. Personally Identifiable Information (PII): An individual's first name and last name, personal mark, or unique biometric or genetic print or image, in combination with one or more of the following data elements:

      1. A social security number;

      2. A driver's license number, state identification card number, or other individual identification number issued by a state government unit;

      3. A passport number or other identification number issued by the United States government;

      4. An Individual Taxpayer Identification Number; or

      5. A financial or other account number, a credit card number, or a debit card number that, in combination with any required security code, access code, or password, would permit access to an individual's account.

    8. User: A University community member, including but not limited to, staff, faculty, students, alumni and individuals working on behalf of the University, including third party vendors, Contractors, consultants, volunteers and other individuals who may have a need to access, use or control University Data.

  4. Security and Privacy

    1. As part of its regular operations, UMGC may monitor the patterns and frequency of use of UMGC's Information Systems by Users. This monitoring may include, for example, the length and frequency of login sessions and communications.

    2. Users should have no expectation of privacy when using UMGC's Information Systems.

    3. UMGC may monitor or inspect the content of communications containing High Risk Data (PII, FERPA, and HIPAA); it may also monitor UMGC's Information Systems under the following circumstances:

      1. For quality assurance and performance management purposes for Employees who have contact with UMGC's students, applicants, and prospective students.

      2. When UMGC reasonably suspects a violation of law or of University policies or practices, or suspects use of UMGC's Information Systems that may harm UMGC or impede its operations, UMGC may monitor and inspect the content of an individual's use of UMGC's Information Systems as well as monitor the patterns of use. Any such individual monitoring must be specifically authorized in advance by the President or designee, or Chief Academic Officer.

    4. The University, in its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual communications, to a third party for any lawful purpose. All Information created, received, or contained in UMGC's Information Systems is generally available to the public unless an exception to the Maryland Public Information Act or other law or regulation applies.

    5. The University, in its discretion, may monitor personal devices when connected to the UMGC network in order to ensure the protection of University Data being accessed by that individual.

  5. Enforcement

    1. Users who violate this Policy may be denied access to UMGC's Information Systems and may be subject to other penalties and disciplinary action, both within and outside of UMGC. Alleged violations by students will normally be handled in accordance with the procedures outlined in the University Code of Student Conduct or the University's Academic Integrity Policy, depending on the nature of the violation.

    2. UMGC Employees who violate this Policy may be subject to disciplinary action up to and including termination of employment. The Office of Human Resources will be notified of any alleged violations.

    3. UMGC may take down and remove content that violates this Policy, as well as confiscate or temporarily suspend or terminate use of Information Systems when necessary.

  6. Related Policies

    1. UMGC Policy 151.00 Code of Student Conduct

    2. UMGC Policy 150.25 Academic Integrity

    3. UMGC Policy 270.10 – E-mail Guidelines

    4. UMGC Wireless Device Guidelines

    5. UMGC Guidelines for Participation in Social Media

  7. Effective Date: This policy is effective as of the Effective Date set forth above.