Guidelines for students* on use of IT facilities, including email and the internet

*For the purposes of policy governing the use of IT facilities, research postgraduate students come under the Guidelines for Staff.

These Guidelines are issued by the Director of Information Strategy and Technology Services (ISTS) under the authority of Council.

These guidelines provide clarification for students on the practical application of the University's Policy on Acceptable Use of IT Facilities and they should be read in conjunction with it.

IT facilities includes all computing and communication equipment, software, services, data and dedicated building space used in connection with information technology, which is owned by, leased by or used under licence or agreement by the University.

1. Responsibilities of students
2. Unacceptable or prohibited use of IT facilities
3. Privacy
4. Monitoring use of IT facilities

1. Responsibilities of students

The following sections set out requirements that are particularly significant and provide relevant information about some of the legislation that governs the use of IT facilities. All students who use University IT facilities must comply with the policy, legislation and principles that are referred to here as well as to other directives from the Director of Information Strategy and Technology Services that may be issued.

1.1 Acceptable Use of IT facilities

Information technology facilities may be used only as set out in the University's Policy on Acceptable Use of IT Facilities.

Students must not use IT facilities for the purpose of personal profit making or for commercial activities other than those of the University. Student use of University IT facilities including email and the internet is conditional upon compliance with all University policies procedures and guidelines, including the Sexual Harassment Policy & Grievance Procedures (C - 12.3) and Equal Opportunity Policy C - 2.3) as well as with State and Commonwealth law.

A list of relevant documents and Government legislation with which staff must comply is set out in Appendix A of the Policy on Acceptable Use of IT Facilities.

1.2 Copyright Law

Copyright law restricts the copying of software and other material subject to copyright (documents, music, broadcasts, videos etc) except with the express permission of the copyright owner. A more detailed discussion of copyright.

1.2.1 Software

Students may not make use of, or copy, software contrary to the provisions of any agreement entered into by the University. The onus is on students to consult with ISTS to clarify the permitted terms of use if they wish to use any software for purposes other than those for which the University has a licence.

1.2.2 Email and Copyright

The copyright of an email message is owned by the sender, or the sender's employer. Consider the expectations of the originator; did that person set any conditions on the further communication of their email, or expect that it would not be forwarded to anyone else, or would not be forwarded to a particular recipient?

1.2.3 Spam Act 2003

All email messages sent from a University email account must comply with the Spam Act 2003. This Act sets up a scheme for regulating commercial e-mail and other types of commercial electronic messages. The Spam Act refers to spam as "unsolicited commercial electronic messaging". "Electronic messaging" includes emails, instant messaging, SMS and other mobile phone messaging. A single message may be spam. The message does not need to be sent in bulk, or received in bulk.

1.3 Honesty in representation and identity

1.3.1 User Identification

On request of relevant University managers and supervisors, a student must provide evidence (eg. current student id card) of their eligibility to use the University's IT facilities.

1.3.2 User Misrepresentation

Students must not under any circumstance, in messages or otherwise, represent themselves as someone else, fictional or real, without providing their real identity or username.

1.3.3 Public statements on behalf of the University

Communications using University IT facilities should not give the impression that the writer is representing, giving opinions or making statements on behalf of the University or any part of it unless appropriately authorised to do so.

1.4 Security

The following practices should be observed to maintain the security of the University's IT facilities.

Students must not attempt to interfere with or bypass the operation or security of IT facilities including restrictions or quotas relating to usage.
Students must keep their user name and password safe and not make their password available to others or use any account set up for another user or make any attempt to find out the password of a facility or an account for which they do not have authorised access.
Students must ensure that the confidentiality and privacy of data is maintained.
Students must not seek access to data that is not required as part of their study.
Students who inadvertently obtain data to which they are not entitled or who become aware of a breach of security pertaining to data from any information technology facility must immediately report this to the IT Help Desk. Unauthorised release or use of data inadvertently obtained may lead to legal action.

1.5 Non - Interference

1.5.1 Inconvenience and damage

Students must not behave in a manner which, in the opinion of relevant University managers and staff, unduly inconveniences other people or which causes or is likely to cause damage to University IT facilities.

1.5.2 Installation of software

Students must not install software on any University IT facility.

2. Unacceptable or prohibited use of IT facilities

2.1 Purpose

IT facilities are provided for use in the University's teaching and learning, research, administrative and business activities. Some types of unacceptable use, for example transmission of material of an obscene nature, are specifically prohibited by the Policy on Acceptable Use of IT Facilities and by State and Commonwealth law. The policy contains an appendix listing relevant legislation and University policy and procedures.

2.2 Examples of unacceptable use

Unacceptable use of IT facilities is set out in section 5.3 of the Policy on Unacceptable Use. Further examples of unacceptable use include:

circumventing system security provisions or usage quotas
visiting inappropriate internet sites concerned with pornography and down loading materials that are pornographic or storing or transmitting any such material
sending or soliciting obscene, profane or offensive material (this includes accessing erotic materials via news groups)
sending email messages or jokes that contain discriminating or sexually harassing material, or messages that create an intimidating or hostile work environment for others
using University IT facilities in the conduct of personal businesses or for commercial purposes
using University email facilities to send chain letters
unauthorised forwarding of confidential University messages to persons outside the University
using another person's mailbox without authorisation
using another's identify or concealing or misrepresenting one's name or affiliations or address
sending unsolicited personal opinions on social, political, religious or other non-University related matters, where sending such opinions is not a legitimate part of study
soliciting to buy or sell goods or services, except on mail groups that have been established specifically for that purpose
using or transmitting copyrighted information in a way that infringes the copyright.

2.3 Inadvertent inappropriate use

In relation to use of the web, it may not always be possible to tell if a web page is relevant until it has been read and web search engines and links can sometimes lead to irrelevant and inappropriate websites. In these cases usage logs may be used to demonstrate that access to inappropriate sites was inadvertent.

2.4 Seeking advice on use

Where a student is in doubt concerning their authorisation to use any IT facility or about whether a particular use is acceptable, they should seek the advice of their lecturer, a member of Information Strategy & Technology Services (ISTS) or the Division/School IT officer.

2.5 What to do when misuse is observed

If the incident is happening Report the incident directly to University Security

If the incident has happened Report it to the IT Help Desk (x25000)

2.6 What happens following a report of alleged misuse

Where an alleged misuse has been reported to the IT Help Desk or brought to the attention of the Director: Information Strategy & Technology Services or staff members responsible for managing any part of the University's information technology facilities, the Director (or nominee) may:

act immediately to prevent any continuation of the alleged misuse pending an investigation
promptly notify other authorities, including the relevant Head of School
advise the student of the Acceptable Use of IT Facilities policy and direct the student to discontinue immediately the alleged misuse

If an investigation of alleged misuse requires a student's use of IT facilities to be examined or monitored they will not necessarily be notified.

Allegations that constitute misconduct or breaches of the law will be referred to the appropriate authority for investigation. The University will give that authority all reasonable assistance requested including disclosing:

relevant financial and personal data, and
data which may be limited by contractual obligation including copyrighted software and software that is patented or which contains trade secrets

2.7 Penalties for misuse of IT facilities

If a student does not abide by University policy when using IT facilities, access to IT facilities may be suspended and disciplinary action, or civil or criminal legal action may be taken. See the Policy on Acceptable Use of IT Facilities.

3. Privacy

3.1 Privacy limitations

The use of individual password may suggest that privacy is ensured. However, privacy is limited in the following ways.

use of computers, email and the internet can be accessed by IT administrators.
IT systems automatically log the internet sites visited, the downloads made and the time spent at each site as well as information about emails sent and received. This automatically logged information can be accessed by IT administrators.
while contents of emails and web sites are not routinely recorded, contents may be stored on staff computers or on servers.
it is possible to retrieve deleted records from back ups and archives.

3.2 Privacy legislation

To ensure fairness, the University has provided these Guidelines to inform students about its practice of monitoring and accessing records relating to use of University IT facilities, including computers, email and the internet.

For information about how the University protects the privacy of information it holds in relation to its students, see the Policy on Confidentiality of Student Information (C 46.1).

The University also informs members of the public about how the University monitors their use of the University web site. See the Privacy statement.

3.3 Freedom of Information

Another limitation on privacy arises from the University's obligation to comply with Freedom of Information legislation.

Under the Freedom of Information (FOI) Act of South Australia, a document is defined as "anything in which information is stored or from which information may be reproduced". Email messages created in the course of studying may be official records covered by the State Records Act (1997) and the Freedom of Information Act (1991), and as such are subject to the same requirements as hardcopy records. The content of email messages arising from this use remains the property of the University and may be subject to release in accordance with the FOI Act. For further information or advice, contact the Records and Copyright Officer.

4. Monitoring use of IT facilities

4.1 Routine monitoring

The University provides IT facilities for use in relation to the University's teaching and learning, research, administrative and business activities. Routine monitoring of the use of IT facilities is conducted to monitor the costs and acceptable use of University resources. The type of information automatically collected includes:

Internet	Email
the name of the person who accessed the internet site the date and time the site was accessed the site address (or "URL") the computer the person used to access the internet the size of the site or web page accessed or the amount of material downloaded.	the email address of the person who sent the message. the name of the person who received the message. the email addresses of other people who received the message. the date and time at which the message was sent and received. the server(s) from which the message was sent.

4.2 Other monitoring

In normal circumstances, staff supporting IT services will not monitor the contents of electronic mail messages or other communications or files they access as a result of their work (eg auditing operations). However, the University will inspect, copy, store and disclose the contents of email when appropriate to prevent or correct improper use, satisfy a legal obligation, or to ensure proper operation of IT facilities.

top^