Overview

U-M information technology resources are primarily provided for university-related purposes and should be used in a manner consistent with the university’s academic, teaching, learning, research, clinical, campus life, public service, and administrative missions. The continuing ability to use these resources is contingent upon their appropriate and responsible use. Members of the university community are expected to be good stewards of the university’s information resources and data, and use them in a safe, responsible, ethical, and legal manner.

This policy is consistent with, and in addition to, relevant federal and state law and other university policies (see Related Policies). In addition, generally applicable laws, regulations, and university policies that deal with appropriate conduct apply equally to the use of university computing resources, including, but not limited to those dealing with discrimination, harassment, sexual harassment, and violence.

Purpose

The rights to freedom of thought, inquiry and expression, as defined in Freedom of Speech and Artistic Expression (SPG 601.01), are paramount values of the university community. The university's commitment to the principles of open expression extends to and includes the Internet and information technology environments. In general, the University cannot and does not wish to be the arbiter of the contents of electronic communications. Neither can the University always protect users from receiving electronic messages they might find offensive.

It is the policy of the university to maintain access to local, national, and global sources of information and to facilitate an open culture that encourages vigorous exchange of ideas, including ideas that may be controversial or contain content that may be perceived by some as offensive. In general, no conditions or restrictions should be imposed upon access to and use of information technologies more stringent than limits that have been deemed acceptable for the use of traditional channels of communication.

Scope

This policy applies to all members of the University of Michigan community and users of its information technology resources and services whether located at the university or elsewhere. Members of the university community who use personally owned devices (including those for which a university subsidy is received) to access U-M IT resources must abide by this policy while using such devices.

This policy is platform and device neutral. It applies to all university-owned or contracted-for information, as well as electronic and digital resources, whether individually controlled, shared, stand-alone, cloud-based, or networked.

Users are solely responsible for their personal use of U-M information resources as well as the content of their personal communications. For faculty and staff members, such personal use must not interfere with the employee’s obligation to carry out job-related responsibilities in a timely, effective, and appropriate manner.

Individual units across U-M serve diverse purposes and constituencies and may define additional conditions, restrictions, or guidelines directed at their specific community so long as they are consistent with this policy and do not lower the requirements established by this SPG.

User Responsibilities

The University of Michigan aspires to a high standard of digital citizenship for all its members. Members of the university community agree to abide by the following norms of behavior with regard to technology use:

1. Comply with Applicable Laws, Regulations, and U-M Policies

   Comply with all federal, State of Michigan, and other applicable laws, regulations, contracts—including university or third party copyright, patents, trademarks, software license agreements, and university policies regarding electronic communications, protection of institutional data, and operation of information technology resources.

2. Respect the Intended Usage of Resources

   1. Use only those computing resources that they have been authorized to use, and use them only in the manner and to the extent authorized.
   2. Do not interfere with the intended use or proper functioning of information technology resources, or gain or seek to gain unauthorized access to any resources.
   3. Do not circumvent or bypass security measures, requirements, or any standard protocols in place to ensure the confidentiality, integrity, and availability of U-M systems and networks.
   4. Do not use university resources, including official university email lists or listservs, to campaign for or against a ballot initiative or candidate running for office or to conduct a political campaign.
   5. Do not send unsolicited mass communications unrelated to university business or activities.
   6. Do not use information resources for personal commercial purposes or for personal financial or other gain, except as permitted by Conflicts of Interest and Conflict of Commitment (SPG 201.65-1).
   7. Refrain from creating the appearance that U-M is endorsing, affiliated with, or otherwise supporting any organization, product, service, candidate, or position.

3. Respect the Shared Nature of Resources

   While U-M makes every effort to accommodate the increased demands for anytime-anywhere IT resources, users should understand that these resources are finite and should:

   1. Use information technology resources in a manner that respects the integrity of the system or network and in a manner that is consistent with the primary missions of the university.
   2. Refrain from disproportionate uses that have the likelihood of consuming an unreasonable amount of resources, disrupting the intended use of these resources, or impinging on the access of others.

4. Respect the Rights and Privacy of Other Users

   U-M is committed to respecting the privacy of individuals and will safeguard information about individuals subject to limitations imposed by federal and state law and other provisions described in Privacy and the Need to Monitor and Access Records (SPG 601.11). Members of the university community have a reasonable expectation of privacy in both their institutional roles and personal lives; in turn, they should:

   1. Respect the privacy of other community members, regardless of whether their accounts are securely protected.
   2. Respect the privacy of all individuals for whom the university maintains records.
   3. Refrain from invading the privacy of individuals or entities that are creators or authors of information resources.
   4. Not falsely assume another person’s or entity’s identity or role through deception or without proper authorization, or communicate or act under the name, email address, or any other forms of identification attached to a specific person, organization, or entity without proper authorization.

5. Safeguard the University’s Information Technology Resources

   The university employs numerous measures to protect the security and integrity of its information resources and networks but cannot solely prevent unauthorized access or compromised accounts.

   Users are responsible for following published security guidance to ensure that all their devices that access U-M IT resources are adequately protected.

   All users of U-M information technology resources must promptly report all information security incidents, as defined in Information Security Incident Reporting Policy (SPG 601.25).

Violations and Sanctions

Misuse or abuse of U-M information resources should be reported to the IT User Advocate or the U-M Compliance Hotline, which allows for anonymous reporting.

Violations of this policy may result in disciplinary action up to and including suspension or revocation of computer accounts and access to networks, non-reappointment, discharge, dismissal, and/or legal action. Discipline (SPG 201.12) (http://spg.umich.edu/policy/201.12) provides for staff member disciplinary procedures and sanctions. Violations of this policy by faculty may result in appropriate sanction or disciplinary action consistent with applicable university procedures. If dismissal or demotion of qualified faculty is proposed, the matter will be addressed in accordance with the procedures set forth in Regents Bylaw 5.09. The Ann Arbor Statement of Student Rights and Responsibilities, the Dearborn Student Rights and Code of Conduct (https://umdearborn.edu/policies-and-procedures/student-affairs-policies-and-procedures/student-rights-code-conduct) and the Flint Code of Student Conduct (https://docs.google.com/document/d/1tPsXsyl2Chj9NQRNEmijoz5Mm-lXCraTs5xVTdtOFkA/edit) provide for student disciplinary procedures and sanctions. In addition to U-M disciplinary actions, individuals may be personally subject to criminal or civil prosecution and sanctions if they engage in unlawful behavior related to applicable federal and state laws.

Alleged violations of this policy may also be covered under other University policies. In that event, the alleged violations may be handled under those other policies and related procedures. If the alleged violations would also be covered under the University of Michigan Policy on Sexual and Gender-Based Misconduct (see, e.g., SPG 601.89), (https://spg.umich.edu/policy/601.89) the matter will be considered first under that policy.