The purpose of these procedures is to set appropriate acceptable use parameters for the systems, to ensure the continued effective and secure operation of those systems and to protect the University from problems such as error, fraud, defamation, breach of copyright, unlawful discrimination, illegal activity, privacy violations and service interruptions.
These procedures should be read in conjunction with the Systems & Infrastructure Policy.
These procedures apply to:
- all users
- any use of the systems, whether or not during business hours, on University premises or through the use of privately owned devices or facilities
The systems are primarily a University tool, to be used for University purposes by students, staff and affiliates.
- In the case of staff, this includes uses relevant to their employment with the University
- In the case of students, this includes uses relevant to their enrolment and course activities
- In the case of affiliates, this includes uses for the purpose for which they have been given access to the systems
Users may use the systems for limited and reasonable personal use, as long as this does not interfere with their role within the University, the work or study of others or the operation of the systems.
However, unreasonable or excessive personal use is not permitted. For example, the systems must not be used to conduct a personal business or private commercial activity, gamble or carry out excessive and regular research into topics not related to work or study.
Ownership of data and Intellectual Property
Subject to the University’s statutes and regulations, the University is the owner of all data:
- created by employees as part of their employment; and
- created, sent or received by users using the systems,
and all such data may be accessed as records of evidence, including in an investigation or in response to other actions such as audit, litigation or criminal investigations.
The ownership of intellectual property created by staff, students, academic visitors and participants in research projects is governed by the Governance and Administration Statute and the Regulations
Conditions of access
It is a condition of access to the systems that users should and take responsibility to comply with all University policies relating to the use of computing facilities, including the Systems and Infrastructure Policy and its procedures.
Users should and take responsibility to:
- take responsible care for all activities undertaken using their accounts
- take reasonable steps to keep their account secure
- choose a password that cannot easily be guessed or predicted
- not share their password with anyone else or record their password in obvious locations
- change their password regularly (and immediately if it becomes known by another person)
- not permit other persons to use their account (other than through an email proxy arrangement or unless approved in advance by Manager, Information Technology).
- log out or lock their computers whenever they are left unattended
- protect the security of data held on mobile systems (eg phones, laptops, memory sticks and other storage mediums), including by maintaining reasonable virus control measures where possible
- not connect unauthorised devices to the network, either via software or hardware that makes this possible (eg attaching a personal computer or external storage device)
- make sure that important University data that is not included in automatic backups is manually backed up on a regular basis and can be recovered to the latest version in the event of data loss
- minimise large downloads or transmissions, to ensure the performance of the systems is not adversely affected for other users
- be respectful and courteous
- report actual or suspected security breaches to the Service Desk as soon as possible
Unauthorised and illegal uses
Users should not use the systems to engage in offensive, unlawful or illegal behaviour.
Email and other electronic communications
Email is an official method of communication for staff and students. Mass electronic communications are moderated by the Information Technology Team.
Users must deal with personal information in accordance with the University Personal Data Protection Policy
Access, monitoring, filtering and blocking
- use the systems on the understanding and condition that their use is monitored
- acknowledge and consent to the University’s right to access, monitor, filter and block electronic communications created, sent or received by any user using the systems
Subject to the approval and at the discretion of the Deputy Vice-Chancellor or other authorised person and to compliance with applicable legislation, the University reserves the right to (without notice):
- intercept, access, monitor and use electronic communications created, sent or received by users of the systems in any manner determined by the University (including as records of evidence in an investigation or in response to other actions such as audit, litigation, criminal investigations or freedom of information requests)
- monitor the use of any device or terminal
- inspect any data residing on any University-owned resource (regardless of data ownership and including personal emails and other personal communications and data stored in personal file directories)
- capture and inspect any data in any computing infrastructure owned by the University
- delete or modify any data in its network
- re-image its desktops and laptops as and when required
- apply filtering systems to the network that limit use and activity by preventing communications based on size or content
For example, communications may be blocked if they are suspected:
- to contain unlawful material
- to be unsolicited commercial electronic messages within the meaning of the Spam Laws (Section 233)
For example, the University may establish processes to:
- block websites deemed to be a security risk
- block websites that may cause a negative impact on the systems
- block websites that affect network bandwidth detrimentally
- block websites deemed to contain offensive or unlawful material
- block internet protocols and methods deemed insecure
- block websites that contravene the University’s policies in any way
- remove any material deemed to be offensive, indecent or inappropriate (including obscene material, defamatory, fraudulent or deceptive statements, threatening, intimidating or harassing statements, or material that violates the privacy rights or property of others)
- check, filter, block and moderate comments and conversations published through University controlled channels and media and remove content that is in breach of applicable laws, codes and policies
The University also collects utilisation statistics based upon network address, network protocol application use or user-based.
Destruction of University data
Users who store University data on a privately owned device or facility are responsible for ensuring that the University data is rendered illegible and irretrievable at the time of disposal of that device or facility.
Breach of these procedures
Access to the systems may be suspended or terminated at any time if these procedures are breached. In addition:
- staff who breach these procedures will be referred to the Director, Human Resources and/or the Head of Management Unit and dealt with in accordance with processes in relation to misconduct or unsatisfactory performance (whichever is applicable).
- affiliates who breach these procedures will be referred to the Head of Management Unit and dealt with in accordance with the relevant processes
A breach of these procedures may also be:
- a breach of third party rights (such as an infringement of intellectual property rights)
- a criminal offence (such as serious acts of harassment, bullying and occupational violence and vilification)
In addition to any disciplinary action by the University, this may lead to civil or criminal proceedings and penalties, which the University may report to relevant law enforcement bodies and for which the user will be held personally accountable.
In some exceptional circumstances (for example where access to objectionable material relates directly to a user’s employment or study with the University), subject to the approval of and at the discretion of authorised persons, an exemption may be granted for activities that would otherwise breach these procedures. Exemptions may be required to be approved in advance by the Head of Management Unit.
Users who receive an internal or external electronic communication that is offensive or inappropriate, should in the case of staff and affiliates, raise it with their Head of Management Unit (or if the manager is the cause of the complaint with Human Resources), or in the case of students, with the Registrar, or through the University complaint system, which currently is CRAM (Complaints, Reviews, Appeals & Misconduct.