Printed on September 23, 2017, 10:18 am
TCATs, Community Colleges, Universities, System Office, Board Members
The objectives of this guideline include: 1) to articulate the rights and responsibilities of persons using information technology resources owned, leased, or administered by the Tennessee Board of Regents (TBR); 2) to protect the interests of users and the TBR; and 3) to facilitate the efficient operation of TBR information technology systems.
- Information technology resources or IT resources - include computers and computer time, data processing or storage functions, computer systems and services, servers, networks, printers and other input/output and connecting devices, and related computer records, programs, software, and documentation.
- Institutions - shall mean the TBR Universities, Community Colleges, and Colleges of Applied Technology.
- Personal or private for-profit use - shall mean a use of TBR information technology resources which has as a primary objective financial gain of the user. Activities by a student which are typical of the student job search process (e.g. use of campus e mail to contact potential employers or posting of one's resume on the Institution's website, if allowed under Institutional policies and procedures) are not to be considered personal or private for-profit uses.
- Public record - means all documents, papers, letters, maps, books, photographs, microfilms, electronic data processing files and output, films, sound recordings, or other material, regardless of physical form or characteristics made or received pursuant to law or ordinance or in connection with the transaction of official business by any governmental agency. T.C.A. § 10-7- 301(6) I.
- User Responsibilities
- The following lists of user responsibilities are intended to be illustrative, and not exhaustive.
- Users shall obtain proper authorization before using TBR information technology resources.
- Users shall not use TBR information technology resources for purposes beyond those for which they are authorized.
- Users shall not share access privileges (account numbers and passwords) with persons who are not authorized to use them.
- Users shall not use TBR information technology resources in an attempt to access or to actually access computers external to the TBR system when that access is not authorized by the computer's owner (no "hacking" allowed).
- Respect for others
- A user shall not attempt to obstruct usage or deny access to other users.
- Users shall not transmit or distribute material that would be in violation of existing TBR policies or guidelines using TBR information technology resources.
- Users shall respect the privacy of other users, and specifically shall not read, delete, copy, or modify another user's data, information, files, e-mail or programs (collectively, "electronic files") without the other user's permission. Users should note that there should be no expectation of privacy in electronic files stored on the resident memory of a computer available for general public access, and such files are subject to unannounced deletion.
- Users shall not intentionally introduce any program or data intended to disrupt normal operations (e.g. a computer "virus" or "worm") into TBR information technology resources.
- Forgery or attempted forgery of e-mail messages is prohibited.
- Sending or attempts to send unsolicited junk mail or chain letters is prohibited.
- Flooding or attempts to flood a user's mailbox is prohibited.
- Respect for State-owned property
- A user shall not intentionally, recklessly, or negligently misuse, damage or vandalize TBR information technology resources.
- A user shall not attempt to modify TBR information technology resources without authorization.
- A user shall not circumvent or attempt to circumvent normal resource limits, logon procedures, or security regulations.
- A user shall not use TBR information technology resources for purposes other than those for which they were intended or authorized.
- A user shall not use TBR information technology resources for any private or personal for-profit activity.
- Except for those not-for-profit business activities which are directly related to an employee's job responsibilities or which are directly related to an organization which is affiliated with the Institution, a user shall not use TBR information technology resources for any not-for-profit business activities, unless authorized by the President or Director (or his/her designee).
- Users shall at all times endeavor to use TBR information technology resources in an efficient and productive manner, and shall specifically avoid excessive game playing, printing excessive copies of documents, files, data, or programs; or attempting to crash or tie-up computer resources.
- Additional Responsibilities of Employees and Independent Contractors
- Users who are Employees and Independent Contractors shall not make use of TBR information technology resources for purposes which do not conform to the purpose, goals, and mission of the TBR and to the users job duties and responsibilities.
- Users shall not use TBR information technology resources for solicitation for religious or political causes.
- Digital/Electronic Signatures and Transactions
- The Tennessee Board of Regents and its institutions must comply with the Tennessee Uniform Electronic Transactions Act (T.C.A. § 47-10-101 et seq.) This Act permits the use of electronic signatures and electronic transactions under certain circumstances.
- In order to be legally enforceable, an electronic signature must meet the following two criteria.
- An electronic signature must be attributable (or traceable) to a person who has the intent to sign the record or contract with the use of adequate security and authentication measures that are contained in the method of capturing the electronic transaction (e.g., use of personal identification number or personal log-in identification username and password) (T.C.A. § 47-10- 109) (If Public Key Infrastructure technology ("PKI") is to be used in the creation of the digital signature, contact TBR Chief Information Officer prior to implementation.)
- The recipient of the transaction must be able to print or store the electronic record of the transaction at the time of receipt. (T.C.A. § 47-10- 109)
- The use of electronic/digital signatures in compliance with state and federal laws is permitted.
- No Unlawful Uses Permitted
- Users shall not engage in unlawful uses of the information technology system resources of the TBR.
- Unlawful activities are violative of this guideline and may also subject persons engaging in these activities to civil and/or criminal penalties.
- This list of unlawful activities is illustrative and not intended to be exhaustive.
- Obscene Materials
- The distribution and display of obscene materials is prohibited by the laws of Tennessee (seeT.C.A. § 39-17-902). Obscene materials are defined under Tennessee law (see T.C.A. § 39-17-901(10)) as those materials which:
- The average person applying contemporary community standards would find that the work, taken as a whole, appeals to the prurient interest;
- The average person applying contemporary community standards would find that the work depicts or describes, in a patently offensive way, sexual conduct; and
- The work, taken as a whole, lacks serious literary, artistic, political, or scientific value.
- Federal law (18U.S.C.2252) prohibits the distribution across state lines of child pornography.
- Defamation is a civil tort which occurs when one, without privilege, publishes a false and defamatory statement which damage the reputation of another.
- Violation of Copyright
- Federal law gives the holder of copyright five exclusive rights, including the right to exclude others from reproducing the copyrighted work.
- Sanctions for violation of copyright can be very substantial. Beyond the threat of legally imposed sanctions, violation of copyright is an unethical appropriation of the fruits of another's labor.
- Pursuant to the Digital Millennium Copyright Act of 1998, the TBR designated agent for receipt of complaints of copyright infringement occurring with the use of TBR information technology resources is the TBR Chief Information Officer or his/her designee.
- The TBR agent shall develop and maintain a guideline regarding receipt and disposition of complaints of copyright infringement.
- The Institutions are authorized to designate agents to serve their specific campus, however the Chief Information Officer shall be promptly informed of as appropriate for complaints received by such Institutional agents.
- Gambling, including that performed with the aid of the Internet, is prohibited under Tennessee state law (see T.C.A. § 39-17-502).
- World Wide Web Home Pages
- The principles of use articulated above in Sections I. and III. are generally applicable to World Wide Web home pages.
- For example, use of TBR information technology resources to post a web page for personal or private for-profit use is prohibited under Section I.A.3.e. Illegal content in web pages stored on TBR IT resources is prohibited under Section I.A.2.b. Obscene content is prohibited under Section III.C.1. Incorporation of copyrighted material, without either permission of the copyright holder or under a lawful exemption, is prohibited under Section III.C.3.
- In addition to the principles of use outlined in Sections I. and III., users may not incorporate into web pages or other electronic documents the trademarks or logos of others without express, written permission.
- Persons who are not employees of an Institution may not make use of Institutional trademarks or logos without express, written permission.
- Institutions are authorized to develop policies and regulations regarding use of Institutional trademarks on the Institution's website by employees.
- The Institution Presidents and Directors are authorized to designate persons (e.g. campus web master) who may approve a proposed use of the Institution's trademarks and logos by employees on Institutional web pages.
- Use of TBR information technology resources to promote or advertise activities or entities which are not related to the Institution is prohibited, unless such use is consistent with the mission of the Institution and results in substantial benefit to the Institution.
- The President or Director of each TBR Institution is authorized to determine whether a given use is consistent with the mission of the Institution and results in substantial benefit to the Institution, consistent with other TBR Policies/guidelines (in particular, TBR Policy 1:03:02:50).
- Sale of advertising in web-based versions of Institution-affiliated student publications is specifically permitted.
- TBR Monitoring and Inspection of Electronic Records
- Electronic records sent, received, or stored on computers owned, leased, or administered by the TBR is the property of the Tennessee Board of Regents.
- As the property of the TBR, the content of such records, including electronic mail, is subject to inspection by TBR personnel.
- While the TBR does not routinely do so, the TBR is able and reserves the right to monitor and/or log all network activity of users without notice, including all email and Internet communications.
- Users should have no reasonable expectation of privacy in the use of these resources.
- Disclosure of Electronic Records
- Pursuant to T.C.A. § 10-7-101 et sq., and subject to exemptions contained therein, electronic files (including email correspondence) may be subject to public inspection upon request by a citizen of the State of Tennessee, if they are:
- Generated or received by TBR employees, and
- Either owned or controlled by the State, or
- Maintained using TBR IT resources.
- TBR personnel receiving such a request for public inspection should refer the request to the President or Director of their Institution (or to the President's or Director's designee).
- Institutions may charge reasonable fees for making copies of such records, pursuant to T.C.A. § 10-7-506.
- While disclosure under T.C.A. § 10-7-101 et sq. applies to employees, disclosure of the electronic records of all users which are maintained using TBR IT resources may be made pursuant to a valid subpoena or court order, when otherwise required by federal, state or local law, or when authorized by the President or Director of the Institution.
- Retention of Electronic Records
- Electronic records needed to support Institutional functions must be retained, managed, and made accessible in record-keeping or filing systems in accordance with established records disposition authorizations approved by the Public Records Commission and in accordance with TBR Guideline G-070, "Disposal of Records".
- Each employee of the TBR, with the assistance of his or her supervisor as needed, is responsible for ascertaining the disposition requirements for those electronic records in his or her custody.
- The system administrator is not responsible for meeting the record retention requirements established under T.C.A. § 10-7-101 et sq., and the TBR, as owner of electronic records stored on TBR computers, reserves the right to periodically purge electronic records, including email messages.
- Users who are either required to retain an electronic record, or who otherwise wish to maintain an electronic record should either:
- Print and store a paper copy of the record in the relevant subject matter file; or
- Electronically store the record on a storage medium or in an electronic storage location not subject to unannounced deletion.
- Violation of this Guideline
- Reporting Allegation of Violations
- Persons who have reason to suspect a violation of this guideline, or who have direct knowledge of behavior in violation of this guideline should report that allegation of violation to the Institution President or Director or his/her designee.
- Disciplinary Procedures
- Allegations of violation of this guideline shall be referred by the designee of the President (typically, the senior IT officer) or of the Director to the appropriate person(s) for disciplinary action.
- If a student, the guideline violation will be referred to the judicial officer of the institution under TBR Policy 3:02:00:01.
- If an employee, the guideline violation will be referred to the immediate supervisor.
- If there is a guideline violation, which the designee believes rises to the level of a serious violation of this or any other TBR policy/guideline; the designee is authorized to temporarily revoke access privileges. In those cases, the revocation of access must be reviewed by the appropriate disciplinary authority for review and final determination of access privileges. In such cases the authorization of the designee carries with it the authorization to make subjective judgments, such as whether material or statements violate TBR Policy/Guideline.
- Persons violating this guideline are subject to revocation or suspension of access privileges to TBR IT resources.
- Additionally other penalties, as outlined in TBR Policy 3:02:00:01 may be imposed upon student users.
- Sanctions for violation of this guideline by employees may extend to termination of employment. Violations of law may be referred for criminal or civil action.
- Sanctions imposed upon students at a TBR University or Community College and imposed at the discretion of the senior IT officer (or other designee of the President) may be appealed to the Chief Student Affairs Officer.
- Other sanctions may be appealed under established Institution procedure.
NEW Guideline approved at Presidents Meeting February 21, 2017.