1. Users are generally free to utilize UCF's computing hardware, software, networks, and telephone systems as necessary to perform their job responsibilities, subject to the appropriate use of these resources as described in this policy.

2. Electronic information (including images) that is accessible to the university community through the university's computing and telecommunications networks and that is stored in or processed on university computer facilities shall be treated just as if such information was in printed format.

1. The university's computing and telecommunications resources shall not be used to impersonate another individual or misrepresent authorization to act on behalf of other individuals or the university. All information (including images and messages) stored in or transmitted through university computers and telecommunications networks must correctly identify the sender. Users shall not modify the original attribution of electronic information or postings and shall not send anonymous messages.

2. The computing and telecommunications resources of the university shall not be used to make unauthorized or illegal use of the intellectual property of others. Users shall not transmit to others or display images, sounds, or messages that could reasonably be perceived as harassing, invasive, or otherwise unwanted.

3. University computers and telecommunications resources shall not be used to attempt to read or duplicate electronic information belonging to others, or to decrypt or translate encrypted information, unless such action has been expressly authorized in writing by the owner(s) or copyright holder(s) of the information.

4. The university does not warrant that data will be retained for any specified period of time on university computer or telecommunications systems. Users shall be responsible for making appropriate backup copies of all needed data to protect against the potential of loss. Likewise, each computer or telecommunications system administrator shall make accurate and timely backup copies of essential data to protect against information loss, or to be used to facilitate disaster recovery. Backup of central university servers is managed by Computer Services. Media containing all backup or archival recordings of information from university computer systems shall be stored in a secure and environmentally sound location separate from the system from which the information was obtained.

5. E-mail messages and other communications created in connection with official business that perpetuate, communicate, or formalize knowledge are classified as public records and must be saved and made available upon request for public inspection. Certain public records are specifically exempted from disclosure.

   Most e-mail messages, however, are created primarily for informal and/or short-lived communication, as opposed to the perpetuation or formalization of knowledge. These are classified as transitory messages. Transitory messages do not set policy, establish guidelines or procedures, certify a transaction, serve as a receipt, or the like. Transitory messages generally include, but are not limited to: voice mail, and e-mail messages with short-lived or no administrative value.

   Electronic messages that constitute public records must be retained for four years. Transitory messages can be disposed of when, in the judgment of the message's sender, the content is obsolete, superseded, or its administrative value is lost.

   Information on records retention and disposal is available from the Records Management Liaison Officer, Administration Building Room 374 (407-823-2555).

6. Management of and access to university administrative data shall be in accordance with procedures described in the University Data and Computer Security Guidelines, which is available from the Computer Services office and network information servers.

7. Users shall not send telecommunications messages the content of which is defamatory, or which constitutes a breach of telecommunications security, or are in violation of Federal, State, or local laws or university rules or policies.

8. Telecommunications messages intended for general distribution to all campus users shall be reviewed and approved in advance by the appropriate department head or designee to determine that such information is suitable for general distribution. Broadcast distribution of electronic mail messages may be limited by other university Policies.

9. The university telephone system shall be used only for official university business purposes. University employees are allowed to make incidental use of the telephone system for necessary personal calls, but must maintain records of such calls and reimburse the university for any tolls or other charges incurred through personal use.

   University employees requiring calling cards for use in official university business should contact UCF Telecommunications.

   Individuals applying for long distance calling plans or calling cards for personal use may not use university telephone numbers (407) 823-XXXX and (407) 882-XXXX in such applications.

   Students may not accept third number billing calls or collect call charges against UCF telephone numbers. UCF contracts with private long distance carriers to provide long distance service for students residing in UCF residence halls. Students can apply for this service and receive an authorizing PIN code. Students may use calling cards not associated with UCF telephone numbers from any university telephone; e.g., calling cards from parents or the Z-Line service.

10. For purposes of this document, e-mail includes point-to-point messages, postings to newsgroups and listservs, and any electronic messages involving computers and computer networks. E-mail is generally subject to the Florida Public Records Law to the same extent as would be the equivalent paper documents. University e-mail systems shall be used only for official university business. University employees are allowed to make incidental use of the e-mail systems for necessary personal messaging. The following uses of e-mail by individuals or organizations are prohibited under this policy. University e-mail systems shall not be used for the initiation or re-transmission of:
    1. Chain letters
    2. E-mail sent repeatedly from user to user, with requests to send to others
    3. Harassing or hate mail
    4. Any threatening or abusive e-mail sent to individuals or organizations that violates university procedures and regulations
    5. Virus hoaxes
    6. Spamming or e-mail bombing attacks (intentional high volume e-mail transmissions other than officially approved campus general mailings)
    7. Junk mail
    8. Unsolicited e-mail that is not related to university business
    9. False identification (any messages that misrepresent or fail to accurately identify the true originator.)
    10. Computer viruses or other harmful software

11. Individuals submitting messages to electronic forums such as mail distribution lists or Usenet news groups shall be aware that users of these forums have expectations regarding message content and appropriate posting etiquette. University users shall be considerate of the expectations and sensitivities of others on the network when posting material for electronic distribution.

12. Utilizing electronic systems in such a manner as to deliberately degrade or disrupt the normal operation of voice or data networks or university computer systems is prohibited.

13. Official university web sites (including colleges, departments, centers, institutes, etc.) represent the university and are intended for the official business functions of the university. Each home page of an official university web site should be registered with the Coordinator of Web Services, Course Development and Web Services, who will include it as a link from the UCF main web site.

    The following information must be readily identifiable on all content pages of the web site (home, welcome, or splash pages may be exempt from this requirement):

    1. Accurate authorship attribution including the name of the unit or group represented by the page
    2. A means of contacting the person(s) responsible for maintaining the page content
    3. The date of the last revision
    4. A text or graphic link to main university web site
    Personal home pages on university computers represent the individual in his or her primary role as a UCF employee. Incidental personal information on employee pages is deemed acceptable so long as it is not false or misleading and it does not interfere with the function or desired presentation of the unit, cause disruption of normal service, incur cost to the university, result in excessive use of resources, contain commercial content, or represent non-university entities. Faculty and staff who wish to publish substantial personal information not related to their university functions should use an Internet service provider rather than university web resources.

    Using UCF web pages for personal financial gain or other personal benefit is prohibited. Any commercial use of UCF web resources must be pre-approved, consistent with existing university policies and procedures regarding outside employment activities. The university may require pages involving commercial content to reside on a specific domain such as ucf.com.

    UCF accepts no responsibility for content on servers not maintained by the university that are linked from pages on UCF servers. However, web page authors should consider that such links, even when clearly labeled, can be misinterpreted as being associated with the University. Links on personal home pages to sites where the individual has a personal monetary interest should be avoided.

14. Any individual user or departmental office may maintain and be solely responsible for a registered server on the UCF network. Servers that do not directly support the instructional, service, and research missions of the university will not be provided access to the campus network. Server access to the campus network and the Internet may be terminated by Computer Services if the operation or content of the server appears to violate applicable law, rules, or policies, or poses a risk to the integrity of the campus network, results in a degradation of network performance, makes inappropriate use of intellectual property, or contains prohibited content. Every effort will be made to provide advance notification of termination. All servers connected to the campus network, including personally owned hardware, fall under the jurisdiction of existing university policies.

    All servers must be registered with Computer Services using a UCF Network Server Registration Form. Server registration must be renewed annually.

15. The university and its employees are prohibited from using any university resources for, or implying in any way that the university is directly involved in, political campaigns or campaign fundraising. Likewise, university computing and communication resources cannot be used in support of a political campaign or for campaign fundraising, even under a reimbursement arrangement. An example of prohibited use would be for a university employee to use university e-mail, Web, or telephone resources to solicit support of any political candidate over another or to raise funds for a candidate.

1. Campus and network computing resources shall be used in a manner consistent with Chapter 815, Florida Statutes, Computer Crimes Act, Title 18, United States Code, and the Electronic Communications Privacy Act of 1986. Unauthorized or fraudulent use of university computing or telecommunications resources can result in felony prosecution as provided for in Florida Statutes, and Chapter 775, Florida Criminal Code.

2. The computing and telecommunications resources of the university shall be used only for purposes directly related to, or in support of, the academic, research, or administrative activities of the university. If a university employee wishes to use university facilities, students, equipment, materials or software, for personal or outside professional purposes, permission must be requested in advance using form AA22. Form AA22 is available in the Office of Academic Affairs, the Office of the Vice President for Research, and in the office of each college dean.

3. Departments operating UCF computers shall be responsible for all use made by individuals having accounts on those machines. Account owners shall prevent unauthorized use by others, and report intrusions or any other inappropriate activity to the respective system administrators. Individual password, PIN or authentication code security is the responsibility of each user. Users shall be required to change their passwords as least every sixty (60) days, using a password that contains a minimum of six (6) characters, including numerals. Passwords should not be common names or words found in the dictionary.

4. Users shall not attempt to undermine the security or the integrity of computing systems or telecommunications networks and shall not attempt to gain unauthorized access to these resources. Users shall not employ any computer program or device to intercept or decode passwords or similar access control information. If security breaches are observed or suspected, they must be immediately reported to the appropriate system administrator or department security coordinator.

5. Users shall not intentionally damage or disable computing or telecommunications equipment or software.

6. Users shall ensure that software acquisition and utilization adheres to the applicable software licenses and copyright law, and is consistent with university software policies. Users shall maintain documentation sufficient to prove that all software installed on any computer workstation assigned to them has been legally obtained and is installed in conformance with the applicable license(s). Backup copies of software shall be made only if expressly permitted by the applicable license(s). Managers and unit administrators shall ensure that the workstation of any employee who reports to them is operated in accordance with this policy and applicable university rules and other policies. In addition, managers and administrators shall provide software users reporting to them written documentation (e.g., this policy) describing responsibilities for appropriate use.

7. To maintain proper functioning of computer and networking hardware and software, system administrators and individual users shall take reasonable care to ensure their computing facilities are free of viruses or other destructive software. Information on computer viruses and virus detection, and eradication software is available from the Computer Services office.

8. Users of university computing facilities and telecommunications networks shall use these resources prudently, and avoid making excessive demands on these facilities in a manner that would knowingly impair the use of these resources by others.

1. University employees responsible for the management or maintenance of computer or telecommunications systems may, in the course of their duties, have access to proprietary information or other information of a confidential nature, including electronic mail and voice mail messages. Professional ethics dictate that any person having access to proprietary or confidential information:
   1. Use that access only to the extent required to discharge the assigned responsibilities of that person's position;
   2. Not disclose any such information except to the extent authorized or required under this policy or applicable rules or laws; and
   3. Not use, in any manner, such information or knowledge for personal gain.

2. It is the responsibility of each person having access to proprietary or confidential information, to pursue any case of actual or suspected abuse or misuse of university computing and telecommunications resources. Proper pursuit of such cases may require that person to disclose relevant information to supervisors or designated investigators.

3. Except as provided otherwise in this policy, any person having or gaining access to proprietary or confidential information who is found guilty of violating confidentiality shall be subject to appropriate university and statutory sanctions.

4. Users of university computing and telecommunications networks should be aware that messages sent and received on computing and network resources are potentially accessible to others through normal system administration activities, for cause monitoring, and to the public through public record laws, subpoenas, decoding, interception, or other means.

5. A university employee may read, view, listen to, or otherwise access electronic messages without the knowledge or consent of the employee whose messages are being accessed only as provided in this policy or upon express prior authorization from the President or designee. Such prior authorization shall be given in writing, and must clearly state the purpose of granting such access.

6. Information accessed in such instances shall not be disclosed except as provided in this policy or with prior written authorization from the university's President or designee. Such prior authorization to disclose shall be given only in cases involving a possible breach of system security, a violation of law, a violation of university rule or policy, or dereliction of duty or responsibility on the part of a university user.

Any violation of the procedures and policies described above generally shall result in immediate loss of network and computer access privileges, and removal of any inappropriate personal information posted on university-owned computers.

1. Telecommunications means all communications made through or on university telephones, electronic mail, radios, facsimile machines, or any other electronic communication device.

2. University Communications means all communications that have a university business purpose.

3. Personal Communications means all communications that do not have a university business purpose.

4. Use of Telecommunications Equipment means any use of the university's telecommunications equipment by employees for university or personal business.

5. System Administrator means the person(s) responsible for managing central computer or file servers, including operating systems and application software.

6. Network Administrator means the person(s) responsible for managing telecommunications network software and hardware infrastructure for local area networks (LANS) or wide area networks (WANS).

7. Server means a computer that supports access to electronic services or information for network users.

8. Information Technology Resources means the technology infrastructure for processing and exchange of information, including computing and telecommunications (voice, video and data) devices and associated resources to operate, maintain, and utilize the technology infrastructure.