This Rule defines appropriate and inappropriate use of NMSU-owned and controlled resources, such as electronic devices, software, computer systems and networks that are directly, or through a third party, used to transmit, receive, process or store information or data such as computers, servers, databases, Personal Data Assistants (PDAs), telephones, wireless devices, e-mail systems, voice messaging systems and internet connectivity. Also included is the use of non NMSU-owned electronic resources storing or connecting to NMSU data. In addition, the Rule defines privacy of data, copyright/intellectual property rights to data, and data ownership and access.
1. Ownership and Use
NMSU computing equipment and resources are owned and/or administered by the Board of Regents of New Mexico State University. Access to NMSU equipment and resources is a privilege granted to students and employees to facilitate instruction/learning, research and administration. All users of NMSU computing equipment and resources are required to affirm the following:
I have read the Acceptable Use Rule, and I understand and agree to abide by the terms of the Rule. I also understand that my use of NMSU equipment and resources must be in accordance with the Rule. I recognize that violations of this Rule may cause restriction or elimination of my access to NMSU computer resources, other disciplinary action, or civil or criminal penalties.
2. User Responsibilities
- NMSU computing equipment and resources are used to support the mission of the university and may not be used for commercial or profit-making purposes.
- NMSU computing equipment and resources may only be used by users in ways that do not violate the law or NMSU policies.
- The willful transmission of known destructive applications and viruses by a user is prohibited.
- Users whose activities place high loads on the NMSU system must conduct these activities in off hours or in low system demand times.
- Users are responsible for protecting university data and technologies from unauthorized uses and security threats.
- Users must be considerate of the rights of other users.
3. Copyright Compliance
- NMSU shall comply with the Copyright Law of 1976 and its amendments (Title 17, United States Code), including the Digital Millennium Copyright Act of 1988. Faculty, staff, and students should be aware that copyright infringements occurring on university networks may result in termination of networking privileges as well as other penalties under federal law.
- Users must be in compliance with copyright laws and licensing agreements. The University’s Office of Information and Communication Technologies may block access to information alleged to be in violation of copyright laws. If a user is found to be in violation of copyright laws, the information found to be in violation shall be deleted from the university’s computing system(s). Also, the violator may be subject to other sanctions.
4. Misuse of Information and Technology Services
The university reserves the right to sanction a user for the misuse of university information and technology equipment and resources. In addition to other standards specified in NMSU policy or rules and procedures; examples of misuse include, but are not limited to:
- Intentionally altering, disabling, destroying or stealing electronic resources.
- Unauthorized access.
- Use of illegal software or data.
- The development and/or use of programs which impede the use or the network or cause damage.
- Attempting to defeat or circumvent any security measures, controls, accounts, or record-keeping systems.
- Using information and technology equipment and resources for unlawful purposes including fraudulent, defamatory or harassing acts, acts of violence, etc.
- Invading privacy and confidentiality rights protected under the law.
5. Incidental Personal Use of Electronic Resources by Employees
Incidental personal use of electronic university-owned resources is covered in ARP 3.14 Non-Work Related Use of University Resources, which prohibits, in part:
“…viewing, displaying, downloading, printing, procuring, or transmitting of sexually explicit material; nor of any other material that would violate university policy, rule, procedure, or the law, including but not limited to, those relating to sexual harassment, fraud, hostile workplace, obscenity, libel, defamation, or hate/violent misconduct.”
Notwithstanding users’ rights to privacy, and any rights under the Electronic Communication Privacy Act of 1986, FERPA HIPAA and GLBA, users grant specific permission to university to inspect users’ accounts and file space for investigation of violation of university policy or rules and procedures or as needed for maintenance functions. When investigating a possible abuse of the system, Information and Communication Technologies has the authority to examine files, passwords, accounting information, printouts, tapes, or other material that may aid in the investigation. Investigations must follow university procedures. Use of university equipment or resources implies consent to this Rule.
7. Access – Investigative Purposes
The university reserves the right to access a user’s account when there is reasonable suspicion that a law or university policy, rule or procedures have been violated. The following steps for a request to access a user’s account include:
- Requests for access based on a reasonable suspicion must be in writing and approved prior to access being granted by Chancellor/Chancellor, provost, general counsel, human resources, internal audit department or law enforcement.
- Each request must specify the purpose for which access is being requested.
8. Access – Non-Investigative Purposes – Work Related
Access to work-related files is permitted as long as there is a work-related need and the users are, by the nature of their work, approved to access these files. When an employee separates from the university, all work-related files remain the property of the university.
Use of information technology equipment or resources in violation of applicable laws, university policy, rule or procedures may result in sanctions, which include, but not limited to, the sanctions listed below:
- Withdrawal of use privileges.
- Disciplinary action, up to and including, expulsion or discharge from a position.
- Legal prosecution.