Acceptable Use Policies

Acceptable use policies (AUPs) are sets of behavioral expectations or rules adopted by college and university officials that are designed to regulate the conduct of those who use institutionally provided computer resources. At the same time, many businesses and K-12 school systems have developed such rules and policies to regulate usage, to protect the integrity of their networks, and to avoid legal problems. In educational institutions, faculty, staff members, and students are often asked to acknowledge AUPs and to agree, in writing, to comply with their terms as a condition of access to computer resources. Well-drafted AUPs can serve a useful [Page 11]purpose by helping to alleviate disagreements when improper uses are discovered, so that the consequences for such inappropriate uses can be more readily justified and evenly applied.

Acceptable use policies typically contain a statement of purpose along with an acknowledgment that computer resources and access provided by the institution are provided primarily for educational or administrative purposes. Those policies make users primarily responsible for compliance but also warn that computer users are subject to monitoring for compliance. Making individuals aware of such provisions in policies is designed to have the effect of deterring unacceptable conduct while providing warnings that individuals are primarily responsible for their conduct that fails to comply with the policies.

A common function of AUPs is to advise users that their use of computer resources is subject to monitoring. Users must be told that the system will be monitored for misuse and that they should not expect that their computer use, the sites they visit, or the e-mail or instant messages they send using school computer resources will be private. In addition, educational officials should condition access to computer systems to those users who expressly agree to the AUPs, including the monitoring provisions. Users who agree to comply with the provisions in AUPs, in essence, consent to monitoring as a condition of access. Including such an explicit statement in AUPs should help institutions to avoid liability under the Electronic Communications Privacy Act (1986), which makes it unlawful to intercept electronic messages. Put another way, reducing the expectation of privacy that users may otherwise think they have in using such technology should help institutions avoid legal issues when monitoring is required.

Most AUPs also contain what is tantamount to a code of conduct for users. Codes may include rules pertaining to use of appropriate language; rules to help users avoid illegal activity; and rules regulating the downloading of copyrighted materials, including music and movies; as well as rules that are designed to protect the integrity of the system (bandwidth). The challenge for administrators in higher education is to develop policies that are broad enough to address and guide conduct that may not have even been conceived of, yet narrow enough to address specific behavior in a practical and unambiguous way. Conduct rules may also be designed to regulate harassment or disruptive conduct directed to other users. Moreover, rules designed to protect users are common, such as rules regarding the release of personally identifiable information or the sharing of access passwords.

...