Information technology tools and resources at the UW
INTENT: This page is intended to be a relatively simple collection of information about a fairly complex set of Federal and State laws, and State and University policies and guidelines that govern the use of university information resources and computing technology. It is by no means comprehensive, authoritative, nor totally accurate for all instances – to make it so would be to make it as complex as all the underlying laws, policies and guidelines. Therefore, you should use this document as a general guide, and understand that if there are inconsistencies between this and the underlying rules, the rules govern. If you have any questions, please refer to the underlying information and the appropriate UW official (see the More Information section below).
- Messages to Faculty and Staff From the UW Administration
Know the rules
- Be knowledgeable about laws and policies
- Your use of University of Washington computing and networking resources is governed by:
- Extensive federal and state law and policy
- Internet acceptable use practices
- UW policy or contractual commitments
- UW Technology policy
All UW policies regarding the appropriate use of University resources, responsibility for University institutional data, and personal conduct apply to your use of UW computing and networking resources. In addition, your use of UW resources must comply with the restrictions and acceptable practices established specifically for these resources and these data. Faculty and staff use of these systems is subject to Washington State law for employees of state agencies. See the More Information section below, which lists applicable laws, policies and UW resources to help you understand the University’s and your obligations.
You should be aware that law and policy relating to the use of state resources specifically prohibit faculty and staff from:
- Using UW computers, networks, or other computing services for personal gain. For example, it would be improper to use your account to promote your outside business, to display commercial advertising, or to perform work for profit in a manner not authorized by the University.
- Using UW resources for partisan political purposes, such as using email to circulate advertising for political candidates or to help defeat a ballot measure.
Evidence of illegal activities or policy violations will be turned over to the appropriate authorities as soon as possible after detection. Depending upon their nature, violations of law or policy will be met with responses including revocation of access, suspension of accounts, disciplinary actions, and prosecution.
- Protecting the UW’s infrastructure
- As the computing and networking infrastructure of the UW underlies many crucial activities for the entire University community, including hospitals and clinics, the UW must protect and sustain the operation of those facilities. As such, the UW will take all legally allowed steps it deems appropriate to remedy or prevent activities that, in the UW’s judgment, endanger the orderly operation of UW networks or systems, and/or that threaten the UW’s network connections to the Internet and/or other institutions or networks. With respect to web site names or URLs defined by individuals using UW-provided services, the University may require site or page owners to change a site name if it conflicts with precedent or policy. For example, picking a site name that equates to someone else’s UW NetID poses a policy conflict. The University reserves the right to deactivate a Web page at any time and without notice for violations of policy or for security reasons.
- UW Residence Halls
- Computing and networking services in UW residence halls are provided to support student academic activity. If you are living in UW residence halls, please take the time to familiarize yourself with the rules for using those services.
Protect your data and UW data
- Protect your passwords
- Choose your passwords carefully, change them regularly, and protect them from abuse. Your UW NetID gives you access to many UW services. You are responsible for any use of your UW NetID. You may not share your personal UW NetID password.
- Know your responsibilities
- In the course of using UW services you may store and/or transmit data that come from institutional sources. Some data are more sensitive than others. You are responsible for knowing the applicable data security standards and policies, appropriate places to store the data, and controlling who can access the data. Employees of the University are responsible for protecting institutional data, such as student records, protected health information, and personally identifiable information. Where and how confidential and restricted data is stored matters; for example, if confidential data is stored on a portable device it must be suitably protected. UW has contractual relationships with certain “sanctioned” external service providers to help mitigate institutional risk related to data stored in those off-campus services. If you are unsure if a particular type of information is appropriate for use with a particular service or device, contact the relevant UW Data Trustee or Data Custodian.
- Monitoring and privacy
- The UW is committed to safeguarding the privacy of personally identifiable information, including personal financial information, educational records, and health records. For employees, be aware that all email and other electronic information pertaining to UW business is “owned” by the university, regardless of where it is kept, and is subject to disclosure as described below in the Records Management and Release of Information section. The UW may monitor user activities and access any files or information in the course of performing normal system and network maintenance while investigating policy or violations.
- Records management and release of information
- Except as noted by an agreement, a law, or a University policy (such as copyright policy), the UW owns all data and records, and all associated copyrights created by UW employees within the course of employment. All information (including email) relating to University business should be maintained in accordance with records management policy and procedures. This applies to email and other electronic records, regardless of where the records are stored, including on personally-owned computers, “cloud” or externally provided services, personal email services and/or other non-UW computers,
- Electronic Discovery and Public Records Release
- Employee (faculty and staff) email correspondence, as well as other records, are covered by UW Guidelines for the Release of University Records. Contact the Office of Public Records and Open Public Meetings for more information about public records and meetings; and the Attorney General’s Office about electronic discovery. For a summary of important points about handling public records, see Public Records Act: Points to Remember.
- Email use
- Email services at the UW are provided to support you in your work and education, as well as to support communication from the UW administration. Your use of email services at the UW should respect others and must not interfere with the operation of UW computers and networks. UW administrative email messages will be sent to faculty, staff, students, and affiliates of the UW at their official UW email address. Email sent to large groups of UW NetID holders (i.e. bulk email) requires the approval of a dean or vice president.Some departments have additional email use restrictions, for example UW Medicine workforce members are prohibited from forwarding their UW Email accounts, except to a UW Medicine approved email system. If you are unsure, please check with your department or organizational unit.
External Email and Cloud Service Providers: Email is inherently insecure. Sending confidential or restricted information (such as protected health information or export-controlled information) by email is unsafe, especially if you forward UW email off-campus to a non-sanctioned external email service provider. External email service providers typically do not provide legal protection or accountability for official UW records and information and do not comply with federal, state and UW regulations. However, the University has contracted with specific external providers to sanction their use for certain official UW records, making them acceptable for most – but not all – students and faculty and staff. UW employees should not forward their UW email to a non-UW email address, unless the destination system is specifically approved by the appropriate UW authority, since doing so may put you and the UW at risk of violating regulations such as FERPA, HIPAA (other regulations are listed in More Information).,/p>
HIPAA and UW Medicine Users: UW Medicine workforce members and students have additional requirements for email and cloud computing usage. See Being Secure in the Cloud for specifics. If you are unsure about the policies in your area, please check with your department or organizational unit.
Export-controlled and Classified Data: If you handle export-controlled or classified data, you are prohibited from forwarding this data, unless from a sanctioned email system to a known end-user with a secure system. Export-controlled data and classified data may not be placed on an external commercial server, such as with “cloud service” providers. Contact the Office of Sponsored Projects with any questions.
- Copyright laws apply to you
- You may not copy or use any software, images, music, or other intellectual property (such as books or videos) unless you have the legal right to do so. More information about copyright is available on the UW Copyright Connection site.Educational institutions are not exempt from the laws covering copyrights. Most software, images, music, and files available for use on computers at the UW are protected by federal copyright laws. In addition, software, images, music, and files normally are protected by a license agreement between the purchaser and the software seller. It is UW policy to respect federal copyright and license protections.
- Software and information resources provided through the University for use by students, faculty, and staff may be used on computing equipment only as specified in the various software licenses. It is against University policy for you to copy or reproduce any licensed software on University computing equipment, except as expressly permitted by the software license.
- It is a serious violation of UW policy to make or use unauthorized copies of software on University-owned computers or on personal computers housed in University facilities.
Unauthorized use of software, images, music, or files is regarded as a serious matter and any such use is without the consent of the UW. If abuse of computer software, images, music, or files occurs, those responsible for such abuse will be held accountable.
- More about copyrights
- UW DMCA (Digital Millenium Copyright Act) Information
- Unauthorized Distribution of Copyrighted Material on the UW network
- Allegations of copyright infringement can be sent to firstname.lastname@example.org
Student use of UW computing resources
The University of Washington provides computing resources, such as electronic networking services, to students for the primary purpose of facilitating student academic activity, but also for their personal use as long as such uses do not violate applicable laws and University policies. This guidance informs University students on the limitations relating to the use of University’s electronic network services or computing resources.
Students are responsible and accountable for how their UW NetID, computer, network device and computing resources are used. This includes information that originates from any device used by a student to connect to the University’s network, or access attributed to a student’s use of the network. Students shall follow all applicable laws, regulations and University policies. This includes legal limitations related to using, accessing or sharing any material that is considered illegal or obscene under federal or state law.
- The following uses are prohibited:
Using the University’s network or credentials in a way that violates Chapter 478-120 WAC, Student Conduct Code for the University of Washington, specifically related to computer abuses noted in Chapter 478-120-024 WAC.
Using the University’s network to set up, provide or support a public-facing service that is unrelated to student academic activities.
Engaging in denial-of-service attacks or other activities that consume excessive amounts of bandwidth or otherwise degrade network access.
Running a business or ecommerce platform using University network resources.
Sending spam or unwanted bulk emails.
Communicating with an individual that has specifically requested not to receive communication from you.
Phishing, pharming or social engineering.
The attempt to obtain or obtaining the password(s) or login credential(s) to resources or accounts that are not assigned to you or for which you are not authorized.
Session hijacking or man-in-the-middle attacks.
Network scanning, probing or sniffing.
Exploiting or attempting to exploit security vulnerabilities on systems or network devices that are not yours.
Using unauthorized IP addresses, or circumventing systems that enforce network access, management or quotas.
Sharing or exposing your personal UW NetID password.
Using a computer or user account (UW NetID, department account, etc.) for which you are not authorized.
Using the registration system in any way other than to register yourself into sections that you intend on taking, or using a script, robot or other automated tool to submit registrations requests.
Questions and complaints
- Whom to contact
- If you have questions about these policies, you can contact the UW Information Technology Service Center by calling 206-221-5000, sending email to email@example.com, or using the online Send a Question to UW Information Technology form.
- Private information
- If your questions or complaints involve sensitive information or you have a need for privacy, please call 206-221-5000 and ask to speak to a supervisor. You will be directed to the most appropriate official. Do not assume that email is private.
More information on appropriate use can be found on the following sites;
- Copyright resources at the UW
- Email spam
- Export controls
- Records management and release
- Security and privacy
- Information Security and Privacy Laws and Regulations — Descriptions of over 25 laws and regulations relating to security and privacy, maintained by the Office of the Chief Information Security Officer.
- Server policies