Appropriate use

Last updated: October 10, 2023
INTENT: This page is intended to be a relatively simple collection of information about a fairly complex set of Federal and State laws, and State and University policies and guidelines that govern the use of university information resources and computing technology. It is by no means comprehensive, authoritative, nor totally accurate for all instances – to make it so would be to make it as complex as all the underlying laws, policies and guidelines. Therefore, you should use this document as a general guide, and understand that if there are inconsistencies between this and the underlying rules, the rules govern. If you have any questions, please refer to the underlying information and the appropriate UW official (see the More Information section below).

Summary

Many laws and policies regulate your use of UW computing resources and services such as email, internet access, mailing lists, newsgroups, computer hardware and software, etc. You are responsible for compliance with all such laws and policies.

  • You must not share your personal UW NetID password with anyone.
  • You must not use someone else’s personal UW NetID.
  • Faculty, instructors and staff may not use UW computing resources and services for commercial or political purposes.
  • UW computing resources provided to UW employees and workforce members may not be used for personal purposes, except to a degree that is de minimis.
  • You may not use licensed or copyrighted software, images, or files without proper authorization.
  • You must not use UW computing resources to violate the privacy rights of anyone.
  • You must strictly comply with all restrictions relating to the use of UW Confidential Data, such as Protected Health Information (PHI), Personally Identifiable Information (PII), or export-controlled data.
  • Any records created in the process of doing official UW business are subject to public records laws.
  • You must comply with all requirements regarding retention, disclosure, and management of UW data, and return, upon request, any UW data that you place in a cloud service or other external repository.
  • You must not access UW computers or files belonging to others without proper authorization, and you must not harm UW computers.
  • You should report any inappropriate use of data or violation of policy immediately upon discovery.
  • You understand that the UW makes binding revisions to its policies over time, including changes to appropriate use policies.

Violations of laws or policies are regarded as a serious matter and may result in revocation of access or other disciplinary actions under the UW’s authority to define and enforce its policies.

Know the rules

Be knowledgeable about laws and policies
Your use of University of Washington computing and networking resources is governed by:

  • Extensive federal and state law and policy
  • Internet acceptable use practices
  • UW policy or contractual commitments
  • UW Technology policy

All UW policies regarding the appropriate use of University resources, responsibility for University institutional data, and personal conduct apply to your use of UW computing and networking resources. In addition, your use of UW resources must comply with the restrictions and acceptable practices established specifically for these resources and these data. Faculty and staff use of these systems is subject to Washington State law for employees of state agencies. See the More Information section below, which lists applicable laws, policies and UW resources to help you understand the University’s and your obligations.

You should be aware that law and policy relating to the use of state resources specifically prohibit faculty and staff from:

  • Using UW computers, networks, or other computing services for personal gain. For example, it would be improper to use your account to promote your outside business, to display commercial advertising, or to perform work for profit in a manner not authorized by the University.
  • Using UW resources for partisan political purposes, such as using email to circulate advertising for political candidates or to help defeat a ballot measure.

Evidence of illegal activities or policy violations will be turned over to the appropriate authorities as soon as possible after detection. Depending upon their nature, violations of law or policy will be met with responses including revocation of access, suspension of accounts, disciplinary actions, and prosecution.

Protecting the UW’s infrastructure
As the computing and networking infrastructure of the UW underlies many crucial activities for the entire University community, including hospitals and clinics, the UW must protect and sustain the operation of those facilities. As such, the UW will take all legally allowed steps it deems appropriate to remedy or prevent activities that, in the UW’s judgment, endanger the orderly operation of UW networks or systems, and/or that threaten the UW’s network connections to the Internet and/or other institutions or networks. With respect to web site names or URLs defined by individuals using UW-provided services, the University may require site or page owners to change a site name if it conflicts with precedent or policy. For example, picking a site name that equates to someone else’s UW NetID poses a policy conflict. The University reserves the right to deactivate a Web page at any time and without notice for violations of policy or for security reasons.
UW Residence Halls
Computing and networking services in UW residence halls are provided to support student academic activity. If you are living in UW residence halls, please take the time to familiarize yourself with the rules for using those services.

Protect your data and UW data

Protect your passwords
Choose your passwords carefully, change them regularly, and protect them from abuse. Your personal UW NetID gives you access to many UW services. You are responsible for any use of your personal UW NetID. You may not share your personal UW NetID password.
Know your responsibilities
In the course of using UW services you may store and/or transmit data that come from institutional sources. Some data are more sensitive than others. You are responsible for knowing the applicable data security standards and policies, appropriate places to store the data, and controlling who can access the data. Employees of the University are responsible for protecting institutional data, such as student records, protected health information, and personally identifiable information. Where and how confidential and restricted data is stored matters; for example, if confidential data is stored on a portable device it must be suitably protected. UW has contractual relationships with certain “sanctioned” external service providers to help mitigate institutional risk related to data stored in those off-campus services. If you are unsure if a particular type of information is appropriate for use with a particular service or device, contact the relevant UW Data Trustee or Data Custodian.
Monitoring and privacy
The UW is committed to safeguarding the privacy of personally identifiable information, including personal financial information, educational records, and health records. For employees, be aware that all email and other electronic information pertaining to UW business is “owned” by the university, regardless of where it is kept, and is subject to disclosure as described below in the Records Management and Release of Information section. The UW may monitor user activities and access any files or information in the course of performing normal system and network maintenance while investigating policy or violations.
Records management and release of information
Except as noted by an agreement, a law, or a University policy (such as copyright policy), the UW owns all data and records, and all associated copyrights created by UW employees within the course of employment. All information (including email) relating to University business should be maintained in accordance with records management policy and procedures. This applies to email and other electronic records, regardless of where the records are stored, including on personally-owned computers, “cloud” or externally provided services, personal email services and/or other non-UW computers,
Electronic Discovery and Public Records Release
Employee (faculty and staff) email correspondence, as well as other records, are covered by UW Guidelines for the Release of University Records. Contact the Office of Public Records and Open Public Meetings for more information about public records and meetings; and the Attorney General’s Office about electronic discovery. For a summary of important points about handling public records, see Public Records Act: Points to Remember.
Email use
Email services at the UW are provided to support you in your work and education, as well as to support communication from the UW administration. Your use of email services at the UW should respect others and must not interfere with the operation of UW computers and networks. UW administrative email messages will be sent to faculty, staff, students, and affiliates of the UW at their official UW email address. For faculty and staff, email sent to large groups of UW NetID holders (i.e., bulk email) requires approval from a dean or vice president. For students, sending spam or unwanted bulk emails is prohibited. Some departments have additional email use restrictions, for example UW Medicine workforce members are prohibited from forwarding their UW Email accounts, except to a UW Medicine approved email system. If you are unsure, please check with your department or organizational unit.

External Email and Cloud Service Providers: Email is inherently insecure. Sending confidential or restricted information (such as protected health information or export-controlled information) by email is unsafe, especially if you forward UW email off-campus to a non-sanctioned external email service provider. External email service providers typically do not provide legal protection or accountability for official UW records and information and do not comply with federal, state and UW regulations. However, the University has contracted with specific external providers to sanction their use for certain official UW records, making them acceptable for most – but not all – students and faculty and staff. UW employees should not forward their UW email to a non-UW email address, unless the destination system is specifically approved by the appropriate UW authority, since doing so may put you and the UW at risk of violating regulations such as FERPA, HIPAA (other regulations are listed in More Information).

HIPAA and UW Medicine Users: UW Medicine workforce members and students have additional requirements for email and cloud computing usage. See  Being Secure in the Cloud for specifics. If you are unsure about the policies in your area, please check with your department or organizational unit.

Export-controlled and Classified Data: If you handle export-controlled or classified data, you are prohibited from forwarding this data, unless from a sanctioned email system to a known end-user with a secure system. Export-controlled data and classified data may not be placed on an external commercial server, such as with “cloud service” providers. Contact the Office of Sponsored Programs with any questions.

Respecting copyrights

Copyright laws apply to you
You may not copy or use any software, images, music, or other intellectual property (such as books or videos) unless you have the legal right to do so. More information about copyright is available on the UW Copyright Connection site.Educational institutions are not exempt from the laws covering copyrights. Most software, images, music, and files available for use on computers at the UW are protected by federal copyright laws. In addition, software, images, music, and files normally are protected by a license agreement between the purchaser and the software seller. It is UW policy to respect federal copyright and license protections.

  • Software and information resources provided through the University for use by students, faculty, and staff may be used on computing equipment only as specified in the various software licenses. It is against University policy for you to copy or reproduce any licensed software on University computing equipment, except as expressly permitted by the software license.
  • It is a serious violation of UW policy to make or use unauthorized copies of software on University-owned computers or on personal computers housed in University facilities.

Unauthorized use of software, images, music, or files is regarded as a serious matter and any such use is without the consent of the UW. If abuse of computer software, images, music, or files occurs, those responsible for such abuse will be held accountable.

More about copyrights

Student use of UW computing resources

The University of Washington provides computing resources, such as electronic networking services, to students for the primary purpose of facilitating student academic activity, but also for their personal use as long as such uses do not violate applicable laws and University policies. This guidance informs University students on the limitations relating to the use of University’s electronic network services or computing resources.

Students are responsible and accountable for how their UW NetID, computer, network device and computing resources are used. This includes information that originates from any device used by a student to connect to the University’s network, or access attributed to a student’s use of the network. Students shall follow all applicable laws, regulations and University policies. This includes legal limitations related to using, accessing or sharing any material that is considered illegal or obscene under federal or state law.

The following uses are prohibited:
  1. Using the University’s network or credentials in a way that violates Chapter 478-121 WAC, Student Conduct Code for the University of Washington, specifically related to computer abuses noted in Chapter 478-121-117 WAC.
  2. Using the University’s network to set up, provide or support a public-facing service that is unrelated to student academic activities.
  3. Engaging in denial-of-service attacks or other activities that consume excessive amounts of bandwidth or otherwise degrade network access.
  4. Running a business or ecommerce platform using University network resources.
  5. Sending spam or unwanted bulk emails.
  6. Communicating with an individual that has specifically requested not to receive communication from you.
  7. Cyberstalking.
  8. Phishing, pharming or social engineering.
  9. The attempt to obtain or obtaining the password(s) or login credential(s) to resources or accounts that are not assigned to you or for which you are not authorized.
  10. Session hijacking or person-in-the-middle attacks.
  11. Traffic proxying.
  12. Network scanning, probing or sniffing.
  13. Exploiting or attempting to exploit security vulnerabilities on systems or network devices that are not yours.
  14. Using unauthorized IP addresses, or circumventing systems that enforce network access, management or quotas.
  15. Sharing or exposing your personal UW NetID password.
  16. Using a computer or user account (UW NetID, department account, etc.) for which you are not authorized.
  17. Using the registration system in any way other than to register yourself into sections that you intend on taking, or using a script, robot or other automated tool to submit registrations requests.
  18. Violating copyrights.

Questions and complaints

Whom to contact
If you have questions about these policies, you can contact the UW Information Technology Service Center by calling 206-221-5000, sending email to help@u.washington.edu, or using the online Send a Question to UW Information Technology form.
Private information
If your questions or complaints involve sensitive information or you have a need for privacy, please call 206-221-5000 and ask to speak to a supervisor. You will be directed to the most appropriate official. Do not assume that email is private.

More information

More information on appropriate use can be found on the following sites;

UW Policy
Copyright
Email spam
Export controls
Phones
Records management and release
Security and privacy
Server policies
Wireless