Acceptable Use Policy (AUP)

Purpose

The purpose of this Acceptable Use Policy (AUP) is to provide a framework for the proper and ethical use of Coppin State University’s technology resources. These resources are provided to support the university’s educational, research, administrative, and service missions.

Technology resources include but not limited to computers; mobile devices; networks; databases; software; websites; cloud services; and telecommunications systems. By using these resources, users agree to comply with this AUP, all affiliated IT policies, applicable laws, regulations, and University policies.

This policy applies to all users of University technology resources, including students, faculty, staff, contractors, guests, and external individuals or organizations accessing University technology resources.

User Responsibilities

1. Use technology resources to support Coppin’s mission and strategic goals.
2. Protect passwords and maintain the confidentiality of access credentials. Each user is responsible for all transactions made under the authorization of their login.
3. Regularly update systems and secure devices to prevent computer theft.
4. Use technology resources efficiently and avoid excessive use that may impact others.
5. Protect confidential university data.
6. Abide by all licensing agreements for software and other digital resources.
7. Practice responsible digital citizenship.
8. Report suspected security breaches or violations of this policy to Coppin’s IT Privacy and Information Security Department.

Acceptable Uses

Technology resources must be used in a manner consistent with the University’s mission. Acceptable uses include:

1. Academic research, teaching, and scholarly activities.
2. Administrative and operational functions.
3. Authorized collaboration with external organizations related to University objectives.
4. Communication that adheres to professional and academic standards.

Limited personal use of University technology resources is permitted when it does not:

• Interfere with academic, administrative, or operational responsibilities;
• Place an undue burden on shared resources; and
• Violate University policy, licensing agreements, or applicable laws.

Legal Compliance

Users must comply with applicable regulations and standards, including, but not limited to:

• Federal, state, and local laws;
• University policies and procedures;
• Software licensing agreements;
• Data protection regulations;
• Copyright and intellectual property laws;
• Export control regulations;
• Industry-specific compliance requirements (HIPAA, FERPA, etc.); and
• International data protection laws, where applicable.

In addition, when accessing external networks or services through university resources, the user must also comply with those networks' terms of service and acceptable use policies.

Ownership of Data

Materials created, stored, or transmitted using University technology resources in connection with University duties, classes, or activities may be considered University property. Student coursework remains the intellectual property of the student unless otherwise agreed (e.g., sponsored research, collaborative projects). The University retains ownership of administrative and research records.

Prohibited Uses

Users are prohibited from actions that violate system or network integrity, increase risk to cyber threats, compromise data privacy, involve unauthorized commercial activities, facilitate improper communication practices, violate intellectual property rights, or result in the misuse or overconsumption of resources.

System and Network Violations (Not Exhaustive) 

• Unauthorized access or attempted access
• Password sharing or credential theft
• Network scanning or port scanning
• Denial of service attacks
• Disrupting or interfering with the delivery or administration of computer resources.
• MAC or IP address spoofing
• Running unauthorized servers
• Creating rogue wireless networks
• Installing software on computers and the network
• Bypassing security controls
• Unauthorized system or hardware modifications
• Altering system or hardware configurations

Data and Privacy Violations (Not Exhaustive)

• Accessing data without authorization
• Sharing confidential information
• Storing sensitive data insecurely
• Mining data for personal use
• Creating unauthorized data repositories
• Violating data classification policies
• Mishandling personally identifiable information
• Unauthorized recording of communications
• Breaching student or employee privacy
• Modifying confidential data without proper authorization
• Attempting to access another user’s account, private files, or e-mail

Communication Violations (Not Exhaustive)

• Harassment or bullying
• Hate speech or discriminatory content
• Spam or mass unauthorized emails
• Chain letters or pyramid schemes
• Phishing or social engineering
• Impersonating others online
• Misrepresenting an affiliation of the university
• Creating fake social media accounts
• Spreading misinformation
• Forwarding private or confidential information

Intellectual Property Infringement Violations (Not Exhaustive)

• Unauthorized reproduction of copyrighted materials without necessary permission or licenses
• Unauthorized use of logos or trademarks
• Illegal file sharing
• Plagiarizing or misappropriating others' intellectual property in academic or research work
• Illegal downloading or sharing of licensed software, including the use of peer-to-peer file sharing networks for distributing copyrighted content
• Using patented processes, designs, or technologies without authorization
• Circumventing Digital Rights Management (DRM) systems or other technological protection measures
• Unauthorized distribution of course, research, and/or scholarly materials

Commercial and Political Violations (Not Exhaustive)

• Operating personal businesses and other commercial and/or for-profit purposes
• Unauthorized campaigning, lobbying, and other types of political activities

Resource Abuse Violations (Not Exhaustive)

• Cryptocurrency mining
• Using computing resources to engage in conduct that interferes with other’s use of shared computer resources and/or disrupts other computer users.
• Unauthorized fundraising 
• Gaming servers or file sharing servers
• Excessive streaming or downloads
• Resource-intensive applications
• Storing personal media collections
• Running unauthorized scripts
• Automated trading or betting systems
• Non-academic online gaming
• Theft of computers, gaming equipment or related peripherals

Privacy and Monitoring

While the University respects the privacy of users, Coppin State University has not only the right, but also the duty to monitor, log, and review any and all aspects of its technology resources. Users should not have an expectation of privacy in anything they create, send, or receive using campus technology resources. Further, Coppin State University may disclose the contents of user accounts and activities, when required by law, policy, or to protect the integrity of the University’s resources. Lastly, authorized IT personnel may access user accounts and files as needed for system maintenance, security, and compliance purposes.

Enforcement

Suspected or known violations should be reported to the Director of Information Security and Privacy, and will be adjudicated in conjunction with the appropriate authorities:

• Students - Student Life Office of Student Conduct, or designated area within Enrollment Management and Student Affairs
• Staff - Office of Human Resources
• Faculty - Office of the Provost 
• Guests - Campus Police

Violators of this policy may be subject to disciplinary action, including verbal warning, written warning, revocation of campus technology resource privileges, suspension, termination, financial responsibility for damages, and/or legal action.

Policy Compliance

The Director of Information Security and Privacy will verify compliance with this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

Exceptions

Any exception to the policy must be approved, in writing, by the Chief Information Officer or Designee.

Disclaimer

This AUP is intended to provide general guidelines for the acceptable use of university technology resources. It may be subject to change without prior notice.