Executive Policy #4
Revision Approved October 23, 2015
GENERAL POLICY STATEMENT
In support of academic instruction, research, public service, and administrative functions, Washington State University (WSU) encourages the use of, and provides access to, information technologies and network resources. This enables WSU users to access global information resources, as well as communicate with other users worldwide. In keeping with its role and values, WSU encourages the use of electronic communication, rather than paper, whenever possible for the conduct of official WSU business and for individual professional purposes related to an official WSU purpose.
This policy governs the use of WSU Information Technology (IT) resources, including but not limited to internet resources, network resources, electronic communications infrastructure, and information technologies infrastructure.
Users of WSU's IT resources are responsible for using those resources in accordance with federal, state, and local law, and with WSU policy. Use of WSU IT resources is a privilege that depends upon appropriate use of those resources. Individuals who violate the law or WSU policy regarding the use of IT resources are subject to loss of access to those resources as well as to WSU disciplinary and/or legal action.
This policy does not apply to computer use that occurs when an employee is off-duty, using a personally-owned computer, and not conducting official University business.
Specific policies contained in this document include:
FREEDOM OF EXPRESSION
WSU respects the First Amendment rights of freedom of speech, including academic freedom of artists and scholars. Therefore, WSU does not restrict the contents of electronic mail of staff, faculty, and students or the contents of faculty, staff, and student individual World Wide Web (Web) pages linked to the official WSU Web pages beyond the restrictions inherent in complying with the law and WSU policy.
This policy applies to all WSU employees, students, visiting faculty, non-WSU persons who have a WSU username, and volunteers when using IT resources provided (including by contract) or managed by WSU. All such individuals, by virtue of their use of WSU IT resources, accept the responsibility for using these resources only for appropriate WSU activities and are responsible for reading, understanding, and behaving in a manner consistent with this policy.
Separate policies apply to the use of IT resources that are made accessible to the public in the ordinary course of WSU business (e.g., public IT resource access in WSU libraries). Policies governing the use of such IT resources shall be posted in the general locale of the public access facilities or be made available to users of those technologies and networks. The use of publicly accessible IT resources by a WSU employee acting within the scope of the employee's employment shall, however, be governed by this policy.
WSU's IT resources may be used for legitimate WSU purposes only. Appropriate use of IT resources is as follows:
Legal uses by students related to their WSU education and campus life activities are considered appropriate. In addition to this policy, the Standards of Conduct for Students govern students while enrolled in WSU. The Standards of Conduct for Students include a provision prohibiting computer abuses, WAC 504-26-218. Students who wish to use computer laboratories also sign a User Agreement with Student Computing Services.
Uses by faculty, administrators, and staff directly related to instruction, research, and scholarly, professional, and administrative endeavors on behalf of WSU that are within the scope of WSU employment are considered appropriate. Students, while working in a WSU employment capacity, will be governed by policies for employees.
Use of IT resources by WSU employees is governed by Washington State's Ethics in Public Service Law (Ethics Law), RCW 42.52 and WAC 292-110-010, and by WSU BPPM 20.37. Students, while working in an employment capacity for WSU, are also governed by the Ethics Law. WSU employees must comply with the Ethics Law and with any rules adopted by the Executive Ethics Board.
Volunteers and other individuals and entities who have an affiliation with WSU must comply with all provisions that apply to employees with regard to appropriate and prohibited use of WSU IT resources.
WSU IT resources shall not be used for:
- Supporting, establishing, or conducting any private business operation or commercial activity not expressly allowed by WSU policy (also see "Advertising" below);
- Conducting personal activities unrelated to any WSU or student educational purpose unless otherwise allowed by this policy, including harvesting WSU e-mail addresses for personal use;
- Attempting to gain unauthorized access to any portion of the WSU computer system or using WSU IT resources as a staging area to attempt to gain unauthorized access to any other system or account;
- Violating WSU's policy of prohibiting discrimination against individuals on the basis of race, sex/gender, religion, age, color, creed, national or ethnic origin, physical, mental, or sensory disability, including disability requiring the use of a trained service animal, marital status, genetic information, sexual orientation, gender identity/expression, and status as an honorably discharged veteran or member of the military;
- Intentionally disseminating, accessing, or providing a hyperlink to obscenity, as that term is defined by the law, unless such activities are directly related to an employee's legitimate research or scholarship purpose or to a student's completion of an academic requirement;
- Sending unsolicited electronic mail (e.g., "spam") in violation of Washington law;
- Engaging in political activities that violate state law (state law prohibits the use of state facilities or public resources for the purposes of assisting in an election campaign or for the promotion or opposition to a ballot proposition);
- Destroying, altering, or compromising the security, privacy, integrity, or availability of IT resources when such uses are not authorized;
- Utilizing WSU systems to intentionally interfere with others' use of IT resources or conduct of WSU business;
- Violating copyright law (thus, information technology and network users who do not hold the copyright on a work must have permission to publish information, graphics, cartoons, photographs, or other material, or the publication must be otherwise permitted under copyright law); or
- Violating trademark law, Export Control law, or other federal, state, or local law, or WSU policy.
USE OF ELECTRONIC MEDIA FOR INTERNAL COMMUNICATIONS
The University requires that mass distribution of internal communications to faculty and staff be provided by electronic methods rather than via paper-based media. This includes communications sent by administrators, departments, units, and programs. This policy reflects a commitment by the University to conserve money and resources.
Acceptable electronic communications methods include notices and announcements in the myWSU portal, electronic mail to authorized electronic mail lists, electronic mail attachments, websites, texting and similar web-based messaging, reader boards and telephone. The University recommends the use of the online WSU Calendar, WSU Announcements, and similar online tools. Other electronic methods may be used when appropriate and cost effective.
Messages distributed via the University's electronic mass distribution channels must be associated with and approved by University units or registered student organizations and may not be commercial in nature, except as expressly provided by WSU policy. Each message must carry the name of the sponsoring unit.
Official Correspondence With Students
All correspondence regarding academic- and business-related activities must be sent to the student's official @wsu.edu email account effective the first day of instruction of the first term that the student is enrolled. Correspondence with students is permitted through additional communication channels, but it is not mandatory.
This policy subsection applies to mass distribution communications primarily intended for internal faculty and/or staff audiences. Examples include newsletters, newspapers, magazines, fliers, postcards, bulk invitations, and memoranda.
The policy requiring electronic communications does not apply to the following:
- Mass distribution communications to and/or from students;
- Communications specifically required by statute or regulation;
- Business-related documents requiring written signatures, e.g. forms, agreements, formal correspondence;
- Communications intended primarily for audiences outside the WSU community.
Seeking Policy Exceptions
Requests for exception to using electronic media for internal communications are to be routed through the department chair or director, and must be approved by a dean, vice president, or chancellor.
WEB ELECTRONIC PUBLICATIONS
The quality of information published and communicated by WSU plays an important role in maintaining the strong reputation and image of WSU. Because all Internet users may view electronic publications, the quality of electronic publications reflects upon all members of the WSU community. In general, electronic publications are subject to the same WSU policies and standards as print publications.
Unit Web Pages and Other Electronic Publications
Unit Web pages and other electronic publications are the equivalent of printed publications or official communications. As official WSU publications, they must comply with WSU Web graphic identity standards, which are located at http://brand.wsu.edu. Each unit Web page, cluster of linked pages, or other electronically published information must contain:
- The unit name;
- An electronic mail address for the unit's Web page creator or administrator;
- The page's expiration date when appropriate;
- A link to WSU's Copyright, Disclaimer, and Freedom of Expression Policies; and
- A link to WSU's main or home page.
Units publishing their own electronic information may set additional requirements, such as the inclusion of the equal opportunity statement. A unit may decide whether it is of benefit to link the individual electronic pages of their faculty, staff, or students to the unit Web page.
Individual Web Pages
Individuals may create Web pages and other electronic publications that provide information relevant to that individual's role at WSU. The work on individual Web pages and electronic publications represents the work of individual artists, scholars, and authors who created them, and they are not intended to represent WSU. As such, WSU bears no responsibility for the content of individual Web pages. They are the responsibility of their developers.
Each individual page, cluster of linked pages, or other electronically published information will display by a browser:
- The individual's name;
- The individual's position or affiliation with WSU;
- The individual's electronic mail address; and
- A link to WSU's Copyright, Disclaimer, and Freedom of Expression Policies.
Electronic correspondence shall be one of the authorized means of communication from Washington State University to students, faculty, staff, and other constituents.
Electronic correspondence includes traditional two-way or multi-way communications between or among correspondents (i.e., individuals, businesses, agencies) and official, one-way, targeted messages, announcements, or other forms of communication from the University.
All University electronic correspondence that contains individually-identifiable, confidential, or non-public information must be handled in accordance with Executive Policy Manual EP8: University Data Policies.
University electronic correspondence may be used only to meet academic instruction, research, public service, and administrative needs of the University. Originators are responsible for selecting the appropriate electronic correspondence mechanism according to the guidelines below. Delivery-tracking mechanisms should be used when necessary to ensure legal or business procedure compliance.
Faculty, staff, and students are responsible for all information sent to them via University-provided electronic correspondence delivery mechanisms. The University expects that all University business-related electronic correspondence received will be read in a timely fashion, and without the need for follow-up notices.
Electronic Correspondence Guidelines
Electronic correspondence containing information as outlined below must be sent and delivered by secure means. In the event that secure mechanisms are not available, information as specified below must not be sent electronically.
- Individually-identifiable information other than a person's directory information (directory information includes a person's name, address, telephone number, e-mail address, and student major).
- Individually-identifiable directory information (name, address, telephone number, e-mail address, and student major) for a person who has restricted use of that information.
- Any information that either the recipient or originator would reasonably expect to be considered confidential.
- Information which is required by federal, state, or local law, or WSU policy to be kept confidential, including but not limited to:
- The Family Educational Rights and Privacy Act (FERPA):
- The Health Insurance Portability and Accountability Act (HIPAA):
- The Gramm-Leach-Bliley Act (GLB Act):
Listings of WSU faculty/staff and student e-mail addresses are maintained and safeguarded by WSU. These listings are reserved for use by the President and Provost for important communications, for WSU Alert messages, and for authorized University-wide communications including WSU Today Update. WSU employees and students are prohibited from utilizing the faculty/staff and student lists without the express consent of the Vice President of Information Services and are also prohibited from compiling and using similar listings, including listings that may be obtained through other sources.
A vice president may use the listings in limited circumstances, with approval from the Vice President of Information Services, where a need to disseminate information exists via either a portal announcement or notice.
Portal Announcements are used to communicate with students, faculty and staff information related to specific departmental events. For example a portal announcement may be used by faculty or departments to alert students that a class has changed location or been cancelled.
Portal Notices are used to disseminate critical confidential information to individuals or small groups regarding items that may impact students' academic standing, payment of fees, or items related to an individual's health services that are protected under HIPAA.
University personnel wishing to communicate electronically with the University community can submit messages and links through WSU Announcements (http://news.wsu.edu/announcements) and WSU News Submit Item (http://news.wsu.edu/submit), or by sending custom e-mails through Crimson Communique, the "opt-out" faculty/staff list (http://ucomm.wsu.edu/place-an-order.html). Express approval by a department head is required to utilize this routing, with a clear endorsement/ sponsorship of the content by that department.
Crisis Communications System
WSU maintains a list of e-mail addresses of faculty, staff, and students who choose to register their e-mail addresses in a crisis communications database for use in notifying these individuals in the event of an emergency or safety situation. Emergency management and public safety personnel control this database.
Information Technology maintains electronic mail lists that may be created and/or subscribed to for intra-campus communications: http://lists.wsu.edu/. Individual campuses, colleges, departments, or units may create and use their own intra-area distribution lists.
Graphic Identity Standards
Presentation of HTML and graphic-rich electronic communication, like other electronic (web) publications, is subject to the same WSU standards (http://brand.wsu.edu) as print communications.
WSU respects the privacy of users and does not routinely inspect or monitor the content of electronic communication. However, WSU does not guarantee the security and privacy of any user's electronic mail and/or electronic files and it is not advisable to send information in electronic communication that the sender would not want to be distributed to others.
WSU may access such electronic communication or files in a number of situations:
- Requests for Public Disclosure. All electronic records and all electronic mail messages are public records and may be subject to disclosure through a public records request.
The state's Public Records Act (RCW 42.56) requires that electronic mail or files containing information relating to the conduct of WSU business be made available for public inspection and copying. If WSU receives a request for public disclosure of electronic mail or other electronic files, WSU staff will access electronic mail and files to determine whether such material must be disclosed under the law. If WSU's public records officer determines that electronic mail and/or files are required to be disclosed, such records will be provided to the individual who makes the public records request unless a court order is issued preventing disclosure.
- Litigation. In the course of discovery during litigation, pursuant to subpoena, or in response to a pre-litigation or litigation hold notice.
- Retention of Electronic Mail. Electronic mail is backed up and retained in accordance with record retention requirements of state law (RCW 40.14) and WSU policy BPPM 90.01. Users are advised that electronic messages and other files are not removed from their hard drives when erased by the individual. Material that continues to exist on a hard drive, or on another's computer, also may be subject to disclosure.
- Access During Routine System Maintenance. Responsible system maintenance may require that files are backed up, data cached, activity logs kept, and overall system activity monitored. In the process of these activities, WSU staff and other appropriate staff may see an individual user's electronic mail and files.
- Access for WSU Business. WSU employees may access all electronic mail or files on another employee's computer with that employee's permission, or with a supervisor's approval, when that employee is unavailable and access is for a legitimate business purpose. However, wherever practical the authorized employee seeking access to the electronic files shall reasonably attempt to inform or seek approval from the employee whose files are being accessed for business purposes. A supervisor may access electronic mail or files within his or her unit for legitimate business purposes without seeking approval. Supervisors who access electronic files or give permission to access individual files shall do so in a manner that is consistent with any research and/or confidentiality agreements which may apply to those files. Any access by a supervisor or co-worker for a legitimate business purpose shall be limited to that purpose.
- Access in Investigation of Misconduct. This provision applies to monitoring of employee accounts when the monitoring is conducted because of suspected illegal activity or policy violations. A supervisor may only access electronic files to investigate an employee's misconduct when the access is consistent with all legal requirements and WSU policy. Such access may only be in a manner consistent with other provisions of this policy and only when approved by the President, Provost, chancellor, appropriate vice president, or dean.
- Monitoring Account Activity. An account may be inspected, monitored, or disabled when:
- Activity from an account prevents access to IT resources by others;
- General usage patterns indicate that an account is likely to be responsible for activity that is in violation of federal, state, or local law, or WSU policy;
- There is a credible report of a violation of policy or law;
- It is necessary, in the judgment of WSU administration, to do so to protect WSU from liability;
- WSU receives a public records request, a valid subpoena, or a litigation discovery request;
- WSU issues a pre-litigation or litigation hold notice; or
- It is otherwise required by law.
User's Responsibility for Maintaining Privacy
IT resources users are responsible for maintaining appropriate access restrictions for their files, as well as protecting their passwords. An employee or student who knowingly allows another person to use his or her username or password may be found responsible for any inappropriate use on the part of that person.
USE OF SOCIAL MEDIA AND RELATED ONLINE COMMUNICATION
Social media contains powerful communication tools that can be of great benefit to forwarding the mission and the message of Washington State University. These tools can also have a significant impact on organizational and professional reputations. Washington State University recognizes that social media sites, such as Facebook, LinkedIn, Twitter, YouTube, etc., and individual web pages, weblogs, or blogs, can be effective tools for exchanging information and raising the visibility of the University.
Therefore, employees are permitted and encouraged to contribute appropriate content about WSU and their work. All WSU personnel are allowed to visit or follow University social media accounts to stay abreast of University news and information and to utilize social/new media tools as sources of information and professional development in keeping with the requirements of their positions. However, there are a number of rules and guidelines when posting information about the University on both official and individual social media sites, blogs, and other forms of user-generated media. The use should be for the benefit of the University. The use should also be consistent with the nature of the employee's official business or be approved by the employee's direct supervisor. Any other communications fall under the de minimis standards of the University (see BPPM 20.37).
Participation may be part of an employee's job. WSU may ask that employees maintain work-related, supervisor-approved social media accounts or blogs, which can be managed and updated during work hours. Employees must be transparent in their activities, using their real names rather than writing anonymously or under pseudonyms, and must disclose or explain their roles at the University.
Official groups or pages must be supervisor-approved. Groups and fan pages on social media sites are easy to create and promote, sometimes making it difficult for users to identify "official" pages. However, these pages require input and maintenance to be effective. If an employee feels there's a need and value to generating an official group or page for WSU, the employee must gain approval from his or her area's dean, vice president, or chancellor before allocating time or resources to this endeavor. The employee is expected to maintain a professional attitude when representing WSU. The employee must maintain records of account/site usernames and passwords to facilitate transition of account management to another employee when necessary.
Personal versus professional use. Employees' personal social networking sites should remain personal in nature and should not be used for work-related purposes. Employees are not to use University accounts to establish or maintain personal social networking accounts.
See page five for information about creating individual web pages for official WSU purposes.
Protect confidential and proprietary information. Employees may not post confidential or proprietary information about Washington State University, students, employees, alumni, donors, or others. Employees must follow all applicable federal requirements such as FERPA, HIPAA, laws pertaining to intellectual property, NCAA regulations, and the like. Employees must adhere to all applicable University privacy and confidentiality policies. (See BPPM 90.05, 90.06, and 90.07.) Employees who share confidential information do so at the risk of disciplinary action or termination.
Respect copyright and fair use. When posting, employees must be mindful of the copyright and intellectual property rights of others and of the University.
Restrict the use of Washington State University logos. Do not use the WSU name to promote a cause, or political party, candidate, or non-WSU-affiliated product. Do not use the WSU spirit logo or any other University images or iconography on personal social media sites. (See also BPPM 35.10 and 60.90.)
Respect University time and property. Use of state resources to access social media accounts/sites is governed by state law and University policies concerning appropriate and prohibited uses. (See RCW 42.52.160, WAC 292-110-010, and BPPM 20.37.)
Employees must comply with these laws, rules, and policies when using WSU resources to access social media. Depending on an employee's duties, use of state resources to access such sites for professional development, news, and information may be recognized as an appropriate use of state resources.
Terms of service: Obey the terms of service of any social media platform employed.
Public records and records retention: Social media prepared, owned, used, or retained by WSU may be subject to the Public Records Act. (See RCW 42.56 and BPPM 90.05.) The operator of a WSU social media account must ensure that the contents of the site are properly archived and retained as required under the applicable records retention schedule. (See RCW 40.14 and BPPM 90.01.)
Employees may refer to the following website for advisory guidelines regarding the use of social media and related online communications:
Use of WSU IT resources for commercial advertising or promotional activity is generally prohibited, except as provided for in WAC 504-35-050.
The University does allow for acknowledgement of support from a non-University sponsor of an event, program, or other activity, limited to the modest placement of a sponsor's name, logo, and/or web link. Venues for allowable promotional messages or advertising must be approved in advance by the Vice President of Information Services .
Evidence of violations of federal, state, or local law, or WSU policy will be turned over to the appropriate authorities as soon as possible after detection. WSU-imposed sanctions for inappropriate use of WSU IT resources will depend upon the nature of the abuse in question. Such sanctions may include restrictions on access, suspension of the individual's user account, or revocation of the individual's user account. WSU-imposed sanctions may also include disciplinary measures, including expulsion from WSU and/or termination of employment. Any such disciplinary action will be taken in accordance with the applicable provisions of the Standards of Conduct for Students, the Faculty Manual, the Administrative Professional Handbook, civil service rules, collective bargaining agreements, or other personnel policy.