Skip to content

Guidelines to the Regulations for the use of computing facilities

Computer networks in general, and the Internet in particular, provide many opportunities to share information, conduct debates and investigations, and facilitate communications round the world. The University wishes all members and employees to gain maximum benefit from these systems in the furtherance of their University work and the systems are freely available for this purpose, subject to the regulations, and the limitations of the resources available and their equitable distribution.

The University expects that all staff, students, associates and others explicitly authorised to use the University’s computing facilities will exercise due responsibility in their use of these systems, and accordingly has published regulations and guidelines. These are intended to ensure that everyone is aware of the implications of possible actions and to define best practice to promote optimal use of the available systems.

These guidance notes expand on the University Regulations which largely define the legal framework in which the University operates in providing computing and networking facilities. This legal framework has implications for both the University as a corporate body and for individual members and employees. It is thus essential that you are fully aware of the regulations; if you have any queries regarding their detailed application in your area, consult IT Services (for central facilities) or your department (for departmental facilities) before proceeding.

Guidelines to Regulation 11.1

The acts specifically addressing use of computing facilities include:

  • Computer Misuse Act 1990
  • Communications Act 2003
  • Criminal Justice and Public Order Act 1994 amending the Obscene Publications Act 1956
  • Protection of Children Act 1978
  • Data Protection Act 1998
  • Copyright, Designs and Patents Act 1988
  • Regulation of Investigatory Powers Act 2000
  • Human Rights Act 1998
  • Criminal Justice Act 1998
  • Protection from Harassment Act 1997
  • Sexual Offences Act 2003
  • Official Secrets Act

In addition, the general law relating to fraud, libel etc applies. Any publication of a statement, comment or innuendo about another individual or organisation which cannot be justified at law may render the author liable to an action of defamation , though there is a defence of Innocent Dissemination for libel viz it will be "... a defence for a person to show that he was not primarily responsible for the publication of the statement complained of and that he did not know, and having taken reasonable care had no reason to know, that his acts involved or contributed to the publication of a statement defamatory to the Plaintiff". It should be noted that publication occurs at the point of communication rather than creation. Thus a libellous message received from abroad will be subject to English Libel Laws. The same principle applies to advertising and marketing material.

The University will take immediate action to remove allegedly libellous material should a prima facie case exist. The University thus draws the attention of all users to the legal consequences of their action in this area by the publication of regulations and guidelines.

The Data Protection Act provides principles and a legal framework for the use of personal information - defined as information relating to a living person - held on a computer system. This is covered in Regulation 3 .

The Copyright, Designs and Patents Act concerns intellectual property. The University has separate regulations relating to Intellectual Property.

The Regulation of Investigatory Powers Act 2000 requires the University to inform individuals of the circumstances under which it will monitor use of its computer systems and the procedures in place for doing so. The policy and procedures are detailed separately.

The Computer Misuse Act makes unauthorised access to a computer system a criminal offence. The Act defines three levels of access with increasing penalties on conviction:

  • unauthorised access to computer material - this would include: using another person's username and password without proper authority in order to use data or a program; or to alter, delete, copy or move a program or data file; or simply to output a program or data to a screen or printer. Similarly, laying a trap to obtain a password or reading examination papers or results would constitute unauthorised access.
  • unauthorised access to a computer with intent - this would include access to financial or administrative records with intent to commit a criminal offence eg theft.
  • unauthorised modification of computer material - this would include: destroying another user's files; modifying system files; creation of a virus; introduction of a local or networked virus; changing examination results or other administrative records, and deliberately generating information to cause a system malfunction.

The Criminal Justice Act amends the Obscene Publications Act 1956, the Protection of Children Act 1978, and the Telecommunications Act 1984 to extend their provisions to transmission over a data communications network. The potential 'let out' of transmission in coded form is ruled out by the concept of a pseudo photograph - electronic data that can be rendered into an image that has the appearance of a photograph.

It is important to be aware that actions are subject to legal constraints irrespective of the provenance of the equipment and systems which are used. Thus the use of personal equipment for University purposes is subject to University Regulations; the University obviously has no interest in the use of personal equipment for other purposes, provided its operation does not jeopardise the operation of the University’s own systems.

Guidelines to Regulation 11.2

Most software, data and other information made available by the University has been purchased under licences which restrict its use. The licence is a legal contract between the University and the supplier and hence all members and employees of the University must comply with the licence conditions. Normally the licence permits educational use but some licences have been obtained with more restrictive use eg for a specific research project, whilst others permit wider use eg administrative activities. The precise definition of legitimate use varies from licence to licence, but see Definition of Educational Use for a generally acceptable definition, as employed by custom and practice within the Higher Education Community and as accepted by most suppliers. If you have any doubts concerning the licensing arrangements, consult IT Services.

Irrespective of explicit licensing arrangements, the Copyright, Designs and Patents Act 1988 provides protection for the creators of original work; a computer program is explicitly protected as a literary work. The provisions are well-understood within the University in relation to photocopying, but the Act relates more generally to electronic copying and this has implications above what might be expected from knowledge of the restrictions on photocopying.

By consenting to the transmission of a communication over the network, the initiator is deemed to have agreed to the production of such electronic copies as are involved in the transmission process or in 'caching' eg for World Wide Web pages. Transmitting the works of others either directly or within a communication could infringe the copyright of the creators of the work and steps need to be taken to ensure that permission of the copyright holder has been obtained if appropriate.

In addition to committing a criminal offence, breaches of copyright can give rise to civil proceeding which could involve the perpetrator being sued for damages.

Guidelines to Regulation 11.3

The Regulation also details the University's internal procedures to ensure compliance with the Data Protection Act and the Freedom of Information Act.

Guidelines to Regulation 11.4

This regulation defines the central computing facilities and covers authorisation. Users of central computing facilities include users of:

  • central computers and general access personal computer systems
  • centrally provided services eg electronic mail, bulletin boards, access to the World Wide Web, JANET and the Internet
  • all computers at other sites accessed via the Campus Network
  • private or departmental computing and network devices used to transmit information over the Campus Network or via the University telephone system
  • remote use of equipment eg via modem or wireless connection.

Private or departmental computing and network devices include PCs, Apple Macintosh systems, UNIX workstations, PDAs and mobile phones. Since such private or departmental computing and network devices will normally operate using centrally provided facilities, particularly if they have ‘supported connections’, such devices will normally be subject to these Regulations. As the network is provided and managed by the University and is connected directly to JANET and thence to the rest of the world, the University has a range of legal obligations imposed by UK law and the network services provider, UKERNA. The regulation thus emphasises the centrality of the network and the implications for devices connected by whatever means.

Information may be retained, by prior agreement with IT Services, for a fixed period after authorisation has been withdrawn.

Guidelines to Regulation 11.5

University work comprises those legal activities which are carried out in furtherance of the purpose, aims and policies of the University.

The username and resources may be used for non-commercial, personal work provided this is compatible with other conditions of use of facilities, notably these Regulations and Guidelines, the JANET Acceptable Use Policy and software licences. Regulation 4(c) limits the University’s liabilities for personal work; in particular, the University will not assume responsibility for payments resulting from credit card or other financial transactions undertaken in a personal capacity. Personal work must not jeopardise the University work of other users, and University work will take priority over personal work.

The registered user is responsible for his/her username and resources. Such use will normally be restricted to the owner, but, exceptionally, the registered user may authorise another registered user to access their username or resources. The ability of a user to authorise another registered user to use their username and resources does not extend to access to information and resources that have been made available by specific additional authorisation. If access is provided temporarily to another person, or such access is no longer required, the authorisation should have a clear termination and steps which should be taken to minimise inadvertent access eg changing the password.

Situations where access might be allowed by agreement include:

  • Access by IT Services, departmental technical staff or colleagues to resolve problems, install software etc
  • Access for training purposes
  • Remote access from IT Services Information Desk to resolve problems etc
  • Short-term temporary staff undertaking role of user
  • Job-share
  • Project usernames
  • Retrieve file or time-critical email – owner of username is away but agrees/has agreed prior to departure
  • Access to specific item of software contractually available to person who wishes to access it
  • Access to additional filestore

Situations where access should not be allowed include:

  • Access to sensitive or restricted information, whether or not it is available to both the owner of the username and the person to whom access has been given by the owner eg personal information on student or HR system
  • Financial system where access is not available from other user’s own username
  • Facilities, systems and services authorised to the owner of the username but not to the other person’s own username – eg some information resources, specific software
  • Where an audit trail is required

The regulation defines acceptable use of central facilities, and promotes their equitable use.

Guidelines to Regulation 11.6

The regulation ensures that due notice is taken of financial implications of contract work, undertaken either in the name of the University or by the individual. University work includes all activities directly associated with the duties of members and employees of the University. Other work is defined as personal and includes those areas which the University has traditionally seen as the responsibility of students eg production of essays, dissertations and theses. The regulation ensures that due notice is taken of financial implications of contract work. Provided resources are available, the central computing facilities may be used for non-University work, including personal consultancy. A charge may be levied for such use and permission to use the facilities for such purposes must be agreed in advance with IT Services.

The Regulation makes explicit reference to intellectual property implications of activities carried out on central computing systems. The University's Regulations on Intellectual Property apply in this context. In addition, the continued use of Central Computing Facilities to generate financial or commercial benefits would render the activity chargeable and Regulation 6 then applies.

Guidelines to Regulation 11.7

This draws attention to the licensing issues relating to the University's JANET connection. The JANET Acceptable Use Policy, approved by the Higher Education Funding Councils, places obligations on the University and thence on individuals within the University.

Guidelines to Regulation 11.8

Information is understood to include text, images, video and sound; transmission is understood to include printing information, posting information via electronic mail and bulletin boards such as Usenet News, and providing information on distributed information systems such as World Wide Web.

Guidelines to Regulation 11.9

This draws a distinction between information transmitted across the University's network in the name of the University and information being transmitted in the name of a person acting as an individual. Information transmitted in a personal capacity rather than on behalf of the University must be explicitly identified as being transmitted by the individual. The requirement not to conceal the identity of persons transmitting information does not apply to situations where information is expected to be anonymous eg completing anonymous surveys and feedback questionnaires.

Guidelines to Regulation 11.10

To protect the integrity of the University’s computing facilities and the work of users, the University will monitor use of its computing facilities and take appropriate action. Monitoring includes automated processes eg virus scanning, spam management, network traffic management, filestore management, and software licence management, as well as processes involving human intervention eg determining the contents of files, arising from the above or from complaints etc. These processes are undertaken within the relevant laws, particularly the Regulation of Investigatory Powers Act 2000. The University’s procedures are defined separately. RIP Policy

The University retains logs of a range of system activities including all web browsing and email traffic (but not the contents). These logs will be kept confidential except as authorised under the RIP guidelines above. However, summaries containing no personal information may be distributed for operational purposes.

Guidelines to Regulation 11.11

This regulation indicates the link to the University’s disciplinary procedures and specifies the additional sanction of excluding access to all central computing facilities pending the outcome of disciplinary proceedings or investigations of serious offences for which a prima facie case exists. In addition, the regulation indicates the responsibilities of IT Services to ensure that use of central computing facilities is undertaken within the legal and regulatory frameworks, and to take steps to ensure that the work of other users is not jeopardised by the actions of individuals.

Guidelines to Regulation 11.12

Departments may have computing facilities which have additional restrictions on their use eg due to the provenance of the equipment, software licences or to promote equitable use of resources. Departments may need to supplement the general University regulations with those applicable to their own facilities.

Regulations