11.1.1 The University aims to facilitate the flow of information, while protecting the confidentiality, availability and integrity of information and complying with legal and contractual requirements.
11.1.2 This Regulation applies to everyone who uses or processes University information including, but not restricted to, University staff and students, staff of University companies, associates, partners, contractors, consultants, visitors and guests.
11.1.3 This Regulation applies to information of any nature and in any format which is:
11.1.4 For the avoidance of doubt, this Regulation applies to all information as described in clause 1.3 wherever it might be found physically or in digital format.
11.1.5 This regulation applies to all networks and systems provided by the University, including, but not limited to, all systems and networks to which you gain access by virtue of your association with the University; and to personal equipment interacting with University networks and/or systems.
11.2.1 Everyone must abide by the law, University of York information policies, and the regulations of third parties whose information is used and processed for or by the University.
11.2.2 Users of information and information systems must be aware of, and fulfil their responsibilities under, the Government’s Prevent Strategy.
11.2.3 Users of information and information systems must not:
11.3.1 Users must not share their University IT Accounts with anyone without prior written authorisation from IT Services.
11.3.2 Users must not disclose their University IT Account passwords to anyone.
11.3.3 Users must not obtain or use a University IT Account password for a University Account belonging to a third party.
11.3.4 Users must not use their University IT account to gain or facilitate deliberate unauthorised access to facilities or services accessible via the University network.
11.3.5 Users must not impersonate a third party or otherwise disguise their identity on University networks and systems.
11.3.6 Users may access University IT services for personal purposes. Personal use may be withdrawn if such use is deemed to be excessive.
11.3.7 Personal use must not hinder or interfere with contractual or professional duties, or with course or research obligations.
11.3.8 Personal use must not hinder or interfere with the use of University IT services by others.
11.4.1 When breaches of this Regulation are suspected the University will conduct an investigation to determine the nature and severity of the breach, to implement remedies and to suggest further courses of action as appropriate.
11.4.2 Breaches of this Regulation by University staff or students may be referred for further action following the University’s Disciplinary procedure and guidelines.
11.4.3 In addition to the Disciplinary procedure and guidelines procedure and process described there, the University reserves the right to take action to mitigate the effect of the breach during or after any investigation. Action might include, but is not limited to:
11.4.4 Information about suspected or actual breaches will be passed to law enforcement agencies as appropriate to the case.
11.4.5 Where a third party reports a suspected or actual breach of these Regulations the University will cooperate with third parties relevant to the breach, and may share data outside the University in the furtherance of the investigation, subject nevertheless to the rights of any data subjects concerned.
11.5.1 The Director of Information Services is responsible for the enforcement of this Regulation. The Director of Information Services may delegate this responsibility to other people he/she judges to be appropriate in the circumstances of each case.
11.5.2 The University monitors and records the use of its IT services and may access data during investigations as described in the IT Investigations and Data Access Policy.
11.5.3 University Officers, Heads of Departments and Section Heads are responsible for ensuring staff, students and associates comply with this Regulation.
11.5.4 Everyone is responsible for informing the Deputy Registrar and Director of Corporate and Information Services if they become aware of a breach of this Regulation.
- Regulation 1
Regulations for higher doctorates
- Regulation 2
Regulations for research degree awards
- Regulation 3
Regulations for awards relating to taught programmes of study
- Regulation 4
This regulation no longer exists
- Regulation 5
Regulations on assessment
- Regulation 6
General academic regulations and procedures for taught programmes
- Regulation 7
- Regulation 8
Enrolment, residence and payment of fees
- Regulation 9
Election of members to the Senate
- Regulation 10
Freedom of speech within the University
- Regulation 11
Use of computing facilities
- Regulation 12
- Regulation 13