Computing and network resources are important components of the University infrastructure. These Guidelines govern the appropriate and ethical use of these resources, inform users of expectations and responsibilities assumed in the use of Waterloo computing and network resources, and clarify the context.
- Waterloo encourages the use of computing and network resources to enhance the working and learning environment of its members.
- These resources are provided primarily to support and further the mission of Waterloo.
- Waterloo values and strives to provide its members with an environment of free inquiry and expression. Freedom of expression and academic freedom in electronic format have the same latitude as in printed or oral communication.
- Members of the Waterloo community are responsible and accountable for their actions and statements, which includes exercising reasonable restraint in the consumption of shared resources. Users of computing and network resources are expected to be aware of and comply with applicable provincial and federal laws and pertinent Waterloo policies [e.g., Ethical Behaviour #33; Extra-University Activity (Faculty Members) #49; Use of Proprietary Software #64; Conflict of Interest #69; Student Discipline #71; Intellectual Property Rights #73].
- Waterloo strives to protect the privacy of system users and to provide reasonable security for Waterloo computing and network resources. A system user's account is normally accessed only with the user's informed consent1. However, circumstances may arise that justify access absent the user’s consent; examples include where security is at issue, Freedom of Information (FoI) requests, or apparent breach of applicable laws or Waterloo policies and procedures.
- With regards to cloud services, data stored are subject to the vendors data retention policies, which may change from time to time. Generally, there is no capability to restore deleted data beyond the user-accessible facilities (e.g., versions and recycle bin) provided by the vendor.
Contained within and following from the Guiding Principles are rights and responsibilities of both the user and the University. Some of these are presented below.
University of Waterloo rights and responsibilities:
- To allocate the use of and access to Waterloo computing and network resources.
- To define access privileges of Waterloo users and, for just cause, to revoke such privileges.
- To inform Waterloo users of their rights and responsibilities in the use of Waterloo computing and network resources, and to communicate clearly the terms and conditions under which access to and use of such resources are provided.
- To ensure reasonable safeguards to protect the privacy of Waterloo users.
- To ensure reasonable security for Waterloo computing and network resources and to act upon complaints.
User rights and responsibilities:
- To a presumption of reasonable privacy in the use of the computing resources assigned to them2.
- To use University computing and network resources in a manner which does not unduly interfere with the study, work or working environment of other users.
- To be accountable for the use of computing and network resources assigned to the user.
- To seek permission from the appropriate University authority to use Waterloo computing or network resources for purposes different from those for which they were allocated or acquired.
- Users of cloud services are expected to exercise the utmost care when sharing files (e.g., verify spelling of names and email addresses).
When circumstances arise that would appear to justify accessing a user’s account absent consent (e.g., suspicion of criminal or inappropriate use), the appropriate course of action will be determined by the supervisor(s) of the user in question, in consultation with the appropriate member(s) of University Committee on Information Systems & Technology (UCIST)3.
When criminal behaviour is suspected, Waterloo Police will provide advice on how to proceed. If the person requesting access is the user’s supervisor (directly or indirectly), then his/her supervisor will make the determination.
When agreement on a course of action cannot be reached, the issue will be escalated to the next supervisory level, with the final link in the escalation path being the Provost or his/her delegate. The Provost’s decision is final. When there is doubt as to what action is appropriate, advice should be obtained from the Associate Provost, Information Systems & Technology (IST) and/or the Secretary of the University, who may in turn seek legal advice. When a user’s account is accessed, there must be two persons present (one to serve as witness; individual to be dictated by circumstance; likely manager’s manager).
Misuse of the University's computing and network resources may result in disciplinary action within the University. Any such action undertaken will be governed by relevant Waterloo policies [e.g., Staff Employment #18; Ethical Behaviour #33; Student Discipline #71] and the Memorandum of Agreement. Disciplinary measures resulting from alleged infringements of Waterloo policies may be appealed under the grievance processes for staff (Policy 36), students (Policy 70), and faculty (Article 9 of the Memorandum of Agreement).
Approved by University Committee on Information Systems & Technology (UCIST), June 14, 2019
- Users should be aware that normal system maintenance procedures, such as regular backups or routine troubleshooting, may involve access without users’ consent. In such cases, files are not viewed and personal data are not collected.
- Users should be aware that certain information (login records, network traffic, services used and by whom, etc.) is gathered routinely, and may be used during investigations of possible inappropriate computer or network use.
- University Committee on Information Systems & Technology.