||Computer users shall be liable for activities on their accounts. Relevant federal
and state laws and university regulations shall apply. The university shall reserve
the right to limit, restrict, or extend computing or communications privileges and
access to its information resources.
||Preamble. This policy exists within a framework of state and federal laws, along with CSU
and campus policies that may be related to the use of technology. The CSU has published
a system-wide policy (Information Security Responsible Use Policy; https://calstate.policystat.com/policy/10593951/latest/) which applies broadly to all members of the campus community with respect to the
use of CSU information assets. Where an existing law or policy applies to an activity
that stems from the use of technology, that existing law or policy will be observed
conjunction with this SDSU Responsible Use Policy. The SDSU Information Security Policies
and Practices (https://it.sdsu.edu/security/policies) builds on the CSU Responsible Use Policy.
The use of University information technology resources is subject to existing requirements
of legal and ethical behavior within the University community. Specifically, "Campus
information technology resources" may be campus computers or other devices, or use
of the campus network via a non-campus owned computer or device, or use of a hosted
"cloud" application or resource which is used to support the campus mission.
Electronic communications: University electronic communications are to be used to
enhance and facilitate teaching, learning, scholarly research, to support academic
experiences, to facilitate the effective business and administrative processes of
the University, and to foster effective communications within the academic community.
Violations may result in University disciplinary action or referral to appropriate
||Scope of Policy. This acceptable use policy applies to all uses of University information technology
(IT) resources. This includes the resources under the management or control of the
Information Technology Division (ITD) or other units of San Diego State University,
as well as auxiliaries e.g., Research Foundation, Aztec Shops, etc.. A "user" is defined
as any individual who uses, logs into, or attempts to use or log into, an application
or system; or who connects to, or attempts to connect to or traverse, a network, whether
by hardware or software or both, whether on campus or from remote locations. The policy
addresses the confidentiality, integrity and availability of such resources in support
of the University’s missions, codifies appropriate usage and establishes the need
for users to respect the rights of others and to be in compliance with other University
policies, policies of external networks and resources, and all applicable federal,
state and local laws and regulations.
Security and Privacy. The same principles of academic freedom and privacy that have long been applicable
to written and spoken communications in the University community apply also to electronic
information. The University cherishes the diversity of perspectives represented on
this campus and, accordingly, does not condone either censorship or the unauthorized
inspection of electronic files.
Freedom of thought, inquiry, and expression is a quintessential academic value. Material
considered offensive to one person may not be to others and may constitute expression
protected by the First Amendment of the United States Constitution. SDSU relies on
the integrity and responsible use of campus technology resources by each of its members
and expects adherence to the highest academic standards. Materials that violate applicable
laws (e.g., child pornography, copyright infringement, etc.) or SDSU policy (e.g.,
sexually explicit content creating a hostile work environment, etc.) may not be accessed
through or stored on campus technology resources.
Users should be aware, however, that the University cannot guarantee absolute security
or privacy. Users should therefore engage in "safe computing" practices by safeguarding
their accounts, and regularly changing and never sharing their passwords. Backup and
recovery systems must be implemented in accordance with University disaster recovery
guidelines, and all institutional systems must utilize security controls (such as
multi-factor authentication) in accordance with effective practices and University
policies and procedures.
Users should also be aware that their uses of University information technology resources
are not completely private as the information contained will be subject to the University's
obligation to respond to subpoenas or other court orders, reasonable discovery requests,
university inquiries relating to alleged violations of law and/or policy, and public
requests for documents pursuant to California and Federal Law. All University records
are subject to public record requests, unless an expressed exception in the law recognizes
the confidentiality of the material, such as the exceptions provided for student,
medical, or library records.
The Public Records statute contains no general exception for documents generated by
faculty or staff in the course of their employment. As a result, faculty and staff
should refrain from keeping personal information on University systems, and utilize
a personal email account for their personal communications. Additionally, users should
be aware that University records that are otherwise subject to open records requests
do not become confidential if they are created or stored on personally owned devices
or in personal accounts. Hence, the absolute privacy of electronic communication cannot
All users of SDSU information technology resources are advised to consider the open
nature of information disseminated electronically, and should not assume any degree
of privacy or restricted access to such information. Further, SDSU may inspect, capture,
lock, or disclose electronic communications records without the consent of the holder
of such records or the owner of the account:
- When required by and consistent with the law;
- When there is a substantiated reason to believe that violations of law or policy have
- When there are compelling circumstances that limit the ability of the record holder
to give permission; or
- Under critical operational or security-related circumstances.
Individual Responsibilities. Access to SDSU’s information technology resources is a privilege granted to faculty,
staff and students in support of their studies, instruction, research, duties as employees,
official business with the University, and/or other University-sanctioned activities.
Access may also be granted to emeritus faculty, staff and administrators and individuals
outside of SDSU. including volunteers and contractors, for purposes consistent with
the mission of the University.
The University retains the right to set priorities on use of its computer and network
resources and to limit recreational or personal uses when such uses could reasonably
be expected to cause strain, directly or indirectly, on any computing facilities;
to interfere with research, instructional, or administrative computing requirements;
or to violate applicable policies or laws.
Authorized users are expected to:
Examples of misuse include, but are not limited to, the activities in the following
- Protect information, data, and systems, and clearly and accurately identify oneself
in electronic communications.
- Use computer and network resources efficiently.
- Ensure that the use of computer resources and networks is oriented toward the academic
and other missions of the University.
- Ensure that default passwords are changed using strong password methodologies and
prohibiting use by unregistered Users.
Violations of this policy may lead to disciplinary actions, up to and including termination
or expulsion, as well as revocation of access to university information technology
- Violation of applicable Federal or State laws, CSU or Campus policies.
- Copyright infringement - reproduction or distribution of copyrighted works not according
to the Copyright laws or Fair use.
- Knowingly running or installing on any computer system or network or giving another
user a program intended to damage or place excessive load on a computer system or
- Using facilities and computer systems for commercial purposes, or personal financial
gain (except where permitted by academic policy).
- Use of a University computer account to engage in consulting services, software development
for private profit, advertising products/services, crypto-currency mining, and/or
other commercial profit-based endeavors.
- Purposely sending electronic junk mail, phishing, or chain letters.
- Using a computer account or password that a user is not authorized to use.
- Forging or misrepresenting one’s identity, or altering or concealing the source of
electronic communications, such as creating or editing an email to make it appear
as if the message was sent by someone else.
- Using electronic communication (via email, listserv, chat, web conference or otherwise)
to harass or intimidate others.
Implementation/Procedural Considerations. Upon initial access and annually thereafter, users must acknowledge they have read
and agree to abide by the Responsible Use Policy and applicable standards.
Revocation of Access. Violations of university computing policies may result in the revocation of access
or the discontinuance of an account or the loss of computing privileges. Any revocation
of access or loss of computing privileges for faculty, staff and administrators will
be subject to and consistent with university policies relating to discipline. The
revocation of access, discontinuance of an account or the loss of computing privileges
for an emeritus faculty, staff, or administrator or for a non-SDSU employee, including
volunteers and contractors, as a result of a violation of university computing policies
will be at the discretion of the appropriate campus governing bodies. Security misuse
resulting in the immediate need to revoke access will be at the discretion of the
Vice President for Information Technology.
The university may also revoke access and/or discontinue an account for emeritus faculty,
staff, and administrators as well as for non-SDSU employees when there is a pattern
of non-use over a period of one year.
||Legality and Enforcement
||University policies shall not supersede federal or state laws. Illegal actions may
result in prosecution.
||Violations of university computing policies may result in the revocation of access
or the discontinuance of an account or the loss of computing privileges.
Computer files, electronic mail, and computing accounts shall not be absolutely private
and may be subject to access by various authorized persons in compliance with the
California Public Records Act.
||Operational procedures shall be determined and periodically reviewed by the Instructional
and Information Technology Committee.