The use of university information technology (IT) resources is a privilege
extended in good faith to authorized students, employees, alumni, and affiliates
for purposes relating to education, research, service, and administration.
Responsible and acceptable use preserves the security, integrity, and availability
of information technology resources and assures the authentication and accountability
of each user.
The university, including its computing and networking facilities, is
a forum for the exchange of ideas. UT cannot protect users from the presence
of material they may find offensive. The presence of such material, however,
must not be represented or construed as an endorsement or approval by the
The use of university information technology resources is governed by all
applicable university policies and the laws of the state of Tennessee and
the United States. The university will address the violation of these policies
appropriately. Violators will be subject to disciplinary action, including
the loss of IT privileges or termination of employment. Illegal activities
involving university IT resources may also be subject to prosecution by state
or federal authorities.
University IT resources are provided for use in conducting authorized university
business. Using these resources for personal gain or illegal or obscene activities
is prohibited. Although not an inclusive list, examples of such use include
theft, fraud, gambling, copyright infringement, sound or video recording piracy,
and either viewing or distributing child pornography.
Note:The prohibition against using university IT resources for
personal gain does not apply to scholarly activities, including the writing
of textbooks or preparation of other teaching materials by faculty members,
as recognized in the Statement
of Policy on Patents, Copyrights, and Licensing. Consulting and other
activities that relate to the faculty member's professional development
are also not included in the prohibition of using IT resources for personal
gain (except where prohibited by the software license agreement-see 17-18
below). For approved consulting and other activities, see policies on compensated
outside services in campus/unit faculty handbooks.
Tennessee's Little Hatch Act prohibits the use of university resources on
behalf of any party, committee, agency, or candidate for political office
(Tennessee Code Annotated 2-19-206). Therefore, employees should not
use university computers, printers, letterhead, e-mail and surface mail systems,
facilities, or other resources to endorse specific political candidates.
The chief information officer, or individual designated by the chancellor
or vice president of each campus and unit, has the authority and responsibility
for the development of technology standards and guidelines to ensure the effective
implementation of this policy. (The university's Office
of Information Technology has developed policies and guidelines for the
entities under their jurisdiction. These policies address responsibilities
for system and network administrators and users, among other areas. The policies
can be found at http://oit.utk.edu/itp/)
The university encourages the use of e-commerce and online business processes
as a way to improve services to the university community, but commercial links
must be presented in a way that preserves the image and reputation of the
university and conforms to policies. It is essential that e-commerce systems
maintain adequate security and that departments hosting such services safeguard
the integrity of data related to these transactions. To ensure compliance
with policy and ensure that security is addressed, users should follow fiscal
policy on Internet sales (see FISCAL
The university will take reasonable steps to ensure that its IT resources
are free of deliberately destructive software, such as viruses. Users must,
however, share this responsibility and should ensure the integrity of any
electronic media they introduce. Users should also maintain up-to-date virus
protection software to be considered a responsible user of IT resources. A
free copy of anti-virus software is available for the Knoxville campus at
campuses should contact their computer
support personnel for similar software.
"Hacking" into university computers or networks is strictly prohibited and
may be subject to prosecution by state or federal authorities. Examples of
prohibited activities include, but are not limited to:
Attempts to make any unauthorized connection to the UT network
Attempts to use the university's IT resources without authorization
Attempts to read, copy, or destroy files belonging to others unless those files have deliberately been made accessible by the owner or the owner has authorized such access
A denial of service attack launched against users or UT networks
Intentional damage to or disabling of computers, networks, or software
Deliberate attempts to circumvent data protection or other security measures, including running password cracking programs
Note: The examples of prohibited activities above apply to all
UT network systems, including student systems, alumni and development, and
the university's accounting system (IRIS).
The university employs various measures to protect the security of its computing
resources and its users' accounts. Users must, however, share in this responsibility
and should engage in safe computing practices, which include guarding passwords,
routinely changing passwords, not sharing passwords with other users, and
not using others' passwords.
While the university recognizes the role of privacy in an institution of
higher learning and every attempt will be made to honor that ideal, there
should be no expectation of privacy of information stored on or sent through
university-owned information systems and communications infrastructure.
The normal operation and maintenance of the university's IT resources
results in the backup and caching of data and communications (see 14
below). Furthermore, information regarding Web sites visited, deleted files,
and other communications may be retrievable. This information may be created
automatically by the computer without the user's knowledge and may include
communication through third-party Internet servers such as AOL, Yahoo!,
Employees who receive requests under the Tennessee Public Records Act should
not release documents. Certain records relating to students; research; proprietary,
trade secret, or patentable material; or certain medical records may not be
considered public records. Therefore, all requests should be forwarded to
the public information officer, who will review the request, contact the general
counsel if needed, and oversee any disclosures.
The university also reserves the right to preserve or inspect any information
transmitted through or stored in its computers, including e-mail communications
and individual login sessions, without notice when:
There is reasonable cause to believe the user has violated or is violating
this policy, any campus guidelines or procedures established to implement
this policy, or any other university policies;
An account appears to be engaged in unusual or unusually excessive activity;
The user has voluntarily made information accessible to the public such
as a Web page;
It is necessary to do so to protect the integrity, security, or functionality
of the university's IT resources or to protect the university from liability;
It is otherwise permitted or required by law, such as subpoena or court
For purposes of this policy, e-mail includes point-to-point messages, postings
to newsgroups and listservs, and any electronic messaging involving computers
and computer networks. Organizational e-mail accounts, including those used
by student organizations, are held to the same standards as those for individual
use by members of the university community. Also see 12 above.
Users are responsible for saving or archiving their e-mail. The university
retains e-mail only for system recovery and backup purposes. This length of
time varies according to the system administrator. Recommended retention time
is 14 to 30 days.
While not an exhaustive list, the following uses of e-mail by individuals
or organizations are considered inappropriate and unacceptable by the university.
In general, e-mail may not be used for the initiation or re-transmission of:
Chain mail—e-mail sent repeatedly from user to user,
with requests to send to others.
Harassing or hate mail—any threatening or abusive e-mail
sent to individuals or organizations which violates university policies
Viruses—malicious computer codes that include, but are
not limited to, computer virus, Trojan Horse, worm, and hoax.
Spam or e-mail bombing attacks—intentional e-mail transmissions
that disrupt normal e-mail service.
Junk mail—unsolicited e-mail that is not related to university
business and is sent without a reasonable expectation that the recipient
would welcome receiving it.
False identification—any actions that defraud another
or misrepresent or fail to accurately identify the sender.
Just as minimal personal telephone use is allowed and is sometimes necessary,
employees should use the same discretion concerning the university's IT resources.
Therefore, minimal personal use of these resources is permitted by this policy,
except when such use:
Is excessive or interferes with the performance of the user's university
Results in additional incremental cost or burden to the university's
Is otherwise in violation of this policy.
Further restrictions may be imposed upon personal use by a user's supervisor
or in accordance with normal supervisory procedures concerning the use of
Each software package includes a license agreement that details restrictions
on the use of the software. The university expects software users to follow
the provisions in these license agreements regarding copying, improvements,
number of concurrent users, and similar provisions, even though the university
has not signed the license agreements and does not agree to be bound by certain
other provisions of the agreements.
License agreements differ among software publishers. It is important that
users read and understand the license agreement for each software package.
Because of the unique nature of computer software, the federal copyright
law recognizes two limited exceptions to the usual prohibitions against copying
or altering copyrighted work. If the copy or adaptation does not meet one
of the following exceptions, it is a violation of federal law. The licensee
or purchaser of software may:
Make one backup copy for use in the event that the original disk is
damaged or destroyed beyond use. The backup copy must be destroyed if
the license for the underlying computer program is discontinued.
Make a copy or adaptation if the new copy or adaptation is an essential
step in utilizing the program on the licensee's or purchaser's computers.
Any additional copy or adaptation must be an essential step in utilizing
the program, and not merely for convenience.