Digital Technologies Acceptable Use Policy
Print FriendlyIntent
This policy directs Authorised Users in the acceptable use of James Cook University's (JCU) the University) Digital Technologies and Digital Technology Assets, emphasising the collective responsibility of all Authorised Users to uphold the University’s secure Digital Environment.
Scope
This policy applies to all Authorised Users of the University’s Digital Technologies including:
(a) Australian Tropical Campuses;
(b) JCU controlled entities;
(c) Singapore Campus;
(d) Brisbane Campus.
regardless of location, whether during or after business hours or whether on JCU-owned or privately owned devices.
Definitions
For a comprehensive list of definitions, terms and explanations used in this policy, refer to the Digital Policy Glossary.
Policy
1. Acceptable Use of Digital Technologies
1.1 Access and Communication: Authorised Users may access and communicate information and utilise Digital Technology Assets for legitimate academic, research, business and administrative purposes that align with the University's mission and objectives.
1.2 Collaboration and Sharing: Authorised Users may engage in collaboration and sharing through University-supported tools and platforms, provided the content adheres to the University's policies, procedures and guidelines.
1.3 Personal Development: Authorised Users may access Digital Resources for personal development, such as skill-building, professional networking, or educational resources, within reasonable limits and without interfering with University’s Digital Operations.
1.4 Research and Innovation: Authorised Users may use Digital Resources to conduct research, develop new projects, or engage in innovative activities, provided such activities comply with applicable laws, ethical guidelines, and University policies.
1.5 Social Media and Online Communities: Authorised Users may participate in social media and online communities for professional and academic purposes (limited personal use is permitted in accordance with 1.9), ensuring they uphold the University's reputation and respect others' privacy, confidentiality, and intellectual property rights. Refer to the Social Media Policy.
1.6 Software and Applications: Authorised Users may use and install software and applications on University devices, provided they have appropriate licenses, comply with terms and conditions, and have obtained necessary approvals from relevant University authorities.
1.7 Data Storage and Backup: Authorised Users must store, backup, and retrieve University-related data using JCU-approved storage solutions where provided, to ensure the security and privacy of sensitive information. If an alternative solution is required (i.e. complex research data), users must comply with JCU’s research data storage requirements and ensure that these storage options adhere to applicable Data Protection standards and regulations. For data related to LearnJCU, please refer to the LearnJCU Data Management Procedure.
1.8 Remote Access: Authorised Users may access University Digital Resources remotely, including but not limited to University-owned computers, personal devices, and mobile devices, provided security protocols are adhered to. Remote access must be established through secure connections, such as Virtual Private Network (VPN), and must utilise multi-factor authentication and secure passwords to protect the University's Digital Resources and Data and Information Assets, and must have secure and up-to-date software to mitigate security risks and vulnerabilities.
1.9 Limited Personal Use: Authorised Users may engage in Limited Personal Use of Digital Technologies provided it does not interfere with their job duties, consume excessive Digital Resources, or violate any University policy, legal requirements, or ethical guidelines. Limited Personal Use of University Digital Communication Systems and Digital Resources is a privilege.
1.10 Compliance with Legal Jurisdictions: All use of University Digital Technologies and Digital Resources must comply with laws and regulations applicable in the location from where the resources are being accessed, as well as with all relevant University policies.
2. Unacceptable Use of Digital Technologies
2.1 Unauthorised Access and Misuse: Authorised Users must not access, alter, or share data of Digital Technology Assets without proper authorisation, or use University Digital Technologies for Unauthorised purposes, such as hacking, phishing, or circumventing security measures as outlined on the Web Safety webpage. This includes not accessing, storing, or distributing inappropriate, offensive, or menacing material.
2.2 Harassment and Discrimination: Authorised Users must not engage in any form of harassment, discrimination, or offensive behaviour within the Digital Environment, or through the use of the University Digital Technology Assets and Digital Resources. This includes sending inappropriate messages, images, or materials, or creating hostile online environments. Refer to the Bullying, Discrimination, Harassment and Sexual Misconduct Policy.
2.3 Copyright Infringement and Intellectual Property Violations: Authorised Users must not violate copyright laws, licenses, or other intellectual property rights by downloading, distributing, or using Unauthorised materials, such as software, documents, images, or music through Digital Technologies. Refer to the Intellectual Property Policy.
2.4 Disruptive Activities: Authorised Users must not engage in activities that disrupt the normal functioning of Digital Technologies, such as spreading malware, spamming, intentionally causing system failures, or introducing or distributing security threats like viruses or harmful malware.
2.5 Unethical or Illegal Activities: Authorised Users must not use Digital Technologies to engage in unethical or illegal activities, such as fraud, identity theft, or accessing prohibited content.
2.6 Misrepresentation and Impersonation: Authorised Users must not misrepresent their identity or impersonate others using Digital Technologies, or use University Digital Resources to create fake accounts, profiles, or websites.
2.7 Excessive Personal Use: Authorised Users must not engage in personal use of Digital Technologies that consumes significant Digital Resources, interferes with job duties or academic performance, or violates University policies or legal requirements.
2.8 Unauthorised Commercial Use: Authorised Users must not use Digital Technologies for personal financial gain or non-University commercial activities, such as promoting businesses, soliciting customers, or engaging in Unauthorised sales or advertisements.
2.9 Compromising Privacy and Confidentiality: Authorised Users must not disclose, share, or misuse Personal Information and Sensitive Information, or attempt to access or intercept such information without proper authorisation when using Digital Technologies.
2.10 Offensive Material Restrictions: Authorised Users are prohibited from accessing, transmitting, storing, or displaying offensive materials, including pornography, except when required for legitimate academic or research purposes that have received University approval.
2.11 Unauthorised Surveillance: Unauthorised surveillance or interception of electronic communications by any party other than the University's authorised personnel for legitimate purposes such as security and compliance, is strictly prohibited.
2.12 Misuse of University Credentials: Authorised Users must only use University-provided credentials (i.e., email addresses and passwords) for appropriate University-related activities. They should not be used for personal activities such as online shopping, social media, or any other non-university related activities.
3. Software Licences
3.1 All software provided by the University is licensed primarily to the University, however approval may be granted to Authorised Users for use at home or other locations on non-University owned computers during the course of work or study with the University.
3.2 Authorised Users must adhere to the terms and conditions of these licenses. Any Unauthorised use or failure to comply with contractual obligations and terms of use stated in the software license agreements may lead to the revocation of access. Unauthorised duplication or distribution of licensed software is prohibited.
3.3 Upon termination of employment or completion of study, or upon notification by the University of its termination of the software license agreement, Authorised Users must discontinue use and un-install the software from non-University owned computer(s).
4. Access and Authentication
4.1 Access to the University's Digital Resources is granted based on the role and responsibilities of each Authorised User.
4.2 Authorised Users must strictly prohibit the sharing of their Authentication Credentials with others or attempting to gain Unauthorised Access to Digital Resources. It is essential to emphasise the importance of individual accountability and the strict prohibition against sharing Authentication Credentials to maintain the integrity and security of University Digital Resources.
4.3 Authorised Users must maintain secure passwords, regularly update them and avoid using easily guessable passwords.
4.4 All Authorised Users must use Multi-Factor Authentication (MFA) where supported.
4.5 Authorised Users are granted access to University Digital Resources for legitimate University purposes. Such access should be used responsibly and must not be used to infringe upon others' rights or to violate any laws or University policies. The University reserves the right to restrict or revoke access if this policy is breached.
4.6 Authorised Users must ensure the password used for accessing University Digital Resources is distinct from their personal accounts, including non-university email accounts, online shopping accounts, and social media platforms, to preserve the integrity and security of University resources.
5. Monitoring and Privacy
5.1 The University reserves the right to monitor, access, log, and analyse the activities of Authorised Users on University Digital Resources. This includes conducting periodic reviews and audits to ensure compliance with this policy and to safeguard the University's Digital Technologies.
5.2 The University reserves the right to block, filter, or restrict any use of the University’s Digital Resources that breaches this policy, exceeds acceptable use limits, or poses a security risk to the University’s Digital Infrastructure.
5.3 Subject to the provisions of the University’s Information Privacy Policy and relevant legislation, the University may disclose the contents of electronic communications without permission from the Authorised User in situations deemed necessary, such as investigations of Policy Violations or to ensure the security of the University's Digital Resources.
5.4 The University will not use the Personal Information of Authorised Users for purposes beyond those necessary for the operation of Digital Resources, unless explicitly authorised by the user or as required by law.
5.5 The University may take immediate remedial action to address threats to the University’s Digital Resources that are essential for the operation and use of Digital Technologies. This could include suspending an Authorised User’s access, confiscating University-owned electronic devices, and/or disconnecting or disabling equipment, with or without prior notice.
6. Consequences of breach
6.1 The University views Breaches of this policy very seriously and will evaluate instances on a case by case basis, taking into account the nature and gravity of the offence, its impacts and any prior violations by the Authorised User. Breaches may result in disciplinary action in accordance with the misconduct/serious misconduct processes outlined in the Staff Code of Conduct, Student Code of Conduct, Student General Misconduct Procedure, Bullying, Discrimination, Harassment, and Sexual Misconduct Policy, Copyright Policy, Information Privacy Policy, or any other relevant University policies and procedures. Staff refer to the JCU Enterprise Agreement.
6.2 Consequences of breaches may include, but are not limited to:
- Referral of the matter to the police and/or other relevant external authority.
- Grounds for misconduct or serious misconduct, potentially leading to temporary or permanent revocation of access, or termination of employment for severe offenses.
- Measures to protect a person who has made a Public Interest Disclosure (in consultation with the University’s Public Interest Disclosure Coordinator) or action taken in respect of suspected Corrupt Conduct (in consultation with the University’s Crime and Corruption Commission Liaison Officer).
6.3 Sanctions may vary based on the severity and implications of the breach. These can range from warnings and counselling to more severe actions such as suspension or termination of employment, suspension or exclusion from the University, confiscation of University-owned electronic devices, or disconnecting or disabling equipment with or without notice.
Related policy instruments
Code of Conduct – University Council
Copyright Policy and Procedure
Coursework Academia Integrity Procedure
Digital Technologies Acceptable Use Procedure
Fraud and Corruption Procedure
Information Security - Access and Account Management Procedures
Intellectual Property Policy and Procedure
James Cook University Enterprise Agreement 2022
LearnJCU Data Management Procedure
Personal Information Data Breach Procedure
Public Interest Disclosure Procedure
Space Allocation and Management Policy
Student Code of Conduct Policy
Student Digital Experience Policy
Student General Misconduct Procedure
Student Professional Misconduct Procedure
Related documents and legislation
Queensland Australia
James Cook University Act 1997 (Qld)
Information Privacy Act 2009 (Qld)
Telecommunications Interception Act 2009 (Qld)
Queensland Right to Information Act 2009 (Qld)
Public Interest Disclosure Act 2010 (Qld)
Crime and Corruption Act 2001 (Qld)
Telecommunications (Interception and Access) Act 1979 (Cth)
The Computer Misuse and Cyber Security Act (Cap 50A) (Singapore)
Copyright Act (Cap 63) (Singapore)
Spam Control Act (Cap 311A) (Singapore)
Undesirable Publications Act (Cap 338) (Singapore)
Administration
NOTE: Printed copies of this procedure are uncontrolled, and currency can only be assured at the time of printing.
Approval Details
Policy Domain | University Management |
Policy Sub-domain | Digital |
Policy Custodian | Deputy Vice Chancellor, Services and Resources |
Approval Authority | Vice Chancellor |
Date for next Major Review | 10/10/2028 |
Revision History
Version | Approval Date | Approved by | Implementation Date | Details | Author |
| 23-1 | 10/10/2023 | Estate Committee | 27/10/2023 | Major review. Previously titled ICT Acceptable Use Policy. | Chief Information Security Officer |
22-1 | 13/07/2022 | DVC SR | 18/07/2022 | Added para 2.6 directing authorised users to use multi-factor authentication where required. | Manager, Information and Cyber Security |
17-1 | 23/02/2017 | 27/02/2017 | Updated and aligned with ICT Acceptable Use Procedures and Access Account Management Procedures. | ICT | |
14-1 | 25/11/2014 | 4/12/2014 | Policy established at Futures Committee 25/11/2014 – refer to (3/14) minutes for details | ICT |
Keywords | acceptable use, authorised users, University ICT services |
Contact person | Chief Information Security Officer |
Digital Technologies Acceptable Use Procedure
Information Security - Access and Account Management Procedure