The Northeastern University Appropriate Use Policy 6/7/06
Prior Versions Obsolete
The information systems of Northeastern University are intended for the use
of authorized members of the Northeastern community, in the conduct of their
academic and administrative work.
To protect the integrity of computing and information resources against unauthorized
or improper use, and to protect authorized users from the effects of unauthorized
or improper usage, the University reserves the right, with or without notice,
to monitor, record, limit or restrict any account holder's access and/or usage.
The University may also monitor, record, inspect, copy, remove or otherwise
alter any data, file, or system resources. The University reserves the right
to periodically check these systems and to take any other actions necessary
to protect the computer, network and telecommunications facilities. The University
also retains access rights to all files and electronic mail on its computing
and network facilities. Anyone using these systems or networks expressly consents
to such monitoring.
Any unauthorized, inappropriate, illegal or illegitimate use of the University's
computing and information resources, or failure to comply with these guidelines
shall constitute a violation of University policy and will subject the violator
to disciplinary action by the University up to and including termination of
employment or relationship, and may result in legal action.
When a violation is identified, the appropriate system manager or unit head
will undertake a review and initiate action in accordance with University policy.
In addition, the University may require restitution for any use of computer
or network services that violates these guidelines. The University may also
provide evidence of possible illegal or criminal activity to law enforcement
Notwithstanding any other provision of this policy, authorization to access
the information systems of Northeastern University ends at the termination of
employment, end of a recognized role or relationship, or loss of sponsorship.
Students may continue to use their Northeastern electronic mail account for
up to one (1) year after graduation.
Any questions about this policy or the applicability of this policy to a particular
situation should be referred to the Director of Information Security and Identity
Services, or Director of Internal Audit.
The University's information systems consist of all networking, computing and
telecommunications wiring, equipment, networks, security devices, servers, computer
systems, computers, computer laboratory equipment, workstations, Internet connection,
cable television plant, and all other intermediary equipment, services and facilities.
These assets are the property of Northeastern University. The Appropriate Use
Policy describes how these assets are permitted to be used.
1. Access to and use of Northeastern information systems is a privilege granted
by the University to its faculty, staff and students. Additional electronic
experiences as they may be offered to parents and extended populations, are
included under the access and use provisions of this paragraph. Access for up
to one academic year for others including "sponsored" individuals
whose relationship with Northeastern is a result of a University recognized
affiliation or relationship, must be approved by the authorizing unit's Dean
or Vice President. Such access may not be renewed without the written approval
of the Senior Vice President for Administration and Finance. The University
retains sole discretion over the extent to which access privileges are granted
2. Users may only use those computer accounts and facilities that have been
authorized by the University for their use. Use of another person's account,
and/or security devices, the presentation of false or misleading information
or credentials for the purpose of obtaining access to information systems, or
unauthorized use of computing or electronic facilities, is prohibited.
3. Users are responsible for all use of information systems conducted under
their user ID(s), and are expected to take all precautions including password
security and file protection measures to prevent use of their accounts and files
by unauthorized persons. Sharing of passwords is prohibited.
4. Users may not offer, provide, lend, rent or sell access to University information
systems. Users may not provide access to individuals outside the University
community. Expansion or redistribution of Northeastern's networking and cable
television services are not permitted. Personal, private or departmental switches,
routers and wireless access points may not be connected to centrally-managed
network segments, except only as may be agreed to in writing between the device
owner and Information Services. For security reasons, dial-up modems may not
be in-use on computers while they are connected to the University network, except
only as may be required for bona fide academic or administrative purposes, and
where appropriate security measures are in place.
5. Use of University information systems for hosting non-University activities
must have the explicit written authorization of the Senior Vice President for
Administration and Finance prior to the use.
6. While the University attempts to protect electronic communication and files
from unauthorized access, this cannot be guaranteed. Users may not access, copy
or move files including, but not limited to programs, data and electronic mail
that belong to another account, without prior authorization from the account
holder. Files may not be moved to other computer sites without permission from
the holder of the account under which the files reside.
7. Users may not use remote resources such as printer and file systems, regardless
of location on or off the Northeastern network, unless the administrator of
the remote resource has first granted permission to do so.
8. Northeastern information systems may be used for lawful purposes only. Users
must not use their accounts or Northeastern information systems for unlawful
purposes, including, but not limited to the installation of fraudulently or
illegally obtained software, illegal dissemination of licensed software, sharing
of content where the disseminator does not hold lawful intellectual property
rights, or propagating chain letters, pyramid, ponzi, other unlawful or deceptive
schemes, or for any purpose contrary to local, state, federal law or University
9. Use of University information systems must comply with the provisions of
copyright law and fair use. Copyright law limits the right of a user to decrypt,
copy, edit, transmit or retransmit another's intellectual property, including
written materials, images, sounds, music, and performances, even in an educational
context, without permission, except where such use is in compliance with Fair
Use or TEACH Act provisions.
10. Printed materials and storage media containing sensitive and/or protected
information shall be handled in accordance with published Information Disposal
Guidelines and Asset Disposition procedures.
11. Users are responsible for the timeliness, accuracy and content/consequences
of their web pages and other electronic writings. Posting of personal, family
or other identifying information is at the sole discretion of the user, and
is a discouraged practice.
12. University information systems may not be used for commercial purposes except
only as permitted with explicit prior written approval of University Counsel
and the Senior Vice President for Administration and Finance.
13. Internet use must comply with the Terms of Service stipulated by our Internet
service provider(s). These policies are incorporated by reference. In addition,
the acceptable use, Terms of Service and/or other policies of the system(s)
also bind users of the Internet connection and resources to which they connect.
At the time of this writing, the Internet service providers for Northeastern
University are Level3 Communications (www.level3.com), Sprint (www.sprint.com),
Northern Crossroads (www.nox.org), and Abilene Network/Internet2 (abilene.internet2.edu).
14. Users may not use information systems irresponsibly, wastefully, or in a
manner that adversely affects the work or equipment of others at Northeastern
or on the Internet.
15. Electronic messages pertaining to the official business of the University,
including all academic and administrative matters, shall be sent from University-owned
messaging systems. For example, student inquiries must be sent from myNEU e-mail
accounts. Replies from faculty or staff must be sent to the same accounts. In
cases where third-party messaging systems are used to originate a message, and/or
where a party chooses to forward messages from a University-owned system to
a third-party system, individuals using these systems shall be solely responsible
for all consequences arising from such use.
16. The University's information systems, and the messages, e-mail, files, attachments,
graphics and Internet traffic generated through or within these systems, are
property of the University. They are not the private property of any University
employee, faculty, staff, contractor, student or any other person. No user of
University systems should have an expectation of privacy in their electronic
communications. All electronic communications, files and content presented to
and/or passed on the Northeastern network, including those to, from or through
Internet connection(s), may be monitored, examined, saved, read, transcribed,
stored or re-transmitted by an authorized employee or agent of the University,
in its sole discretion, with or without prior notice to the user. The University
reserves and intends to exercise the right to do so. Electronic communications
and content may also be examined by automated means.
Northeastern reserves the right to reject from the network or block electronic
communications and content deemed not in compliance with policies governing
use of information systems at the University. The University may make appropriate
disclosures of written and/or electronic information or data from the University's
information systems, including with respect to an investigation of alleged misconduct
or wrongdoing and/or to law enforcement, pursuant to lawful inquiries and/or
legal process. By accessing Northeastern information systems, users give Northeastern
permission to conduct each of the operations described above.
17. The confidentiality of any message or material should not be assumed. Even
when a message or material is deleted, it may still be possible to retrieve
and read that message or material. Further, the use of passwords for security
does not guarantee confidentiality. Messages read in HTML may identify the reader
to the sender. Aside from the right of the University to retrieve and read any
electronic communications or content, such messages or materials should be treated
as confidential by other students or employees and accessed only by the intended
recipient. Without prior authorization, students and employees are not permitted
to retrieve or read electronic mail messages not sent to them.
18. Notwithstanding the University's right to audit or monitor its information
systems, all users are required to observe the confidentiality and privacy of
others' information accessed through Northeastern information systems, including
information pertaining to University programs, students, faculty, staff and
affiliates. Without proper authorization, University system users are not permitted
to retrieve or read electronic mail messages not sent to them. With proper University
authorization, the contents of electronic mail or Internet messages or materials
may be accessed, monitored, read or disclosed to others within the University
19. The University strives to maintain the security and privacy of electronic
communications. All use, dissemination and disclosures of student information
must comply with the provisions of the Family Educational Rights and Privacy
Act (FERPA) of 1974. University FERPA policies are available at http://www.neu.edu/handbook/general.html
All use, dissemination and disclosures of protected health information must
also comply with the provisions of the Health Insurance Portability and Accountability
Act (HIPAA) of 1996. University HIPAA policies are available at http://www.adminm.neu.edu/other/hippa.htm.
20. The University reserves it’s right to use manual and/or automated
means to assess materials submitted as academic work submitted electronically
for signs of plagiarism or other form(s) of academic dishonesty.
21. The University reserves the right at any time, without prior notice or permission
from the user or users of a computer or other Northeastern-owned computing device,
to seize such devices and/or copy or have copied, any and all information from
the data storage mechanisms of such devices as may be required in the sole discretion
of the University in connection with investigations of possible wrongdoing.
22. By accessing and/or using any Northeastern information or telecommunication
system, including its network, e-mail or Internet services, the user agrees
and expressly consents to the terms of this policy, and gives Northeastern permission
to conduct each of the operations, monitoring or oversight practices described
in this policy, including but not limited to those in sections 18 through 22.
23. The Appropriate Use Policy specifically prohibits the use of Northeastern
University information systems or facilities to:
* Harass, threaten, defame, slander or intimidate any individual or group;
* Generate and/or spread intolerant or hateful material, which in the sole judgment
of the University is directed against any individual or group, based on race,
religion, national origin, ethnicity, age, gender, marital status, sexual orientation,
veteran status, genetic makeup, or disability;
* Transmit or make accessible material, which in the sole judgment of the University
is offensive, violent, pornographic, annoying or harassing, including use of
Northeastern information systems to access and/or distribute obscene or sexually
explicit material unrelated to University sanctioned work or bona fide scholarship;
* Generate unsolicited electronic mail such as chain letters, unsolicited job
applications or commercial announcements;
* Generate falsely identified messages or message content, including use of
forged content of any description;
* Transmit or make accessible password information;
* Attempt to access and/or access information systems and/or resources for which
authority has not been granted by the system owner(s);
* Capture, decipher or record user IDs, passwords, or keystrokes;
* Intercept electronic communications not intended for the recipient;
* Probe by any means the security mechanisms of any resource on the Northeastern
network, or on any other network through a connection to the Northeastern network;
* disclose or publish by any means the means to defeat or disable the security
mechanisms of any component of a Northeastern University Information System
* Alter, degrade, damage or destroy data;
* Transmit computer viruses or malicious/destructive code of any description;
* Conduct illegal, deceptive or fraudulent activity;
* Obtain, use or retransmit copyrighted information without permission of the
* Place bets, wagers or operate games of chance; or
* Tax, overload, impede, interfere with, damage or degrade the normal functionality,
performance or integrity of any device, service or function of Northeastern
information systems, content, components, or the resources of any other electronic
system, network, service or property of another party, corporation, institution
The above enumeration is not all-inclusive. If there is a question as to whether
a specific use is appropriate or acceptable under this policy, the University's
sole determination shall prevail.
24. Use of Northeastern University information systems must comply with all
applicable local, state and federal laws, including, but not limited to, the
following which are incorporated herein by reference:
* Massachusetts General Laws Chapter 266, Sections 33(a) and 120(f), which imposes
sanctions for, among other acts, destroying electronically processed and stored
data or gaining unauthorized access to a database or computer system.
* United States Code, Title 18, Sec. 1030 et seq., Computer Fraud and Abuse
Act, which imposes sanctions for, among other acts, knowingly accessing a computer
without authorization or in excess of authorized access, knowingly causing damage
to protected computers, or trafficking in password information.
* United States Code, Title 18, Sec. 2510 et seq., Electronic Communications
Privacy Act, which imposes sanctions for, among other acts, interception of
wire, oral or electronic communications.
* United States Code, Title 18, Sec. 2701 et seq., Stored Wire and Electronic
Communications and Transactional Records Act, which imposes sanctions for, among
other acts, intentionally accessing without authorization, a facility through
which electronic communication service is provided, or intentionally exceeding
authorization to access a facility, thereby obtaining, and thereby obtaining,
altering, or preventing authorized access to a wire or electronic communication
while it is in electronic storage.
NOTICE OF RIGHT TO CHANGE APPROPRIATE USE POLICY
The University reserves the right to change this policy or any portion of the
policy, at any time, without prior notice. Changes to this policy are effective
upon posting at http://www.help.neu.edu, where the most current version resides.
Appropriate Use Policy, Appendix A: Retiree E-mail Service
Retiree e-mail service provides continuation of the University-owned e-mail
address and account for individuals who have attained fifty-five years of age
with ten years service, and who have officially retired from the University
as reflected in the records of the Human Resources Management. Individuals who
have not retired from the University; those who have not attained ten years
service; and/or those with prior history of technology abuse or violation of
University policy, are ineligible for retiree e-mail service. All provisions
of the Appropriate Use Policy apply also to retiree e-mail service.
Enrollment and Renewal of Service
Enrollment for retiree e-mail service is made through the Office of Human Resources
Management during the retirement intake process, where a retiree may elect to
participate or not. Once an account is continued, accountholders are invited
to renew their retiree e-mail account annually by replying to an invitation
e-mailed by the University. In order to retain service, an accountholder renews
their account by replying to the emailed invitation. On the renewal anniversary,
an un-renewed account is terminated and all content is permanently deleted.
The renewal anniversary of a retiree e-mail account may or may not be coincident
with the actual date of retirement.
Means of access
The retiree e-mail service may be accessed using industry-standard solutions
that do not require a specific type of e-mail client software. For example,
a web browser may be used.
The departmental affiliation for retiree e-mail accounts is listed in the electronic
directory as “University Retiree”. If a retiree returns to work,
the new departmental affiliation is listed.
Disclosure and Use of Protected Information
Protected information such as student records and student e-mail addresses in
the electronic directory, are protected records, and may not be disclosed in
whole or in part to any person unless such disclosure is in compliance with
University Policy and all applicable regulations. Disclosure and/or use of faculty
and staff e-mail addresses for commercial purposes is prohibited. Use of information
contrary to this provision may result in permanent revocation of the retiree
e-mail account, and may expose the accountholder to civil and/or criminal liability.
Personal address book
Personal address books are not automatically preserved at retirement. Retirees
for whom a personal address book is essential, are recommended to export personal
address books prior to leaving the University. Assistance is available from
the IS Help Line.
Response to student inquiries
Since an outstanding student issue or inquiry may not always be resolved prior
to the time of an individual’s retirement, users of retiree e-mail service
are expected to read and reply to student e-mail seeking to resolve such issues.
Death of Accountholder
The University shall be under no obligation to preserve, retain or disclose
account content following death of an accountholder. The University may in its
discretion, upon receipt of a written notarized request from the legally-designated
representative of the deceased, choose to provide to the representative, an
electronic copy of the remaining content in the decedent’s mailbox. Where
such content is provided, the University reserves the right to retain content
proprietary to the University. The University shall have no liability to any
person or entity for the direct, indirect, or consequential losses of any disclosure
made under this section.
No Rights Conferred
Right to Amend, Change, or Terminate Service
Access granted by virtue of the retiree e-mail service does not confer rights
of any kind. The University reserves the right to amend, change or terminate
the retiree e-mail service at any time, with or without notice, without further
Acceptance of Terms and Conditions
Use of the retiree e-mail service shall constitute acceptance of the terms and
conditions of the Appropriate Use Policy, as well as the terms and conditions
in Appropriate Use Policy, Appendix A: “Retiree E-Mail Service”.