Privacy Statement

Statement

Thank you for your interest in using AirPennNet, the University's campus-wide wireless network. AirPennNet offers secure access to PennNet (the University's data network) encrypting user data over the wireless airwaves. To utilize this network, your network connection requires specific settings. This wizard will ensure that your device is properly configured.

During the configuration process Information Systems and Computing (ISC) will collect certain data regarding the device that you are using to connect to AirPennNet. The data includes, for example, manufacturer; operating system version and patch level; whether antivirus software is installed; and whether Windows Automatic Update Service is activated. The purpose of the data collection is to develop aggregated information for local IT Directors regarding possible network risks, and to help them prioritize remediation efforts. Thus, data is aggregated based on the user's organizational affiliation in the Penn Community, making it possible to provide the data to the appropriate IT Director. (For students, mail code is also collected to indicate whether in a University residence.) Users' respective PennNames are purged before the aggregated data is provided to IT Directors; the PennNames are also purged from ISC's logged data.

Questions

Support for AirPennNet services is provided by the schools, units, and residences with which users are affiliated. Contact Your Local Support Provider for assistance. If you have privacy-focused questions or concerns, contact Penn's Privacy Office at privacy@upenn.edu.



Policy on Acceptable Use of Electronic Resources

Summary

This policy defines the boundaries of "acceptable use" of limited University electronic resources, including computers, networks, electronic mail services and electronic information sources, as detailed below. It includes by reference a self-contained compilation of specific rules that can be modified as the electronic information environment evolves.

The policy is based on the principle that the electronic information environment is provided to support University business and its mission of education, research and service. Other uses are secondary. Uses that threaten the integrity of the system; the function of non-University equipment that can be accessed through the system; the privacy or actual or perceived safety of others; or that are otherwise illegal are forbidden.

By using University electronic information systems you assume personal responsibility for their appropriate use and agree to comply with this policy and other applicable University policies, as well as City, State and Federal laws and regulations, as detailed below.

The policy defines penalties for infractions, up to and including loss of system access, employment termination or expulsion. In addition some activities may lead to risk of legal liability, both civil and criminal.

Users of electronic information systems are urged in their own interest to review and understand the contents of this policy.

Purposes

The University of Pennsylvania makes computing resources (including, but not limited to, computer facilities and services, computers, networks, electronic mail, electronic information and data, and video and voice services) available to faculty, students, staff, registered guests, and the general public to support the educational, research and service missions of the University.

When demand for computing resources may exceed available capacity, priorities for their use will be established and enforced. Authorized faculty and staff may set and alter priorities for exclusively local computing/networking resources. The priorities for use of University-wide computing resources are:

Highest: Uses that directly support the educational, research and service missions of the University.

Medium: Other uses that indirectly benefit the education, research and service missions of the University, as well as and including reasonable and limited personal communications.

Lowest: Recreation, including game playing.

Forbidden: All activities in violation of the General Standards or prohibited in the Specific Rules interpreting this policy.

The University may enforce these priorities by restricting or limiting usages of lower priority in circumstances where their demand and limitations of capacity impact or threaten to impact usages of higher priority.

Implied consent

Each person with access to the University's computing resources is responsible for their appropriate use and by their use agrees to comply with all applicable University, School, and departmental policies and regulations, and with applicable City, State and Federal laws and regulations, as well as with the acceptable use policies of affiliated networks and systems (See Appendices to Specific Rules).

Open Expression in the Electronic Information Environment: The rights to freedom of thought, inquiry and expression, as defined in the University's Guidelines on Open Expression, are paramount values of the University community. The University's commitment to the principles of open expression extends to and includes the electronic information environment, and interference in the exercise of those rights is a violation of this policy and of the Guidelines on Open Expression. As provided in the Guidelines, in case of conflict between the principles of the Guidelines on Open Expression and this or other University policies, the principles of the Guidelines take precedence.

General Standards for the Acceptable Use of Computer Resources: Failure to uphold the following General Standards for the Acceptable Use of Computer Resources constitutes a violation of this policy and may be subject to disciplinary action.

The General Standards for the Acceptable Use of Computer Resources require:

Enforcement and Penalties for Violation:  Any person who violates any provision of this policy, of the Specific Rules interpreting this policy, of other relevant University policies, or of applicable City, State, or Federal laws or regulations may face sanctions up to and including termination or expulsion. Depending on the nature and severity of the offense, violations can be subject to disciplinary action through the Student Disciplinary System or disciplinary procedures applicable to faculty and staff.

It may at times be necessary for authorized systems administrators to suspend someone's access to University computing resources immediately for violations of this policy, pending interim resolution of the situation (for example by securing a possibly compromised account and/or making the owner of an account aware in person that an activity constitutes a violation). In the case of egregious and continuing violations suspension of access may be extended until final resolution by the appropriate disciplinary body.

System owners, administrators or managers may be required to investigate violations of this policy and to ensure compliance.

Amendment

Formal amendment of the General Standards of Acceptable Use of Computing Resources or other aspects of this policy may be promulgated by the Provost following consultation with the University Council Committee on Communications, publication "For Comment" in Almanac, a reasonable waiting period, and publication "Of Record" in Almanac.

Interpreting this policy

As technology evolves, questions will arise about how to interpret the general standards expressed in this policy. The Vice President for Information Systems and Computing shall, after consultation with the University Council Committee on Communications, and subject to the same waiting period and publication provisions as above, publish specific rules interpreting this policy.

Waiver

When restrictions in this policy interfere with the research, educational or service missions of the University, members of the University community may request a written waiver from the Vice President for Information Systems and Computing (or designee).

Further information

For further information about University computing regulations or Commonwealth of Pennsylvania and Federal computing laws, contact the University Information Security Officer at (215) 898-2172, or send e-mail to: mailto:security@isc.upenn.edu

Specific Rules Interpreting the Policy on Acceptable Use of Electronic Resources

The following specific rules apply to all uses of University computing resources. These rules are not an exhaustive list of proscribed behaviors, but are intended to implement and illustrate the General Standards for the Acceptable Use of Computer Resources, other relevant University policies, and applicable laws and regulations. Additional specific rules may be promulgated for the acceptable use of individual computer systems or networks by individual Schools, departments, or system administrators.

Content of communications

Identification of users

Anonymous and pseudonymous communications are permitted except when expressly prohibited by the operating guidelines or stated purposes of the electronic services to, from, or through which the communications are sent. However, when investigating alleged violations of the Guidelines on Open Expression, the Committee on Open Expression may direct the University's Information Security Officer, or an authorized system administrator, to attempt to identify the originator of anonymous/pseudonymous messages, and may refer such matters to appropriate disciplinary bodies to prevent further distribution of messages from the same source.

The following activities and behaviors are prohibited:

Access to computer resources

The following activities and behaviors are prohibited:

Operational integrity

The following activities and behaviors are prohibited:

Appendices

Relevant University policies

This Acceptable Use Policy incorporates and supersedes the earlier Policy on Ethical Behavior with Respect to the Electronic Information Environment. The use of computing resources is also required to conform to the following University policies:

In addition, specific policies of the University's Schools, departments, computer systems and networks, and other general University policies and regulations are also applicable to the use of computer resources. These policies include, but are not limited to, the following:

  • Patent Policy
  • Policy Relating to Copyrights and Commitment of Effort for Faculty
  • Policy on Unauthorized Copying of Copyrighted Media
  • Policy on the Uses of University Resources
  • Policy on Guidelines on the Confidentiality of Student Records
  • Procedures Regarding Misconduct in Research
  • Policy on Privacy in the Electronic Environment
  • Code of Academic Integrity
  • Protocols for human subjects research: any research involving human subjects must be approved by the Committee on Studies Involving Human Beings
  • Acceptable Use Policies of individual Schools, departments, computer systems, and networks
  • Guidelines for Administrators of Penn E-mail Systems.
  • Applicable laws

    Computer and network use is also subject to Pennsylvania and Federal laws and regulations. Suspected violations of applicable law are subject to investigation by University and law enforcement officials. Among the applicable laws are:

    [an error occurred while processing this directive]