1. Acceptable Use Policy
2009 March 19
The purpose of this policy is to outline appropriate use of Information Technology
Resources owned, leased, controlled and/or operated by the University.
This policy applies to all individuals who have been granted a NetID and/or
Banner account by the University.
This policy does not replace other policies, procedures or guidelines concerning
the use of specific IT Resources or data management but rather sets out a minimum
standard of acceptable use.
In this Policy,
"User Account" means a NetID and/or Banner account issued by the University;
"Information Technology Resources", or "IT Resources",
means computing equipment, peripherals, facilities, networks or systems
owned, leased, controlled or operated by the University, including those
purchased through research funds;
"User" means an individual who has been issued a User Account.
Authorized access to IT Resources requires a User Account. User Accounts are non-transferrable.
Users are responsible for any and all uses of their User Account and are expected
to take reasonable steps to ensure the security of their User Account.
- Users shall use IT Resources for authorized purposes only.
No User shall use IT Resources for any disruptive or unauthorized purpose, or in a
manner that violates any law, University regulations, policies or procedures.
Examples of unacceptable uses of IT Resources include, but are not limited to, the following:
- using another person's User Account, or misrepresenting themselves as another User;
- disclosing passwords or other access codes assigned to themselves or others;
interfering with the normal operation of IT Resources by, among other things,
unauthorized network interception, network traffic, flooding the network with
messages, sending chain letters or pyramid solicitations;
copying, removing or distributing proprietary software and/or data without
- breaching terms and conditions of software licensing agreements;
accessing, displaying, transmitting, or otherwise making available information
that is discriminatory, obscene, abusive, derogatory, harassing or otherwise
objectionable in a university setting;
destroying, misplacing, misfiling, or rendering inoperable any stored information
on a University administered library, computer or other information storage,
processing or retrieval system;
- unauthorized use of IT Resources for profit or commercial gain; and
- attempting to or circumventing security facilities on any system or network.
Consequences of Unacceptable Use
If there is reason to suspect that a User has violated this policy, the Assistant
Vice-President, Information Technology Services or the Information Security Manager
may temporarily revoke or restrict User Account access privileges of any User,
pending further investigation by the Information Security Manager.
To aid in the investigation of a suspected violation of this policy, the Information
Security Manager may examine a User's User Account information, including, but not
limited to, emails, files, and any other material or data connected with the User
Account, provided that s/he obtains the Assistant Vice-President Information
Technology Services' prior written approval. If the User in issue works within the
Information Technology Services Department, then approval must be obtained from the
If the investigation concludes that a violation of this policy has occurred, the
Assistant Vice-President Information Technology Services may restrict, suspend or
revoke the User's access to any or all of the University's IT Resources, and may
in the case of students, initiate disciplinary proceedings
under the Code of Student Conduct; or
in the case of employees, refer the matter for
consideration of discipline in accordance with applicable collective
agreements or human resource policies, as appropriate
2. Protect yourself from online fraud
Online fraud includes phishing (pronounced "fishing"), which is a scam
where the perpetrator sends out authentic-looking emails that appear to come
from a legitimate source. These are attempts to "phish" for personal
information that the phisher can use, e.g., to impersonate you (steal your
identity). If you receive one of these emails, delete it immediately; do
not respond or act on it. Always remember, Dalhousie University will never
send emails asking for passwords, account numbers, or personal information.
If you receive a message that you think may be a phishing email, remember:
- Do not provide personal information to anyone in an email.
Be suspicious of email attachments from unknown sources. If you do
not know or recognize the sender of the email, do not open the
Do not click on links in email messages. A link in a phishing email
will take you to a fraudulent website designed to look genuine. If
you want to log in to one of our online services, type the URL
into the Address/Location window on your web browser or click on a
link in a Favourites list that you have created.
- Do not be tricked by offers of money or threats of legal action.
Do not be fooled by warnings about "security compromises" or
"security threats". The people who send phishing emails will often
make claims like these to frighten you into disclosing personal
information to resolve the supposed threat.