LHRIC logo SCHOOL SECURITY
LHRIC logo home | search | contact | School Security
LHRIC logo Solutions For Protecting Your Schools

Issues to Consider in an AUP:

1. Incidental Personal Use

Districts can allow incidental personal use of school computers but within certain limits. Many private companies have restricted access to the Internet to staff members because their personal use has become excessive. As long as personal use is incidental, does not interfere with job performance, and adheres to district guidelines it makes sense to allow personal access.

"School computers, networks, and Internet access are provided to support the educational mission of the school. They are to be used primarily for school-related purposes. Incidental personal use of school computers must not interfere with the employee's job performance, must not violate any of the rules contained in this policy or the student AUP, and must not damage the school's hardware, software, or communications systems."

2.  Privacy

The employee AUP policy should make it clear that the employee has no right to privacy when using the school's electronic resources. E-mail created, sent, received, and stored on school computers is not private. In fact, 29% of employers regularly monitor employee e-mail.

E-mail is not like a phone conversation but more like a written memo.

Privacy Example
A quote from a discussion on a Listserv, "The superintendent thinks football fields are more important than science labs." Accessed by a local journalist and published as a headline in the town newspaper. The author of the e-mail not thought that the comment was within the safe confines of a private threaded e-mail exchange. The court ruled that the newspaper's use of the quote constituted "fair use".

  • 27% of employers regularly review employee e-mail.

3. Confidentiality

The policy will remind employees that student information is confidential and that they should take reasonable precautions to protect against negligent disclosure. Employees who inadvertently or knowingly disclose student information without permission and consent may expose the district to violations of the Family Right to Privacy Act (FERPA).

4. Harassment

Employees may create hostile environments resulting in harassment cases brought against the district. Circulating Internet "jokes" and stories freely among staff may offend some recipients. The policy should remind employees that school's rules on harassment apply to e-communications.

  • Remind employees that the school's rules on harassment apply to e-communications.

  • Create guidelines for reporting abuse

5. Misuse of Resources

It should discourage the misuse of hardware and software and let the employee know that intentional misuse will be charged to user. Much damage can be done to school computer systems by employees who execute programs without understanding the consequences. It is not unusual to have an employee overwrite or delete an important file or program. More extensive damage has been reported by staff members reformatting hard drives or workstations and file servers. Generally, these incidents are caused by well meaning people who are not quite as technical as they believe they are.

6. Copyright

The policy should forbid illegal publishing or copying and it will state that the employee will be held responsible for violations. Reports indicate that 40% of software in use today in the U.S. is pirated and 85% of computer users have used or are using stolen programs.

7. Downloads

The policy should allow employees to download software with permission only. Employees who load or download software without permission can put the school's computer system at risk for viruses. These unauthorized system additions (e.g. MP3 files) can also oversubscribe system resources and cause slowdowns, crashes, and out of memory errors.

8. Illegal Use

The policy should forbid illegal uses and outline areas of illegality.

9. System Security

The policy should remind staff of the importance of security and make it clear that the user will be held accountable for intentional or negligent disclosure of security measures.

Employees who knowingly or inadvertently disclose their school computer system passwords, account ID's, and or remote access phone numbers to unauthorized users have put the district at risk for many potentially negative outcomes.

Irate and unhappy employees with access to key elements of the school's computer network may sabotage the system from the inside by destroying files, hiding information, or locking school employees out of key data by changing passwords.

10. Commercial Use

The policy should prohibit politics, advertising, and fundraising. The district may be vulnerable if its computer system is used by an employee to advance a political candidate or point of view.

Advertising and commercial use of the schools computer system may open the district to litigation. Employees may advertise part time occupations or solicit school employees from the schools computer system. Some employees may send solicitations directly to the school employees from their home computer.

11. Speech Restrictions

Staff can use school computers to comment on public concerns such as educational philosophy not private or personal concerns. Staff should not be discussing personal issues such as an individual conflict over a teacher's specific salary.

A superintendent e-mailed the cabinet regarding the school board election to ask them to support a specific member of the community running for the board. This sparked a state investigation.

12. General Preamble for Email & Computer Use

Electronic resources are to support the educational purpose of the district:

  • They should be used primarily for school related activities
  • Using electronic resources cannot interfere with employee's job performance
  • It cannot violate any rules of the Employee AUP or the Student AUP
  • It cannot damage the school's communication system

top

Site Last Updated: January 23, 2002 .
© Copyright Lower Hudson Regional Information Center (LHRIC).