This online version is for convenience; the official version of this policy is housed in the University Secretariat. In case of discrepancy between the online version and the official version held by the Secretariat, the official version shall prevail.
Approving Authority: Board of Governors
Original Approval Date: December 6, 1990
Date of Most Recent Review/Revision: June 1, 2023
Office of Accountability: Office of the Vice-President: Finance & Administration
Administrative Responsibility: Information and Communication Technologies
1.01 This policy provides guidance and outlines the expectations for Members of the University Community who provide and use Laurier Information Technology for study, research, teaching, administration, and personal use. The purpose of this policy is to ensure that critical Information Technology services remain available and reliable, and that each user understands and abides by this policy to ensure that the services are used for purposes appropriate for university operations.
2.01 Member(s) of the University Community: persons who currently live, work, or study on any Laurier campus. Members include Students (including student groups), Employees, adjunct and visiting faculty, and volunteers at Laurier.
2.02 Users: any person who accesses and uses Laurier Information Technology, including but not limited to Students, faculty, staff, retired faculty members, volunteers, alumni, and guest Users.
2.03 Laurier Information Technology: includes, but is not limited to, any:
2.03.01 Computing or communication devices and associated peripherals, including desktop computers, laptop computers, mobile devices, or wearable devices, video and other multimedia devices, classroom technology, facsimile machines, scanners, copiers, printers, thin clients, and telephones.
2.03.02 Computing or communications infrastructure and related equipment, including servers, switches, wired and wireless networks.
2.03.03 Programs or software, including desktop applications, mobile apps, websites, and online or external information technology and cloud services, software, or solutions, (as defined in Policy 9.5 External Information Technology and Cloud Services).
2.03.04 Services and accounts including Internet and intranet access, email, network storage, and voicemail that is owned, managed, hosted, or provided by Laurier or a third-party provider on Laurier’s behalf.
2.04 Personal Technology: includes, but is not limited to, any:
2.04.01 Computing or communication devices and associated peripherals that are the property
of an individual, including desktop computers, laptop computers, mobile devices, or wearable devices, video and other multimedia devices, facsimile machines, scanners, copiers, printers and telephones.
2.04.02 Programs or software, including desktop applications, mobile apps, websites, and online or externally hosted (cloud) information technology that are only used for personal purposes.
2.04.03 Services and accounts including Internet and intranet access, email, network storage, and voicemail that are only used for personal purposes.
2.05 Internal Information (Type 2): Information whose unauthorized release could reasonably be expected to cause minor, short-term harm to individuals or to the university and is intended for only limited dissemination. Internal Information must be guarded due to proprietary, ethical, or privacy considerations, and must be protected from unauthorized access, modification, distribution, storage or other use. Protection of such information may be required by university policy and/or provincial or federal legislation. Access to Internal Information is restricted to those who have a legitimate purpose for accessing such information. It is important to note that Internal Information in the aggregate may migrate to Restricted Information, particularly with respect to personal information about an individual.
2.06 Restricted Information (Type 3): Information that, if compromised, could reasonably be expected to result in significant and/or lasting harm to an individual or the university such as identity theft or reputational risk. This type of information is strictly protected by provincial or federal statutes or regulations, university policy, or contractual agreement(s) and must be protected from unauthorized access, modification, distribution, storage, destruction, or use. Access to Restricted Information is limited to those who have a legitimate purpose for accessing such information.
2.07 Students: For the purposes of this policy, a Student is defined as an individual registered in a for-credit academic program and/or for-credit course(s) approved by the Senate.
2.08 Staff: Employees of the University and any federated or affiliated college, but does not include persons who are members of faculty or persons who are academic librarians.
3.01 This policy applies to all Users, and uses of Laurier Information Technology, whether on, or off campus.
3.02 This policy applies to Personal Technology only when such technology is used to access or interact with Laurier Information Technology or involves Type 2 or 3 Information, as defined above. Other uses of Personal Technology may be governed by other policies and procedures, as outlined below.
4.01 General Rules
4.01.01 The use of Laurier Information Technology is governed by applicable federal and provincial law, Laurier policies, and the terms of applicable contracts and licenses. As terms and conditions in software licenses can vary considerably, the responsibility is on Users to familiarize themselves with these requirements, and abide by the limitations under each agreement.
4.01.02 The University has the right and the ability to access Laurier Information Technology, including any information on its systems or devices for a wide variety of legitimate reasons, including:
a. To engage in technical maintenance, repair, and administration.
b. To ensure the security of Laurier Information Technology and the protection of Internal and Restricted Information is maintained.
c. To meet legal requirements to produce information, including electronic records.
d. To ensure continuity of work.
e. To prevent or investigate misconduct and ensure compliance with the law and the University’s policies.
4.02 Access Rights
4.02.01 Faculty and Staff Access Rights
a. Laurier Information Technology resources and tools are to be made available to faculty and staff in support of their teaching, research, and administrative activities. Access to and use of Laurier Information Technology by any outside party requires prior approval from the Office of the Chief Information Officer, or a designate.
c. When outside professional activities would involve more than incidental use of Laurier Information Technology, approval from the User’s Manager or Dean (as appropriate) must be requested in advance. Final approval will be obtained from the Office of the Chief Information Officer, or a designate, and financial charges will be at the prevailing rate (unless an agreement is made to waive all or part of the charges).
d. Users must complete and pass the mandatory ICT training modules both before being granted access to Laurier’s network and systems application services, and on a periodic basis. The content and frequency of this mandatory training shall be determined annually by the Vice-President: Finance & Administration or a delegated committee. If the ongoing training requirement is not met, a User’s network and system access may be revoked.
4.02.02 Retired Faculty and Staff (including Professors Emeriti) Access Rights Continued use of Laurier Information Technology by retired employees is recognized to have a beneficial impact on research, teaching, and other university operations. However, continued access to Laurier Internal and Restricted Information will only be granted on an as needed basis, and in accordance with the ‘Procedures for the Continued Access of Retired Employees to Laurier Information Technology’. Laurier retired employees who are also employed as Contract Teaching Faculty, contract staff, or temporary staff (floater talent pool), will fall under section 4.02.01 for the course of their current employment at Laurier.
a. Personal use (including downloading software) will not be permitted where it could affect the security of Laurier Information Technology, privacy of Laurier Internal or Restricted Information, or interfere with university operations.
4.02.03 Student Access Rights
b. While Personal Use of Laurier Information Technology by Students is acceptable, this use must not interfere with university objectives or requirements.
4.02.04 Alumni Access Rights
a. Selected Laurier Information Technology resources may remain available to alumni. Access to these resources is at the discretion of Information and Communication Technologies and licensing agreements. Data contained in any solutions available to Alumni (such as continued use of their student email account) is not guaranteed and is subject to University record retention policies and procedures.
4.03.01 Users of Laurier Information Technology are expected to use these resources in a manner that preserves the privacy of others and the integrity of systems and software.
Users shall not:
a. Disclose confidential passwords, access codes, account numbers or other authorization assigned to them.
b. Attempt to gain unsanctioned access to the files, file systems, or accounts of another user
c. Attempt to gain access to Laurier Information Technology, including Laurier Internal and Restricted Information without clear authorization.
d. Attempt to intercept any network communications, such as electronic mail or instant messages.
e. Attempt unauthorized access or otherwise interfere with computing and communication installations external to Wilfrid Laurier University using Laurier Information Technology.
a. Co-operate with data deletion requests when required by Information and Communication Technologies or the Privacy Office.
b. Co-operate with information or data requests when required by the Office of Legal Services and Fair Practices Office or the Privacy Office.
c. Report any lost Laurier Information Technology or compromised accounts immediately to the ICT Service Desk.
4.03.02 The University will meet its purpose by acting reasonably but considering the primary functions of Laurier Information Technology resources and tools, Users should understand that there is no guarantee of privacy.
4.04 Inappropriate Use
4.04.01 Users must use Laurier Information Technology only for the purposes for which they were authorized. Malicious, destructive, or illegal activity engaged in by Users with or to Laurier Information Technology is unacceptable. By way of illustration only, some examples of such activities include:
a. Impersonating other individuals in communications.
b. Attempting to capture or decode passwords or encryption.
c. Theft, destruction or unauthorized alteration of data, programs, or hardware belonging to or licensed to other Users or the university.
d. Willful introduction of computer viruses into Laurier Information Technology systems.
e. Restricting or blocking access to Laurier Information Technology by legitimate Users.
f. Accessing, downloading, or distributing any material that would contravene any applicable regulation or legislation.
g. Removing, re-wiring, or disconnecting installed Laurier Information Technology in classrooms, computer labs, meeting rooms, or other spaces where communication technologies are installed.
4.05 Harassment & Discrimination
4.05.01 Users bear the primary responsibility for their use of Laurier Information Technology.
4.05.02 Users must not use Laurier Information Technology to create, access, send, display, or print materials or media that either do or are likely to:
a. Create an atmosphere of discomfort or harassment for others in public shared facilities.
b. Contain obscene or harassing messages.
c. Contravene relevant policies or statutes.
d. Bully or cyber-bully others whether through misuse of power, or through any means intended to offend, intimidate, insult, undermine, humiliate, denigrate or injure.
4.05.03 Users are directed to the provisions of the Ontario Human Rights Code and the Criminal Code of Canada for assistance in determining whether any images, sounds, videos or messages may be considered harassing or obscene.
4.06 Electronic Communications
4.06.01 Users of email, social media accounts, instant messaging accounts, and other electronic communications tools and services, either accessed through or provisioned as Laurier Information Technology, are required to use these resources in a responsible manner consistent with other business communications.
4.06.02 Irresponsible and inappropriate use of email includes, but is not limited to:
a. ‘Rebroadcasting', i.e., forwarding email that is deemed confidential by the sender to third parties.
b. Posting materials that contain virus hoaxes or spam.
c. Sending email in such a way that disrupts normal email service.
d. Sending materials that are fraudulent, defamatory, harassing or of a threatening nature.
e. Unlawfully soliciting or exchanging copies of copyrighted material by email.
f. Misrepresentation or failure to accurately identifying oneself as the sender of the communication.
4.06.03 Staff, faculty, and retired Users should clearly identify themselves through an email signature that specifies their name, position, and contact information; this can also include an affiliation with another institution or agency connected with their official work, if any.
4.07 Consequence of Violation
Users who violate these principles may be subject to disciplinary action. Any violation of this policy should be reported immediately to a user’s manager or dean, as applicable, or to the Office of the Chief Information Officer, or a designate, in the absence of such a person. Users unsure of whether their intended use Laurier information technology violates these principles should consult with the Office of the Chief Information Officer, or a designate.