Information technology policies ensure that everyone's use of the Institute's computing and telecommunications resources supports its educational, research, and administrative mission in the best possible way. Effective support of the Institute's mission requires complying with relevant legal, contractual, professional, and policy obligations whenever information technology is used. Effective support also means that individuals should not interfere with the appropriate uses of information technology by others.
This policy statement covers privacy of Institute records; information security and preservation; responsible use of MIT computers, networks, and telephones; privacy of electronic communications; and the acquisition and use of third-party products and services.
13.2.1 Privacy of Institute Records
All members of the MIT community are responsible for ensuring that their handling of information about individuals is consistent with the Institute's policy on privacy of information (see Section 11.2). This policy applies to all records of the Institute and to any other appearances of all or part of the information in those records.
The privacy of individuals must be protected, regardless of the form or the location in which the information about them is stored, including computer media. Access to personal information must be limited to authorized users for approved purposes. Such information must be safeguarded from unauthorized access. Individuals who are authorized to access personal information about others should not make unauthorized disclosure or use of it.
The availability of computerized information about individuals may appear to encourage the use of those records for purposes beyond those for which the information was originally collected. Such secondary uses of information about individuals are inappropriate, unless undertaken in accordance with the Institute's policy on privacy.
13.2.2 Information Security and Preservation
MIT has an obligation to provide accurate, reliable information to authorized recipients and to preserve vital records (see Section 13.3 Archival Policy). MIT is increasingly dependent on the accuracy, availability, and accessibility of information stored electronically and on the computing and networking resources that store, process, and transmit this information. Records created and maintained in electronic form are included in the Institute's definition of archival materials.
Individuals who manage or use the information and computing resources required by the Institute to carry out its mission must protect them from unauthorized modification, disclosure, and destruction. Information--including data and software--is to be protected, regardless of the form or medium that carries the information. Protection shall be commensurate with the risk of exposure and with the value of the information and of the computing resources.
13.2.3 Responsible Use of MIT Computers, Networks, and Telephones
MIT's computers, networks, and telephones offer many opportunities to share information on campus and to access resources off campus. All members of the MIT community are obligated to use these facilities in accordance with applicable laws, with Institute standards of honesty and personal conduct, and in ways that are responsible, ethical, and professional.
The use of MIT's telephones is restricted to Institute business and necessary personal telephone calls. Necessary personal telephone calls include calls to arrange family and personal schedules, medical-related calls, and other reasonable calls; these calls should be brief. No reimbursement to MIT is required for such calls.
Telephone calls related to personal businesses and activities are prohibited unless a personal telephone credit card is used or an explicit agreement for reimbursement to MIT has been established with the appropriate organization.
MIT's computing and networking facilities and services are to be used for Institute purposes only and not for the benefit of private individuals or other organizations without authorization. Unauthorized access to and use of MIT computer and network services violates this policy.
Members of the Institute community should not take unauthorized actions to interfere with or alter the integrity of MIT computers, networks, telephones, or the information accessed through them. Efforts to restrict or deny access by legitimate users of the Institute's computers, networks, and telephones are unacceptable. Individuals should not use MIT facilities to interfere with or alter the integrity of any other computers, networks, telephones, or information, irrespective of their location.
Destruction, alteration, or disclosure of data or programs belonging to others without authorization is inappropriate. Individuals should not connect unauthorized equipment to or tamper with MIT information technology facilities or equipment. Using any of the information technology resources of the Institute for unethical purposes, such as harassment, is unacceptable.
13.2.4 Privacy of Electronic Communications
Federal laws protect the privacy of users of wire and electronic communications from illegal interception. Individuals who access electronic files or intercept network communications at MIT or elsewhere without appropriate authorization violate Institute policy and may be subject to criminal penalties.
The law also regulates disclosure of information within an electronic mail system by providers of electronic mail services. MIT departments and other providers of electronic mail services at the Institute who are asked to disclose information from an individual's electronic files without the individual's authorization should seek guidance from the Office of the Vice President for Information Systems.
13.2.5 Acquisition and Use of Third-Party Products and Services
Special restrictions are often placed on the use of information technology products and services--such as hardware, software, documentation, and databases--acquired from outside sources. Members of the MIT community are required to abide by the restrictions imposed by suppliers on information technology products and services acquired for use at the Institute.
Unless it has been placed in the public domain, most third-party software is protected by copyright law. Under US copyright law, it is illegal to duplicate copyrighted software or documentation--except for one archival copy--without the permission of the copyright owner. Unauthorized copying includes lending software to others so that they can make unauthorized copies, as well as letting someone use your computer to make an unauthorized copy. It is illegal to distribute unauthorized copies of software by any means, including a computer network.
Use of hardware, software, databases, and documentation may be further restricted by patent law, as a trade secret, or by contract law in the form of a license or other agreement. When a department, laboratory, center, or individual acquires hardware, software, documentation, or access to proprietary databases from outside sources for use at MIT, the department is responsible for obtaining Institute approval that the terms and conditions of any associated license or other agreement are consistent with relevant Institute policy, such as the research policy statements and the policies on Intellectual Property (see Section 13.1).
When supervisors, instructors, or others arrange for authorized distribution of information technology products and services from outside sources, those individuals are responsible for ensuring that the people having access to the products and services are advised of all the associated usage restrictions.
Search | Section
Contents | P&P; Contents |
P&P; Index |
Updates
Comments to
policies@mit.edu