Chailey School - ICT Acceptable Use Policy (AUP)

By using the CLZ and other school ICT resources, you confirm that you agree with and will abide by the terms of the Acceptable Use Policy below. This system is monitored and sanctions may include, but are not limited to, suspension or closure of your network user account. Remember, this is your Learning Zone which we hope you will enjoy using responsibly.

The following statements reflect the School's ICT Acceptable Use Policy, or AUP, and outline the standards and attitudes we expect from students when using the systems. The school reserves the right to amend this policy from time to time in order to protect students and/or ICT systems.

➢ Students must not interfere with the work of others on the system.

➢ The facilities must be used in a responsible manner, in particular you must not:
• Create, transmit, store or forward material that is designed or likely to cause annoyance, inconvenience, anxiety, hatred or offence.
• Create, transmit, store or forward obscene or indecent material.
• Create, transmit, store or forward defamatory material.
• Create, transmit, store or forward material that infringes the copyright of another person or organisation (including music, video, intellectual property or other material without the written permission of the owner).
• Gain deliberate unauthorised access to facilities or services via local, national or international networks.
• Introduce or cause to be introduced, viruses or their derivatives to computer systems and/or networks.

➢ You must not gain unauthorised access to or violate the privacy of other people's files, corrupt or destroy other people's data or disrupt the work of other people.

➢ It is your responsibility to prevent inappropriate access to your files by not publicising or giving anyone else your passwords. Passwords are private to individual users and must not be shared. Do not use easy-to-guess passwords such as ‘password’ or part of your name. Files may be reviewed both automatically and manually by ICT Technicians to ensure users are using the system responsibly. Users should not expect that files stored on servers or disks will always be private.

➢ You must comply with the requirements of the relevant legislation including the:

• Computer Misuse Act 1990
• Copyright, Designs and Patents Act 1998
• The Data Protection Act 1984

Further information:

The following descriptions attempt to provide guidance to the main points of the law but should not be regarded as a definitive statement of law.

1) The Computer Misuse Act 1990

The Computer Misuse Act identifies three specific offences:

(a) Unauthorised access to computer material
(b) Unauthorised access with intent to commit or facilitate the commission of further offences
(c) Unauthorised modification of computer material

The act defines (a) the basic offence, as a summary offence punishable on conviction with a maximum fine of £2,000 or both. The Act goes on to describe offences (b) and (c) as triable either summarily or on indictment, and punishable with imprisonment for a term not exceeding five years or a fine or both.

The offences described in the Act may be interpreted within universities by the examples given below. These are intended as a guide to the seriousness of each offence and do not attempt to cover all possibilities.

Definition 1 Unauthorised access to a computer includes: using another person's identifier (ID) and password; creating a virus; laying a trap to obtain a password; or persistently trying to guess an ID and password. The response to some actions will depend on the specific conditions of use in force. Take, for example, unauthorised borrowing of an ID from another user in order to obtain a larger allocation of computing resources. In this case both the user who borrowed the ID and the user who lent it would be deemed to have committed offences.

Definition 2 Unauthorised access to a computer with intent includes gaining access to financial or administrative records, reading or changing examination results; inspecting examination paper proofs.

Definition 3 Unauthorised and deliberate modification of computer material includes: destroying another user's files; modifying systems files; introducing a local virus; introducing a networked virus, or deliberately generating information to cause a system malfunction.

It should be noted that a breach of the Computer Misuse Act may result not only in criminal proceedings but also in the initiation of action under the School's internal disciplinary procedures.

(2) The Copyright, Designs and Patents Act 1988

For copyright purposes computer programs are defined as 'literary works' and as such are the subject of a mass of provisions designed primarily to control the use of printed works. All computer software, whether covered by a specific licence or not, is copyright under the Copyright, Designs and Patents Act 1988, the main provisions of which follow:

• Software may not be copied without appropriate authority or transferred to machines for which it is not licensed
• Users must ensure the security and confidentiality of any copy of software released to them and must not make any further copies from it
• Users must ensure that subsidiary copyrights are not infringed. Note: text and other materials (e.g. statistical or bibliographic databases, scanned images, digitised images or sequences of images from TV) within the software applications are also subject to copyright. Users must not use material down-loaded from databases without a specific licensing agreement unless it falls within the normal limits of "fair-dealing" under the 1988 Copyright, Designs and Patents Act.

(3) The Data Protection Act 1984

The School is required to ensure that its computer users are aware of, and comply with, the principles of the Act which require personal data to be

(1) Obtained fairly and lawfully
(2) Held only for one or more lawful purposes specified in the data user's registry entry
(3) Used or disclosed only in accordance with the data user's registry entry
(4) Adequate, relevant and not excessive for those purposes
(5) Accurate and, where necessary up to date
(6) Not kept longer than necessary for the specified purposes
(7) Made available to data subjects on requests
(8) Properly protected against loss or disclosure

If you are a computer user, on no matter how small a scale, you are required to familiarise yourself with these principles and to apply them when using or processing any personal data which fall within the scope of the Act.

You may be liable to criminal prosecution, as well as disciplinary action, if you process personal data without having submitted an application for registration. The School's registration applications are co-ordinated by the Data Protection Officer who is prepared to discuss and advise on any matter relating to the Act. If you have not already done so you should contact the Data Protection Officer to see if any personal data which you may hold falls within the scope of the School's registration.

You should note that the Act requires data users to take appropriate security measures to guard against unauthorised access to, or alteration, destruction or disclosure of. personal data. You are therefore strongly advised to use the highest level of security available to protect your stored files and to take the utmost care of any listings of your data.

Last modified: Wednesday, 10 July 2013, 11:47 AM