Acceptable Use Policies

Acceptable Use Policies

Acceptable Use Policies (AUPs) are increasingly common on the corporate and educational landscapes. While there are striking differences between AUPs, most seek to define how technology should be used by the individual based on communal standards while outlining enforcement and consequences. The National Center for Education Statistics defines an AUP as:

Some policies go further and seek to define the institutions responsibilities towards the individual as well. Despite the differences the need for an AUP in any educational environment is self evident. Without such policies no one knows what should and should not be tolerated when using online (or other technological) assets. Lets take a moment and explore how AUPs are created, what should be included in an AUP, and what function they serve using real world examples from:

• National Center for Education Statistics
• Kenosha Unified Public School District
• Boise State University
• Saigon South International School

Stakeholders Philosophy & Justification

“Ok now that all the primary stake holders are here…haha…
but seriously, who invited Mr. Sparkles?!”

One of the first steps in creating an Acceptable Use Policy is to form a group of stakeholders from the community. A stakeholder is anyone that could be affected by the eventual policy. In a school setting stakeholders might include representatives from the student body, the faculty, the support staff, and the administration. It’s important that everyone has a voice because the primary means of adoption and enforcement is the community of learners the policy will serve. This understanding is exemplified by an example from Saigon International School, Kenosha Public School District, and Boise State University.

Most policies begin with some statement about what the policy is intended to accomplish or what resources the policy is meant to help administer and protect. Kenosha Unified School Districts’ AUP states that;

These definitions help ensure that the community understands exactly what actions or equipment the AUP is intended to regulate.The opening statement of an AUP can also reflect the philosophy behind the policy. All of these aspects are present in the opening of Saigon South International School’s AUP which states;

After defining what technology is covered in the AUP and setting the tone of the document by aligning it with the institutional philosophy, we then attempt to match it with existing codes of conduct or laws that can lend credibility to finished work. Boise State University includes a section called ‘Additional Authority’ which cites several university policies by number and lists state and federal laws that align with their AUP.

Acceptable and Unacceptable Use

“Thou shalt no longer be allowed upon the network”~ Admin 4:03

With the groundwork in place its now time to define exactly who is covered by the Acceptable Use Policy and what constitutes acceptable and unacceptable use. Boise State makes the explicit who the policy is meant to cover under its ’Scope’ heading whereas the Kenosha Unified School District and Saigon South International School are not clear with the provisions directed mainly at students. Even the exemplar template found on the National Center for Education Statistics directs the majority of its language towards students.

After identifying who the policy is meant to cover its time to get down to the brass tacks of what will and will not be allowed as outlined in your AUP. Its important to make two separate lists; one of acceptable usage and one of unacceptable usage. Saigon South International school fails to do this which makes for a document of limited effectiveness and Kenosha Unified School District’s policy does have a bulleted list of Do-Nots but fails to list acceptable behavior. Only the example provided by the National Center for Education Statistics provides clear bulleted lists entitled ‘Acceptable’ and ‘Unacceptable’ usage. Some of their bulleted points include:

Acceptable Use:

1. All use of the Internet must be in support of educational and research objectives consistent with the mission and objectives of the [Name of Organization].
2. Proper codes of conduct in electronic communication must be used. In news groups, giving out personal information is inappropriate. When using e-mail, extreme caution must always be taken in revealing any information of a personal nature.
3. Network accounts are to be used only by the authorized owner of the account for the authorized purpose.

Unacceptable Use:

1. Giving out personal information about another person, including home address and phone number, is strictly prohibited.
2. Any use of the network for commercial or for-profit purposes is prohibited.
3. Excessive use of the network for personal business shall be cause for disciplinary action.

(NCES, 2016)

Boise State’s AUP takes an interesting approach by stating acceptable and unacceptable use along with the responsibilities of the institution towards the user. For example BSU’s policy states under Problem Resolution:

Here it is clearly stated that all BSU community members share responsibility for the Network but OIT (Office of Information Technology) is responsible for resolving any problems. In this way the BSU document comes across as an agreement supported by the community rather than a dictum from on high.

In addition to do’s and do not’s an Acceptable Use Police occasionally cites enforcement mechanisms to deal with rule breakers. Both KUSD and BSU’s policies deal with enforcement through a separate student behavior policy while the NCES and SSIS AUPs make no mention of how enforcement occurs. Only BSU states consequences for non compliance which can include:

• A. Exclusion or expulsion, in the case of students as outlined in the Student Code of Conduct, or
• B. Exclusion or dismissal from employment, in the case of faculty and staff, or
• C. Exclusion from campus, in the case of the public.

(BSU, 2016)

Finally, Privacy is also a topic to address under this section with some AUP’s taking a slightly draconian stance like KUSD’s statement that:

BSU’s policy takes a somewhat softer approach by stating that:

Saigon South International School takes a unique approach in their privacy section by offering advice on how to maintain your own privacy rather than outlining who is responsible for privacy. They do go onto state that, much like KUDS, SSIS can and will intercept your communications on their network for use in supporting disciplinary action.

Legal Disclaimers & Revisions

“If you could just sign here we’ll get you online”

Legal Disclaimers are included in Acceptable Use Policies to absolve the institution of any wrongdoing should a member of the community use the network for unlawful purposes. For example, KUDS lists several state statues that align with their policy including:

Wisconsin Statutes Sections

• 120.12(1) [School Board duties]
• 120.13 [School Board powers]
• 943.70 [Computer crimes]
• 947.0125 [Unlawful use of computerized communication systems]

(KUSD,2016)

Saigon South International School is the only AUP examined that doesn’t explicitly have a disclaimer but since it operates in Vietnam there are bound to be different rules governing the lawful and unlawful use of the internet.

One oftentimes overlooked parts of an AUP is a schedule to revise and make changes to it. AUP’s exist in a technological world so they must be revisited and adapted to current conditions. Kenosha Unified School District and Boise State University list revision dates for their documents while Saigon South International School and the example AUP found on the National Center for Education Statistics do not indicate revision dates.

Round Up

At their core Acceptable Use Policies are statements about what type of community we wish to have in our schools. Approaching this process with trust in the people that make up your school is essential to the success of any policy. When everyone understands not only what but why then everyone can feels empowered to take part in the group. Hopefully more schools will adopt the BSU approach of making these documents as much about the institution’s obligations to the individual as they are a list of Do’s and Do-Nots. As we head into the future the movement of information and how students use it will change rapidly and Acceptable Use Policies will have to change with them.