CSULB Acceptable Use Policy

In August 2007, President Alexander signed the Acceptable Use of CSULB Electronic Communications Systems and Services (Acceptable Use) Policy. The purposes of this policy are to:

• Ensure that University electronic communications systems and services are used for purposes appropriate to the University's mission;
• Ensure that User's privacy rights are protected;
• Inform the University community about the applicability of laws and standards to electronic communications;
• Ensure that electronic communications systems and services are used in compliance with these laws and standards; and
• Prevent disruption to and misuse of University electronic communications systems and services.

The Acceptable Use Policy states that Users are prohibited from utilizing University electronic communications systems and services for any unlawful, unethical or unprofessional purposes or activity. Examples of prohibited use include but are not limited to:

• Transmission of threats, harassment or defamation
• Download or distribution of materials or programs that could be deemed harmful to University electronic communications systems or services
• Violations of any state or federal laws or any applicable CSU or CSULB policy or regulations
• Intentional access, viewing, download or dissemination of materials containing obscene matter
• Violation of software licensing agreements
• Intentional damage to equipment, software or data
• Commercial activities unrelated to the mission of the University. This includes soliciting, promoting, selling, marketing or advertising products or services (e.g. consulting services) or other revenue generating private business operations for personal financial gain. Disputes regarding a commercial activity's relatedness to the mission of the University shall be resolved by the University President or designee.
• Campus auxiliary organizations are authorized to provide services and products to students, faculty and staff, and invited guests of the University through operating and service support leases.

The University President or designee may authorize additional limited commercial uses under separate policy provisions and such uses are exceptions to the above commercial use prohibitions.

University electronic communications systems and services may not be used to:

1. circumvent legitimate copyright protections or illegally access, copy or disseminate copyrighted material in any form including, but not limited to, print, music, video or other multimedia content, that is not permitted under the principle of Fair Use;
2. distribute or duplicate copyrighted software without appropriate licensing agreements or use of software in a manner inconsistent with the license; or
3. engage in peer-to-peer technology for non-business purposes. This includes, but is not limited to, transfer of music, movies, software, and other intellectual property.

Illegal file-sharing and other copyright violations are a violation of Title 5 of the California Code of Regulations.

The Acceptable Use Policy and other University information security policies can be accessed at http://daf.csulb.edu/offices/vp/information_security.

Restricted Use of Social Security Numbers

California law limits the use of social security numbers as identifiers for students and employees and prohibits the CSU from:

1. Publicly posting or displaying and individual's Social Security number.
2. Printing an individual's social security number on any card required for access to products or services.
3. Requiring an individual to transmit his/her social security number over the Internet, unless the connection is secure or the Social Security number is encrypted.
4. Requiring an individual to use a Social Security number to access an Internet Web site, unless a password, unique personal identification number, or other authentication device is also required.
5. Printing an individual's Social Security number on materials (except where required by state or federal law). However, Social Security numbers may still be included in applications and forms sent by mail to establish, amend or terminate an account, contract, or policy, or to confirm the accuracy of the Social Security number. A Social Security number may not be printed on a postcard or visible on an envelope.
6. Encoding or embedding a Social Security number in a card or document, including using a bar code, chip, magnetic strip, or other technology.

California law is intended to deter public disclosure of Social Security numbers. It does not prohibit use of Social Security numbers for internal verification, or administrative purpose, or as otherwise required by law.

California Assembly Bill (AB) 1168 is currently awaiting the Governor's signature or veto. If signed into law, AB 1168 would require the Office of Privacy Protection to establish a task force to conduct a review of the use by all public and private colleges and universities in this state of social security numbers in order to recommend practices to minimize the collection, use, storage, and retention of social security numbers. Update on AB 1168 will be included in the next publication of the Information Security Insider.