This article was published in CAUSE/EFFECT journal, Volume 22 Number 4 1999. The copyright is by the author. See for additional copyright information.

Research in Brief

Computer Use Policies at Major U.S. Public Universities
by Susan Athey

This study examined policies on computer use at selected public universities to determine if there are common attributes in such policies. For a complete description of the survey and a report of results, see

Protection of an organization�s resources (assets) is a key responsibility of management. This is especially true in a public university. An assortment of issues affects proper management of computer resources, such as confidentiality of personal communications, the universities� public nature, freedom of speech, students� right to privacy, and software copyright issues. Clearly, managing these resources is not a trivial matter and policies are needed to establish ground rules for resource use.

This study examined public university policies on computer use to determine if any common attributes emerge. The research consisted of collecting and analyzing the policies and procedures of 71 public universities from 50 states, by searching their Web sites. These Web sites were active as of October 1999.

A number of observations emerged from the study, the most striking being that these policies were not always easy to find. Some were in obvious locations while others were buried in layers of Web pages and required using the university�s search engine to locate them! One might conclude that many universities are not interested in widely publicizing their policies, at least not if faculty, staff, and students were expected to find them easily on the institutional Web pages.

Another observation is that no policy pattern appears among universities in the study. Some of these universities cover as many different problems as possible in their policies while others use a very general policy and rely on users� good sense and ethical behavior.

E-mail and electronic communications are the most frequently mentioned technologies in the policies, including forbidding the use of computers to harass other people via e-mail or Web sites. Forbidding the use of their computers for �commercial gain� or �personal financial gain� and prohibiting software copying were the next most frequently developed policies. Forbidding unauthorized access to computers, to other people�s programs, or to data and prohibiting the alteration or destruction of data, files, or programs are other prevalent policies.

The most common forbidden recreational activity is sending chain letters. Many of the policies mention state or federal law when discussing this issue. Game-playing rules vary by university and may depend on whether other users are waiting for a computer. The University of Virginia, citing a directive from the state secretary of education, must remove all games from university machines because �time spent by employees playing computer games should be considered an improper use of taxpayer funds.�

Universities must decide whether to monitor faculty and student e-mail and other data files or to rely on personal integrity. Twenty-three universities specifically say that they will not monitor individual usage or look at data in a user�s account while other schools reserve the right to monitor accounts and usage if there is evidence of illegal or unethical use. Several universities have very specific procedures to follow in monitoring a user�s account. Interestingly, though, many universities do not have any policies about this issue.

Universities must also decide if they will regulate what students and faculty can examine on the Web. Some have opted for citing absolute freedom of speech and do not monitor Web pages or restrict the viewing of Web pages. Other schools cover this issue under regulations such as creating a hostile work or educational environment.

This research gives universities who are writing or amend- ing their own policies a place to examine other universities� policies, whether or not they agree with all of them. Universities can also find ideas for dealing with violations of the policies, data that are also included in this research. In this era of lawsuits, one needs to be mindful of the need to determine when well-defined procedures are necessary and then to articulate and follow those procedures.

Susan Athey ([email protected]) is an associate professor in the Computer Information Systems Department, College of Business, at Colorado State University. the table of contents