Information Technology (IT) services are provided to you to support your learning and research activities at UAL. This policy describes your obligations under the Student Contract when using these facilities to ensure that your activities are lawful and that the information assets of the University, staff and students are protected.
This policy relates to the acceptable use of all IT products and services that are owned, hosted and/or administered by the University or on its behalf. This includes:
- computer networks, wi-fi, email, software applications, data storage and the internet
- laptops, desktops, tablets, smartphones and peripherals
- fax machines, copiers and scanners.
In addition to this policy, you must also abide by any regulations and policies applicable to other organisations whose services you access, such as Eduroam or partner Universities or colleges. When using these services, you are subject to both the regulations of UAL and the institution where you are accessing IT services.
Who this policy is for
Students using either personal or University provided equipment which is connected locally or remotely to the University network.
This policy forms part of the course regulations under the Student Contract.
University of the Arts London
For the purposes of this policy, the University includes:
- Camberwell College of Arts
- Chelsea College of Arts
- Wimbledon College of Arts
- Central Saint Martins
- London College of Communication
- London College of Fashion
- All University Institutes
- UAL Halls of Residence
- UAL Short Courses Limited.
Do
- Do use your University email, OneDrive and other University-managed applications for your studies or research.
- Do make sure your devices have the most recent operating systems and security updates, and patches.
- Do report - as soon as possible - any loss, theft or damage to University IT equipment to IT Services.
- Do comply with copyright laws when using material such as images, text, music, film and software.
- Do respect the terms of use and respect the rights of others when sourcing content from any online platforms.
Don’t
- Don’t share your password or use the same password for anything outside UAL.
- Don’t attempt to use anyone else’s login credentials.
- Don’t attempt to circumvent or disclose University cyber security measures.
- Don’t use University IT assets, facilities or information for private business or commercial purposes, including promotional purposes.
- Don’t attempt to access material that is either illegal or could pose a security/malware risk to the University. Don’t send messages which could be interpreted by others as being abusive, obscene, discriminatory, racist, harassing, derogatory or defamatory.
- Don’t include payment card details in emails or messages.
Policy
Use of IT Systems
You can use your own devices to connect to the UAL network, but should ensure you run the most recent available operating system and that the latest security updates are installed. You must never share passwords or allow anyone else to use your login details, or attempt to use anyone else’s. If you need to use new software on a UAL-managed device, this needs to be approved and installed by the IT Service Desk, apart from where it has already been approved as part of a computing-related course. You must not attempt to install software onto UAL devices or networks yourself without the approval of UAL staff.
Systems for student work or research
Students must use UAL-managed systems such as OneDrive, Qualtrics and their UAL email address for student work or academic research that includes third-party personal data or other confidential information. Such information when used for University purposes must remain under University control. Personal cloud storage, email or software accounts must not be used for these purposes, as this would constitute a breach of policy and data protection law. You should request any additional software or data processing they need for your studies, and not try to provide this yourself.
Email, chat and other communications
Students must not send abusive, obscene, discriminatory, racist, harassing, derogatory or defamatory emails or messages using University systems or send such emails and messages about UAL students, staff and other colleagues on outside platforms. Anyone who feels that they have been harassed or bullied, or are offended by material received from a student or member of staff via email, message or social media should inform their Course Leader or report the incident using Tell Someone.
Payment card details should never be included in emails or messages. Payments should only be made between approved payment platforms which are compliant with PCI-DSS. If you are ever asked by UAL staff to provide payment card details within an email, message or over the phone, please report this to PCI_ISA@arts.ac.uk or infosec@arts.ac.uk.
UAL student email accounts are only intended for UAL students and expire 150 days after the user’s course end date.
Use of personal data or confidential information
Personal data is any information that can be used to identify a person, or that describes a person who has already been identified. It can include names, but also email addresses, physical descriptions, photographs, biographies and opinions. ‘Third-party personal data’ is information that relates to another individual i.e. not the student (the first party) or the University (the second party).
Information held by the University is University property. Students can access staff and student personal data held by UAL or other UAL confidential information or copyrighted material as needed to support their studies, but must not take or use this data for any personal or private business purpose without either the individual’s written consent or a data sharing or rights agreement between UAL and the private business. It is unlawful for anyone to take UAL email addresses and send them promotional material without the individual’s specific recorded consent for that specific purpose, even if access to the email addresses has been agreed.
Cyber security measures, vulnerabilities and breaches
You must not attempt to circumvent or disable, or publicly disclose information about the security measures used to protect the University’s information and IT networks.
If you are aware of a security or information breach, a near-miss or a weakness that could be exploited by a third-party, you must report this as soon as possible to the IT Service Desk and not disclose it outside of UAL.
Monitoring
Equipment connected to the UAL network will be monitored for operational efficiency, performance and protection from malicious and illegal activities. The University reserves the right to monitor and block access to content considered illegal or that poses a security risk to the University IT systems. Such monitoring and whether or not activity is blocked is an automated process, and does not involve UAL staff accessing and viewing the content of your communications or data storage.
Loss, theft or damage to University IT equipment
You must report any loss, theft or damage of University-owned IT equipment to your Course Leader or loan store immediately. This will enable access to the device to be revoked and/or the activation of any remote locate and wipe facility.
Respecting copyright
When using externally sourced content such as images, text, music and software, you must make sure there are no copyright or intellectual property restrictions before using the content in your own work. It is your responsibility to ensure that you respect the rights of other people's copyright and seek permission where necessary. Read our guidance for more information.
Access to offensive material
It is recognised that students in the course of their study, campaigning or research may have a legitimate requirement to use material that, while legal, could reasonably be considered by others, to be offensive, discriminatory, obscene, indecent or similar. Under these circumstances you should be mindful of other policies in this area e.g. Code of Practice on Research Ethics. If you require guidance, consult your Dean or Course Leader.
Personal and other use of University IT Services
You may make reasonable personal use of computing facilities provided by the University, as long as it does not interfere with the smooth running of University IT services, commit the University to additional costs arising from your personal use or interfere with others’ valid use.
However, you must make sure that you do not break the licencing terms of software provided to you by UAL, and must not use University IT services or assets for business or commercial purposes.
Breach of policy
Security and information breaches arising from your failure to follow the guidance and terms of this policy will be considered a breach of the Student Code. Breaches will be logged and investigated in accordance with the University’s Disciplinary Code for Students. In some cases this could lead to disciplinary action which, in cases of gross misconduct, could include immediate suspension pending a disciplinary hearing and possible expulsion in the case of students.
Appendix A
Domestic law relevant to the use of IT services.
When using UAL IT services you remain subject to the laws of the United Kingdom. There are many items of legislation that are particularly relevant to the use of IT, including:
- Computer Misuse Act 1990
- Copyright, Designs and Patents Act 1988
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communication Regulations (PECR)
- Obscene Publications Act 1959 and 1964
- Protection of Children Act 1978
- Human Rights Act 1998
- Equality Act 2010
- Criminal Justice and Immigration Act 2008
- Prevention of Terrorism Act 2005
- Terrorism Act 2006
- Police and Justice Act 2006
- Defamation Act 1996 and 2013
- Counter Terrorism and Security Act 2015.