Acceptable Use of Computer Resources

Skip to main content

Home / About / Publications, policies and procedures  / Policies and procedures / Acceptable Use of Computer Resources
Policy Number: ITS 101 Policy Title: Acceptable Use of Computer Resources 
Supersedes Existing Policy: YesPolicy Sponsor: Senior Vice-President, Corporate Services & CFO
Associated Procedure: No Policy Owner: Senior Vice-President, Corporate Services & CFO
Next Review Date: September 2028Date Last Approved by the CET: September 24, 2025
Related Documents
1. Introduction and Purpose

This policy sets out the standards of appropriate and responsible use of information technology (IT) for students and employees in maximizing their working or learning experiences at Loyalist College. Inappropriate use of these resources may expose the college to risks including virus attacks, legal issues, and compromised network systems and services. To mitigate risk, the college has provided users of these resources with appropriate safeguards and this set of guidelines to protect the college community.

Use of any college digital service, whether with a college-owned or personal device, implies a user has read this policy and unconditionally agrees to abide by all aspects of this policy.

2. Application

This policy applies to all individuals assigned a Loyalist College user account, including students, employees, contractors, third-party service providers, volunteers, suppliers, and visitors to the college who may use college networks on-site or remotely, on either Loyalist-issued or personal devices.

3. Definitions
  • Artificial Intelligence (AI). Computer systems capable of performing tasks that typically require human intelligence, such as reasoning, learning, decision-making, and perception.
  • Authenticate. The process of logging onto an IT resource by validating a user’s identity.
  • Commercial Electronic Message. A message sent by an electronic means, such as an email, instant message, or text to another electronic address with, as its purpose or as one of its purposes, to encourage participation in a commercial activity.
  • Confidential Information. Information that must be protected from unauthorized access, use, modification, or destruction according to legal, fiscal, and statutory requirements, archival value, and administrative or operational needs. This information is not otherwise available to the public and must be safeguarded by college community members. Confidential information may include, but is not limited to, student and sensitive corporate data, credit card information, college internal communications, corporate strategies, courseware, and research data.
  • Credentials. A user’s login username and password, used to sign into their Loyalist College user account.
  • Digital Service. The electronic delivery of data across different services and digital devices.
  • Information Technology (IT) Infrastructure. Software, hardware, devices, networks, server systems, data storage, data centres, related equipment, and cloud-based technologies.
  • Information Technology (IT) Resources. Those physical, electronic, or intellectual resources used to produce, convey, transmit, store, analyze, collate, distribute, present, display, etc. data or information in whatever form (e.g., text, pictorial, graphic, audio, etc.), that typically consist of, but are not limited to: computer hardware and software; networking cables, devices and equipment; applications including browsers, servers, and databases; mobile phones, audio-visual, and telephone equipment; any device that connects to the network and/or the internet; and, other forms of information technologies that exist today or may be developed in the future.
  • Multifactor Authentication. An electronic authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.
  • Personal Use. In the context of this policy, personal use means any use of information technology resources or infrastructure – whether college-owned or personal – that is for non-work and non-academic purposes.
  • User. Any college community member authorized to have access to certain designated information technology resources.
  • User Account. An object that contains the digital identity of an entity, such as a person, software service, or machine. These accounts provide a set of credentials, like a username and password, for authentication, which verifies the entity’s identity to a system.
  • Data. Information in a raw or unorganized form (such as letters, numbers, symbols, or graphics) that refers to or represents conditions, ideas, or objects. For the purposes of this policy, data refers to digital versions of information.
4. Policy

The access granted to Loyalist College’s information resources supports the business, learning, and research tasks of the college. It is expected that users will exercise professionalism and responsibility in their use of college information technology (IT) resources and ensure any applicable laws and legislation, college policies, and guiding principles are followed. Members of the college community are responsible and accountable for their actions and statements in the electronic college environment. At all times, and without exception, users are required to conduct themselves in an appropriate manner when using any digital service, IT resource, or IT infrastructure.

Any use, whether personal or college related, should not negatively impact the college or any of its community members. Any activity that could impact the fair, safe, and productive use of digital services or negatively impact Loyalist College’s operations, assets, and/or reputation is prohibited. The college reserves the right to remove a user account in violation of this policy or temporarily suspend or revoke a user’s access.

If at any time a user is unsure about whether a planned use is acceptable, they should obtain direction from the Information Technology Services Department. If a user suspects that their device or user account has been compromised or an IT security incident has occurred, it is the responsibility of the user to report the issue to the Information Technology Services Department immediately.

5. User Responsibility
  • 5.1 User Accounts
    • Information technology resources may be used only by authorized users.
    • Users may access digital services using only their assigned Loyalist College credentials. Use of another user’s credentials is prohibited.
    • Concealing one’s identity or impersonating another individual when accessing a digital service is prohibited.
    • Loyalist user accounts and sign-in credentials are personal identifiers equivalent to a signature on a document and should never be shared or disclosed to anyone at any time. Users will ensure proper safeguards are used against others obtaining unauthorized access to their accounts, such as the use of a strong password and the use of the multifactor authentication services provided by the college.
    • Users are accountable for all activities logged against their login credentials and user account, including all misuse or illegal activity.
    • If a user accesses the college’s IT resources off-site, they may be required to use a personal device to complete multifactor authentication.
    • Users must not disable the security features (e.g., virus protection) provided by the college.
    • The college reserves the right to restrict, suspend, or remove any user account.
  • 5.2 Confidentiality
    • Users must protect confidential information that belongs to the college, its students, employees, partners, and suppliers, as required by the Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Information Protection and Electronic Documents Act, contractual restrictions, and ADMIN 128 Access to Information and Protection of Privacy.
    • Users should use appropriate safeguards and measures to ensure that confidential information is not observed by others while using any IT resource or infrastructure, including:
      • securing devices by logging off or locking them when the device is unattended.
      • treating any information that comes into their possession or attention through error or inadvertence as confidential. Users must notify the person concerned (or the sender in the case of a misaddressed email, electronic message, or other communication), where possible and must not copy, modify, disseminate, or use any part of it without the consent of the appropriate person or body.
      • being present when printing confidential material and ensure printing is completed using the secure printing option available on multifunction copiers. Users must not leave any confidential printed material unattended in areas accessible by users who are not authorized to access the material.
      • properly labelling and storing data in a manner that protects them from unauthorized access.
      • ensuring that their web publishing and electronic notification practices do not expose sensitive information, including personally identifiable information, to inadvertent disclosure, theft, or loss.
    • College data must only be stored on college owned systems and devices. Users may not store confidential information on any external medium or personal device without encryption approved by the IT Service Department (USB device, external memory device, etc.).
    • Users may not copy, send, duplicate, or transmit by any means, confidential information from college systems for any purpose other than the performance of college-related business.
    • Confidential email sent externally via email must be encrypted using encryption services approved by the IT Services Department.
  • 5.3 Copyright
    • Users will not use the college’s digital services to access, modify, distribute, make available, sell, or reproduce copyrighted material for any purposes whatsoever that is not in accordance with the Copyright Act, Loyalist College policy, or the terms of an appropriate licence.
    • Users must not move, copy, or transfer programs, files, or other forms of software from one computing system to another without proper authorization to do so.
  • 5.4 Artificial Intelligence (AI)
    • Users must utilize the college’s approved AI tool(s) to ensure data safety and security. Operations in the approved tool are subject to the same auditing and logging parameters and processes as all other Loyalist communication systems.
    • In alignment with the Loyalist College Position on Acceptable Use of Generative Artificial Intelligence, users are responsible for verifying the accuracy and intent of any data gathered through or outputs from the use of generative AI tools, as they may be inaccurate, infringe copyright, or contain inherent bias.
    • Users are prohibited from inputting any sensitive, personal, or confidential college information into any AI tool other than the college’s approved AI tool, including but not limited to employee or student personally identifiable information, confidential financials, or disciplinary or investigative related data. Any prompts, documents, or information submitted to these services should be considered public information.
6. Electronic Communication
  • 6.1 Employee Use of College Email
    • Every employee has a responsibility to ensure all electronic communications are prepared in a professional manner. All emails created or transmitted through college-provided email must comply with COMM 101 Communications.
    • When conducting college business via email or communicating with students, employees will only use their Loyalist College email address. Employees must not use personal email addresses in the course of their duties for the college.
    • While mobile phone texting and instant messaging applications are a useful communication means for business operations, they do not meet the requirements for official records management. Employees should utilize their college email for communicating any college-related correspondence that requires an official record.
  • 6.2 Student Communication
    • College email addresses are the official means for the college to communicate electronically with students. Students, while officially enrolled, must use a college-provided email account for communications with the college and faculty for security and confidentiality reasons. Students may use their personal email accounts before they receive their college provided email account, as a backup option, or for emergency purposes.
  • 6.3 Email Security
    • Individuals must exercise caution when opening emails, links, and attachments received from unknown senders to avoid potentially compromising college IT resources and systems.
    • Loyalist College email is considered secure and appropriate for college business activities. External mail platforms may pose privacy and/or security risks and must not be used.
    • When using personal computing devices and mobile phones to access college provided email accounts, users must implement and utilize the security controls required by the college.
7. Personal Use

While the college allows some personal use of IT resources, any such use must be in accordance with this policy. The following terms also apply to the personal use of IT resources:

  • a) Browsing must be limited to well-known and reputable websites and cannot threaten the security, efficacy, or availability of college IT resources.
  • b) Users should exercise caution when using the college network for personal use. Data created, received, and/or stored is accessible and may be accessed by Loyalist College at any time.
  • c) Deleting electronically stored files does not assure permanent erasure. Deleted data and information may be recoverable by the college.
  • d) The college is not responsible for non-Loyalist privacy/confidentiality breaches. Users are encouraged to encrypt all personal files created, received, or stored at the college.
  • e) Excessive consumption (as defined by Loyalist College) of digital resources (network bandwidth, server time, file storage space, printer paper, etc.) is prohibited.
  • f) Digital services, when used for personal use, are provided “as is” and without any guarantee/warranty in the form of usability, functionality, availability, or continuity.
  • g) At any time and without notice, Loyalist College reserves the right to modify or terminate any digital services for personal use without notice.
  • h) The college is not liable for any indirect, incidental, or consequential damages (including but not limited to lost data, information, or profits) sustained or incurred in connection with the use of, operation of, or inability to use the provided IT resources.
8. Prohibited Use

Users must use computing resources only for the purposes for which they were authorized. Loyalist College reserves the right to prohibit the use of its provided IT resources at its discretion.

Users must not:

  • a) use college IT resources for private business or for any form of direct personal financial gain.
  • b) use college IT resources to build support for personal or political causes. This is not intended to discourage non-political, non-partisan involvement.
  • c) export any intellectual property of the college or its business partners without the appropriate consent or contractual agreements.
  • d) violate the privacy of others, in accordance with the Access to Information and Protection of Privacy policy or other relevant privacy legislation, including the ADMIN 128 Personal Information Protection and Electronic Documents Act and the Freedom of Information and Protection of Privacy Act (FIPPA).
  • e) destroy, vandalize, purposefully damage, or alter college IT resources and infrastructure.
  • f) download video, audio, software, or any other resource that is protected by copyright law.
  • g) use college computing resources for the creation, transmission, storage, access, or viewing of materials (outside of legitimate and appropriate uses for educational purposes) which in any way contribute, support, or promote actions which are prohibited based on harassment and/or discrimination within the Ontario Human Rights Code and ADMIN 127 Harassment and Discrimination. This is including but not limited to, the categories of:
    • harassment,
    • sexual harassment,
    • racial/ethnic/cultural harassment,
    • discrimination,
    • poisoned environment,
    • hate literature,
    • systemic harassment/discrimination,
    • reprisal.
  • h) use college computing resources for the creation, transmission, storage, access, or viewing of materials prohibited by law or the Criminal Code, or which, in the sole opinion of the college, are offensive by community standards and values. These restrictions include, but are not limited to the following:
    • any form of material supporting or contributing to the harassment or discrimination, as categorized above.
    • any form of pornographic, obscene, or sexually explicit material; or
    • any form of illegal trade, negotiation, or conspiracy to conduct illegal acts.
  • i) use college IT resources for the creation, transmission, storage, access, or viewing of materials which are deemed by the college to serve no useful academic or administrative purpose. These restrictions include, but are not limited to the following:
    • online gaming such as multi-player internet or local area network games outside of approved areas.
    • downloading, copying, or transmittal of personal use software or any other form of electronic information and materials.
    • email communications which degrade the objectives of the college.
  • j) use college IT resources to send or create any form of bulk junk email or spam communications outlined in Canada’s Anti-Spam Legislation and COMM 101 Communications, including emails to persons that do not wish to receive them.
  • k) attempt to interfere with the normal operation of college information technology systems, facilities, or resources. As such, users must not:
    • attempt to encroach on others’ use of IT resources and computing facilities.
    • attempt to subvert the restrictions associated with their user accounts.
    • attempt to gain access to systems both inside and outside of Loyalist College for which they have no authorization.
    • edit or delete one’s own or another’s Loyalist College record(s).
    • use, access, or disclose others’ information without authorization.
    • monitor another person’s activities, unless authorized.
  • l) utilize any college IT infrastructure for the purpose of creation, development, storage, replication, or transmittal of any program, code, subroutine, or other means intended to disrupt, interfere, destroy, or corrupt the normal operation of systems or data (e.g., viruses, worms, hack utilities, net snooping utilities, etc.) without authorization.
9. Monitoring the Use of College IT Resources

All IT resources and infrastructure provided by Loyalist College remain the property of Loyalist College. Accordingly, the college reserves the right to examine any electronic data accessed on the college system, whether the data is accessed with a personal or college-owned device. Users seeking a private means of computing or for sending and/or receiving communications should use a personal device that is not connected to the college’s infrastructure and resources.

At its sole discretion, Loyalist College may access, use, delete, and disclose data and information accessed on its IT infrastructure. Situations where this may arise include, but are not limited to:

  • the circumstance of an investigation as required by federal, provincial, or municipal law enforcement agencies, including a request for information under the Freedom of Information and Protection of Privacy Act.
  • the occasion of an investigation of a suspected breach of existing college bylaws, policies, or guidelines.
  • the continuation of operational or essential college business functions in recovering business data during an employee’s absence (if prior arrangements have not been made) or if an employee has left the organization.
  • periodic random audits for system security or functioning.
  • activities required to maintain operational efficiency or availability.

Loyalist College reserves the right and responsibility to protect the college community from security threats and the inappropriate use of IT infrastructure and resources by taking actions, including but not limited to:

  • resetting a user account password immediately and without user awareness and consent.
  • monitoring computers, mobile devices, systems, networks, services, accounts, web activity, and user activity.
  • denying a user the right to access IT resources at any time the college deems necessary.

Approval for Monitoring and Access

The college will not use monitoring or access of the information described in this section for the purpose of routine monitoring of employee productivity or performance. However, there may be unique circumstances where monitoring or access to a user account/information is required, such as within investigations in the workplace.

In such circumstances, approval is required. For employee user accounts, approval is required from the Vice-President, Human Resources & Equity, Diversity, and Inclusion or their designate. For student accounts, approval is required from the Senior Vice-President, Students or their designate.

10. Policy Violation and Sanctions

Suspected violations should be reported to Senior Vice-President, Corporate Services & CFO. Loyalist College reserves the right, at its discretion, to permanently revoke student, learner, employee, trusted partner, and guest access to college IT resources and infrastructure at any time.

Loyalist College reserves the right to immediately suspend a user’s access to college IT resources and infrastructure to conduct an investigation. Students, learners, and employees who have engaged in violations of acceptable use of IT resources will be subject to disciplinary action up to and including termination or expulsion, in accordance with HR 100 Employee Code of Conduct or the Student Code of Conduct. Trusted partners and guests who violate terms of this policy may have their college contracts terminated and/or be refused future entry to Loyalist campus locations. Users who violate municipal, provincial, federal, or international law may be subject to criminal prosecution and/or civil litigation by the appropriate authorities.

12. References
  • Canada’s Anti-Spam Legislation (CASL)
  • Copyright Act
  • Freedom of Information and Protection of Privacy Act (FIPPA)
  • Personal Information Protection and Electronic Documents Act
  • Criminal Code of Canada
  • Ontario Human Rights Code