Digital Communications Policy

Category	Information and Communications Technology
Type	Policy
Approved by	Vice-Chancellor
Date policy took effect	13 November 2023
Last approved revision
Sponsor	Director, Information Technology Services
Responsible Officer	Head of IT Infrastructure

Purpose

This policy sets out the protocols and expectations regarding the use of Digital Communications:

1. by staff and other relevant members of the University community; and/or
2. via University provided services, systems or devices.

The Policy is not intended to limit academic freedom (as defined in section 267 of the Education and Training Act 2020). It acknowledges that the University has a role to act as critic and conscience of society (referred to in section 268 of the Education and Training Act 2020).

Organisational scope

This policy applies to all staff employed by the University and all Approved Persons who are either approved to use a Digital Communications System associated with the University or to send a Digital Communication on behalf of the University.

This policy does not apply to students, other than those students who are also staff employed by the University.

Definitions

Approved Persons

Any person who is either approved to use a Digital Communications System associated with the University or to send a Digital Communication on behalf of the University but is not employed by the University. Examples include but are not limited to: Emeritus Professors, visiting scholars, external parties engaged in university research or teaching, alumni with access to the Library, members of University Council, staff of the OUSA , and contractors supporting University services or projects.

Digital Communications

Any electronic transmission of information to one or more recipients, directly or indirectly, via one or more Digital Communication Systems.

Digital Communications System

Any networked messaging and collaboration technologies, on which information can be created, delivered, received, and retained; including, but not limited to, email, text and video messaging applications, voicemail, websites, display screens and internet-based social networking facilities.

Personal Information

Any information about an identifiable individual.

Content

1. Access / eligibility

   1. As members of the University community, individuals have access to various University Digital Communications Systems. Access may either be automatically enabled when joining the University community (according to role) or on application (according to need).
   2. Access is granted on the condition that all scheduled cyber security education and awareness modules are completed.
   3. A Staff member’s right of access to University Digital Communications Systems ceases with the end of their employment, in accordance with the Removal of IT Access for Former University of Otago Staff.
   4. The right of access to University Digital Communications Systems for other relevant members of the University community must be approved through an account application process (External Username / ID Card Access Request). Access ceases the day after the account’s end date.
   5. The right of access may also cease where activity is in breach of the Information and Communications Technology Regulations 2014, and as outlined in those regulations.

2. Usage

   1. Members of the University community are encouraged to use Digital Communications to enhance the scope, quality and innovation of teaching, learning, research and related activities at the University.
   2. Unless prior written approval is obtained from the Director, Information Technology Services or the Director of Human Resources, Digital Communications undertaken as part of an individual’s role at the University or relationship with the University must:
      1. use University-provided or University-approved services as set out in the Mandatory and Recommended IT Services and Solutions; and
      2. be consistent with all relevant University Regulations, Policies and Procedures.
   3. Where the Director, Information Technology Services or the Director, Human Resources provides prior approval that clause 2(b) of this Policy does not need to apply, appropriate alternative requirements must be put in place at the discretion of the Director, Information Technology Services or the Director, Human Resources, as the case may be.
   4. Personal use must be limited and must not:
      1. interfere with University business;
      2. involve solicitation;
      3. be associated with for-profit activity (except as specifically authorised under University Policy and Procedures); or
      4. risk damage to the reputation of the University.
   5. The University prohibits using Digital Communications Systems for the following activities:
      1. distributing “spam” or “junk” communications;
      2. taking the identity of another person or entity to gain access to services, to create content, or to transmit information to a third party;
      3. sending or distributing any statement, image, or other content that may breach the Ethical Behaviour Policy and/or the Sexual Misconduct Policy;
      4. willfully representing personal views as being those of the University;
      5. engaging in purposeful or unauthorised activity that interferes with or disrupts the communication of others;
      6. engaging in any illegal activities, including but not restricted to copyright infringement, defamation, offensive, obscene or discriminatory behaviour, or breach of privacy;
      7. engaging in purposeful transmission of confidential or sensitive University information to unauthorised recipients except as provided for under the Protected Disclosures Policy; or
      8. anything prohibited in University Regulations, Policies and Procedures and/or New Zealand law.
   6. Digital Communications containing inappropriate content (including material which could reasonably be described as unsuitable or offensive) may be referred to a line manager, IT Services or Human Resources, as applicable.
   7. Digital Communications containing objectionable material (as defined in the Films, Videos, and Publications Classification Act 1993) must be reported to the relevant Head of Department, the Director, Information Technology Services and the Director, Human Resources.

3. Ownership and retention of records

   1. Subject to the Intellectual Property Rights Policy, or specific contractual arrangements, all Digital Communications that refer to, or contain information on or about, University business or activity that is produced in the normal course of employment is owned by the University.
   2. Digital Communications created or received while working for the University as described in clause 3(a) above are business communications that form part of the University record, and therefore must be retained as records. This means that:
      1. the University is required to retain these communications for certain periods of time that will differ dependent on the subject matter and activity;
      2. Digital Communications must be rendered in a durable format to remain accessible for as long as they are required to be retained; and
      3. Staff should refer to the University’s Information and Records Management Policy and seek advice from the Corporate Records Services.
   3. Digital Communications as described in clause 3(a) above may be:
      1. accessed under the Official Information Act 1982 or Privacy Act 2020;
      2. monitored for compliance with relevant New Zealand legislation, such as the Copyright Act 1994;
      3. inspected as a public record under the Public Records Act 2005; and
      4. inspected under the Information and Communications Technology Regulations 2014.
   4. While the University respects privacy, it reserves the right to routinely inspect, monitor or disclose Digital Communications when required by University process, policy or legislative provision.

4. Privacy

   1. Care must be taken when using Personal Information in Digital Communications.
   2. The University treats personal information as private. However, users should be aware of limitations on control maintained over communications once sent, which varies depending on the technology that is used. Accordingly, staff and Approved Persons using Digital Communications Systems should be aware that all information can be forwarded, intercepted, printed, and stored by others, and may be discovered by legal process.
   3. Staff must be aware of the requirements of the Policy on Access to, and Use of, Personal Information when sending and receiving Digital Communications, including not accessing or disclosing Personal Information except where there is a legitimate business need to do so.
   4. Staff must be aware of the Privacy Act 2020: Guidance for Staff Sending Personal Information Offshore when sending Personal Information in Digital Communications outside of New Zealand.
   5. The University Privacy Officer and, in the case of Staff, their manager, must be immediately notified if there is an unauthorised or accidental disclosure, loss or destruction of Personal Information via a Digital Communication associated with the University.

5. Security

   1. Care must be taken when using sensitive or confidential information in Digital Communications as set out in the Information Security Policy and the Information Framework.
   2. Appropriate security measures must be applied to Digital Communications, as set out in the Information Security Policy and Cyber Security Framework.

6. Breach

   1. IT Services will advise the relevant Head of Division and the Director, Human Resources of any suspected breaches of this Policy.
   2. Breach of this Policy may result in disciplinary action or legal action, where applicable.

Related Policies, Procedures, legislation and forms

Policies, Procedures, Guidelines

• Information and Technology Communications Regulations (2014)
• Internet Usage Policy
• Ethical Behaviour Policy
• Intellectual Property Rights Policy
• Information and Records Management Policy
• Policy on Access to, and Use of Personal Information
• Mandatory and Recommended IT Services and Solutions (PDF)
• Information Framework (PDF)
• Information Security Policy
• Cyber Security Framework (PDF)
• Guidelines for Email Communications

Legislation

• Education and Training Act 2020
• Harmful Digital Communications Act 2015
• Films, Videos, and Publications Classification Act 1993
• Official Information Act 1982
• Privacy Act 2020
• Public Records Act 2005

Forms

External username / ID card access request

Contact for further information

If you have any queries regarding the content of this policy or need further clarification, contact:

Head of IT Infrastructure
Email wallace.chase@otago.ac.nz