ANU CABS Information Technology Services Rules

external user means a person, other than a member of staff or a student of the University, who is authorised to use the part of the information infrastructure in relation to which the term is used;

item includes a book, periodical, newspaper, thesis, pamphlet, musical score, map, plan, chart or table, sound recording, cinematograph film, audio-visual material, electronic material, digital material and microform material;

Librarian means the person holding office as University Librarian, or any other Director who holds office as a Director in the Information Portfolio within the University, as the case requires;

library collection includes a collection of items;

loans desk, in relation to the Library, means any desk, table or counter in the Library including any associated book chute used for the purpose of borrowing or returning items;

password means a mode of secured personal access, described in rule 7, to a part of the information infrastructure authorised under rule 6 for use by the user;

responsible officer means the Vice-Chancellor or his or her nominee;

software includes the licensed products, computer programs and applications located on the information infrastructure;

Statute means the Information Infrastructure and Services Statute 2006;

user means a person (wherever located) who accesses the information infrastructure.

[Note: information, information infrastructure, information services and Library are defined in the Statute. Terms defined in the Statute have the same respective meanings in the Rules as they have in the Statute.]

PART 2 - INFORMATION INFRASTRUCTURE: ACCESS AND USE

3 Application of Part

3.1 This Part applies to:

(a) the University’s information and information infrastructure; and

(b) each user.

4 Access and use, generally

4.1 A user must not use the information infrastructure in a manner that:

(a) is unethical; or

(b) is not in accordance with the law (including a law of the University); or

5 Access to information infrastructure: responsible officer’s role

5.1 The responsible officer may give a user access to all or a particular part of the information infrastructure, depending on the user’s individual work or study requirements.

5.2 If a user is permitted to access the information infrastructure jointly with another user, each such user is responsible for any action undertaken on the information infrastructure by any of the joint users during the period of joint use.

5.3 If a user has doubt concerning his or her authorisation to use any part of the information infrastructure, the user must seek the advice of the person responsible for that part.

6 Authorised and public access

6.1 A person must not use the information infrastructure unless:

(a) he or she is authorised to do so by the responsible officer; or

(b) the service used by the person is for public use.

6.2 An authorised user must have regard to any relevant policies and guidelines for the use of University information infrastructure issued by the University from time to time.

6.3 A person commits an offence if the person:

(a) uses, or permits another person to use, the information infrastructure, or any part of the information infrastructure, without being authorised to do so; or

(b) uses another user’s account; or

(d) without lawful excuse, disturbs other persons using the information infrastructure or causes a nuisance in premises that are part of the information infrastructure.

6.4 The responsible officer, or an officer appointed by the responsible officer for the purpose, may assign an account to a user to enable the user to access part of the information infrastructure.

6.5 A user must provide proof of identity if requested to do so by a member of staff of the University.

6.6 Unless, in particular circumstances, the responsible officer determines otherwise, a member of staff or a student of the University has priority over authorised persons and members of the public in relation to the use of University facilities.

6.7 If a person, on University premises, contravenes subrule 4.1, 6.1, 6.2, 6.3, 6.5 or 6.6, any member of the staff of the University may direct the person to leave the premises for a period not exceeding 24 hours.

6.8 A person to whom a direction is given under subrule 6.7 must comply with the direction without delay.

6.9 To avoid doubt, a direction under subrule 6.7 is not to be taken into account when imposing a penalty under rule 32 or the Discipline Rules or when imposing a period of suspension under rule 33.

7 Authentication

7.1 Access to some parts of the information infrastructure may be regulated by password or other form of authentication supplied to a user by the responsible officer.

7.2 If a password or other form of authentication is personal to its particular user, it is an offence for the user to make it available to another person.

8 System security

8.1 If a user inadvertently obtains information to which he or she is not entitled, or becomes aware of a breach of security, pertaining to any part of the information infrastructure, the user must immediately report it to the person responsible for that part or to the responsible officer.

8.2 A user must not:

(a) make any attempt to find out the password or other form of authentication for a part of the information infrastructure which he or she has not been authorised to use; or

(b) inject or otherwise introduce computer viruses (including bots, spyware, Trojan horses) into the University’s network or any equipment of the University whether connected to the network or not; or

(c) attempt to copy, disclose, transfer, examine, rename, change, add to or delete information belonging to the University or another user without their express permission, unless it is part of the first-mentioned user’s duties to do so; or

(d) collect or discard any analogue, digital, electronic, printed or magnetic output without the owner's explicit permission, or unless required to do so as part of his or her duties.

8.3 A user must not engage in any other activity that adversely affects the security of the information infrastructure.

9 Publication of material

9.1 If a user creates, or is responsible for, material sent over or published on the information infrastructure, the user must present this material in a professional manner upholding the reputation of the University.

9.2 Material sent over or published on the information infrastructure by a user must contain the originator's name and position within the University.

10 Use of equipment and software

10.1 On any machine governed by allocation of resources to individuals or groups (such as supercomputer time allocation), a user must not exceed his or her agreed allocation.

10.2 If a user becomes aware of an abuse of a shared resource, the user must report it immediately to the person responsible for the relevant part of the information infrastructure.

10.3 If a user is provided by the University with, or with access to, software to be used on the information infrastructure, the user must abide by the Copyright Act 1968 and relevant terms of any licence agreement in relation to the software provided to the user with the software.

11 Development of software

11.1 If a user develops software with potential commercial value on, or using, the information infrastructure, the user must have regard, in relation to the software, to the University's legislation and guidelines about intellectual property.

12 Access to remote services from the University

12.1 If a user abuses any information or information service at another site accessed from the University's information infrastructure, the abuse is to be regarded as abuse of the information infrastructure at the University.

[Note: information services at another site may also be covered by relevant legislation or applicable guidelines administered by the other site.]

13 Examination of information

13.1 If there are reasonable grounds for believing that the information infrastructure is being or has been used in contravention of an Industrial Award, an Enterprise or Workplace Agreement, a Statute, Rules or Order of the University or any other legislative instrument, the Vice-Chancellor may appoint, in writing, a person to examine information stored on the information infrastructure.

13.2 A member of the University staff who is authorised to examine information under subrule 13.1 is bound by the provisions of the Privacy Act 1988 in relation to information obtained through such an examination except in regard to its disclosure for purposes of substantiating a contravention to which that subrule applies.

14 Further conditions

14.1 Nothing in these Rules prevents the Vice-Chancellor from applying further conditions to the use of a particular information service, because of the special nature of the service.

PART 3 - PARTICULAR OFFENCES

15 Penalties

15.1 A person who contravenes a provision of Part 2 or subrule 27.5 commits an offence.

15.2 A person who commits an offence to which subrule 15.1 applies is liable to a penalty set out in rule 30.

16 Offence: use for gain

16.1 A user may not use any part of the information infrastructure for personal or private gain, or for a financial gain to a third party, without first obtaining the approval of the responsible officer for that part of the information infrastructure.

16.2 A user who knowingly or recklessly contravenes subrule 16.1 commits an offence.

17 Offence: copying

17.1 A user commits an offence if the user:

(a) copies any information of another user contained on the information infrastructure (without the consent of the other user); or

(b) copies any software contained on the information infrastructure (without the consent of the licensor of the software); or

(c) copies any information belonging to the University which the user is not authorised to access or to copy (including copying that would cause the University to be in breach of a licence agreement); or

(d) otherwise contravenes a provision of the Copyright Act 1968 in relation to information contained on the information infrastructure.

18 Offence: interfering or subverting

18.1 A user must not interfere with the operation of the information infrastructure or any part of the information infrastructure.

18.2 If a user wilfully interferes with the operation of all or any part of the information infrastructure, he or she commits an offence.

18.3 If a person attempts to subvert the security of any of the information infrastructure, he or she commits an offence.

18.4 A person commits an offence if the person, without authority or lawful excuse:

(a) destroys, erases or alters information stored in, or inserts information into, the information infrastructure or any part of the information infrastructure; or

(b) interferes with, or interrupts or obstructs the lawful use of a part of the information infrastructure; or

(d) impedes or prevents access to, or impairs the usefulness or effectiveness of, data stored in the information infrastructure or information stored on behalf of the University.

19 Offence: obscene, offensive, etc. messages or material

19.1 A person must not use the information infrastructure:

(a) in a manner that brings the University into disrepute; or

(b) to publish or send spam or obscene, offensive, harassing or defamatory messages or material to another person whether at the University or at another place.

19.2 A user commits an offence if the user sends a message or material referred to in subrule 19.1, whether within the University or to a person outside the University, on a network connected to the information infrastructure, whether it identifies the user as affiliated with the University or not.

19.3 If a user sends, through equipment which is not part of the University’s information infrastructure, a message or material to which subrule 19.1 applies and which associates the name of the University with the message or material, the user commits an offence.

20 Offence: misrepresentation

20.1 A person commits an offence if the person represents himself or herself as another person, whether fictional or not:

(a) to obtain access to the information infrastructure or any part of it; or

(b) to purport to be the author of any work or information on the information infrastructure; or

21 Offence: damage to items

21.1 A person commits an offence if the person wilfully or recklessly:

(a) damages any item, article or part of the information infrastructure; or

(b) erases, deletes or damages any information through the information infrastructure.

[Example: to invoke paragraph 21.1(a), the damage could be caused to any part of the information infrastructure, including hardware, software, digital or print media.]

PART 4 – LIBRARY AND LIBRARY COLLECTIONS

22 Application of Part

22.1 This Part applies to all users in relation to the library collections and any part of the information infrastructure in which a part of such a collection is located or through which scholarly information in digital or electronic form is accessed.

23 Return of borrowed items

23.1 If a person borrows an item from a library collection, the person must return the item to a loans desk on or before the time and date, or, if no time is specified, on or before the date specified on the borrowing slip relating to the item.

23.2 If a person borrows an item from a library collection and no date is specified on the item or the borrowing slip relating to the item, the person must return the item to a loans desk within 28 days for a book, and 7 days for audio-visual material or a periodical, from the day on which the item was borrowed.

23.3 Despite subrules 23.1 and 23.2, if a person borrows an item from a library collection for other than a 2-hour, overnight or 2-day loan, the Librarian may, either orally or by notice in writing sent to the person, require the person to return the item to a loans desk on or before a specified date, being a date earlier than the date mentioned in subrule 23.1 or 23.2.

23.4 A person who, without reasonable excuse, fails to comply with subrule 23.1, 23.2 or 23.3 must pay to the University a fine of:

(a) for a 2-hour or overnight loan, $4 for the first hour or part of an hour, and $6 for each subsequent hour or part of an hour that the person fails to return the item after the expiration of the time specified on the item or borrowing slip; and

(b) for any other loan, $4 for each day that the failure continues.

23.5 However, if a fine under this rule would otherwise exceed $100 for a particular item, the person incurring the fine is liable to pay $100 for that item.

24 Failure to pay fine

24.1 A person who is liable under subrule 23.4 to pay to the University a fine of not less than $25 is not entitled to borrow any item from any library collection until the fine is paid.

25 Loss or destruction of borrowed items

25.1 If an item that is borrowed from a library collection is lost or destroyed, the person who borrowed the item:

(a) must notify the Librarian in writing of the loss or destruction of the item as soon as practicable; and

(b) is liable, unless the Librarian otherwise directs, to pay to the University such amount as is necessary to pay the costs (including any reasonable administrative costs) to the Library of replacing the item.

25.2 If a person:

(a) borrows an item from a library collection; and

(b) fails to return the item, or to notify the Librarian in writing of the loss or destruction of the item, before the end of 4 weeks after the day on which the person breached rule 23 in relation to return of the item;

the item is to be taken to have been lost and the person is, unless the Librarian otherwise directs, liable to pay to the University such amount as is necessary to pay the costs (including any reasonable administrative costs) to the Library of replacing the item.

25.3 The Librarian may determine, in a particular case, that the amount payable under subrule 25.2 be $110.

25.4 If a person is liable to pay an amount to the University under this rule, the Librarian must cause a notice in writing to be given to the person specifying the amount to be paid by the person and the person must pay to the University the amount so specified within 28 days of the date of the notice.

25.5 A person who, without reasonable excuse, refuses or fails to comply with subrule 25.4 is not entitled to borrow any item from the Library until the amount that person is liable to pay to the University under this rule is paid.

26 Damage to items

26.1 A person who knowingly or recklessly damages any item in a library collection or any article, other than an item, in the Library, must pay to the University a fine of $5, together with such amount as is necessary to repair the damage or, in a case where the damage is irreparable, such amount as is necessary to pay the costs (including any reasonable administrative costs) to the Library of replacing the item or article.

26.2 The Librarian may determine, in a particular case, that the amount payable under subrule 26.1 be $110.

26.3 If a person becomes liable to pay to the University a fine or other amount under this rule, the Librarian must cause a notice in writing to be given to the person specifying the total amount payable by the person and the person must pay to the University the amount so specified within 28 days of the date of the notice.

26.4 A person who, without reasonable excuse refuses or fails to comply with subrule 26.3, is not entitled to use the Library or any facilities of the Library until the amount that the person is liable to pay to the University is paid.

27 Conduct of users of Library

27.1 A person in premises of the Library must at any time, if so required by the Librarian or a member of the staff of the University, produce proof of identity.

27.2 A person who uses the Library must permit the Librarian, or a member of the staff of the University, if so required by the Librarian or that member of the staff, to inspect at any time any bag, folder, container or article in the possession of the person.

27.3 A person who uses the Library must not, while using the Library, make any unnecessary noise or otherwise behave in a manner that unreasonably disturbs, or is likely to unreasonably disturb, other persons using the Library.

27.4 The Librarian, or a member of the staff of the University, may direct a person to leave any premises of the Library for a period not exceeding 24 hours if the person refuses or fails to comply with a requirement of this rule.

27.5 A person to whom a direction is given under subrule 27.4 must comply with the direction without delay.

PART 5 - APPLICATION OF DISCIPLINE RULES ETC

28 Discipline Rules, Enterprise and Workplace Agreements to apply

28.1 If a person commits an offence under these Rules, the Vice-Chancellor may determine whether the offence is to be dealt with under these Rules or under the Discipline Rules or a relevant Industrial Award, Enterprise Agreement or Workplace Agreement.

28.2 However:

(a) nothing in these Rules or the Discipline Rules or an Award or Agreement referred to in subrule 28.1 is to permit a person to be held accountable more than once for the same offence; and

(b) a direction under subrule 6.7 or a suspension under subrule 33.1 from all or part of the information infrastructure may be imposed whether or not:

(i) the offence is to be dealt with further under these Rules, the Discipline Rules or a relevant Industrial Award, Enterprise Agreement or Workplace Agreement; or

(ii) an additional penalty or an amount of compensation is to be imposed or is payable.

PART 6 - PENALTIES AND COMPENSATION

29 Offences

29.1 A person who:

(a) commits an offence; or

(b) repeats an offence; or

is liable to the relevant penalty set out in these Rules or, if no specific penalty is set out for the offence, a penalty set out in subrule 30.1.

29.2 However, a user who commits an offence against this provision and the Copyright Act 1968 may not be penalised under paragraph 30.1 (e) or (f) if the person is to be prosecuted for an offence under that Act.

29.3 Also, a user who, in particular circumstances, commits an offence to which 2 provisions of these Rules would, but for this subrule, otherwise apply, is not to be penalised more than once in relation to those particular circumstances.

30 Penalties

30.1 If the responsible officer finds that a person has committed an offence, the responsible officer may, in relation to the offence:

(a) decide to take no action; or

(b) reprimand the person committing the offence; or

(d) close the relevant account; or

(e) recommend to the Vice-Chancellor that the person be dealt with for misconduct:

(i) if the person is a student to whom the Discipline Rules apply, under the Discipline Rules; or

(ii) if the person is a member of the staff of the University, under the relevant Industrial Award, Enterprise or Workplace Agreement; or

(f) impose a monetary penalty of not more than $500 on the person; or

(g) determine the conditions under which the person may have access to any part of the information infrastructure; or

(h) determine compensation payable by the person to the University for damage to the information infrastructure; or

(i) take any action, being a combination of the actions specified in paragraphs 30.1 (b) to (h).

30.2 The responsible officer may, in relation to an offence for which the sole penalty is a monetary penalty:

(a) waive the monetary penalty payable for the offence; or

(b) extend the time for the payment of the monetary penalty.

30.3 If a person becomes liable to pay to the University a monetary penalty or other amount under this rule or rule 31, the person must pay to the University the amount specified in the notice given under subrule 32.1 in relation to the matter not later than 28 days after:

(a) if an appeal is not lodged in relation to the finding giving rise to the liability—the date of the notice; or

(b) if an appeal is lodged in relation to the finding giving rise to the liability—the day on which the decision is given in respect of the appeal.

30.4 A person who is liable to pay to the University a monetary penalty or other amount under this rule or rule 31, is not entitled to use the information infrastructure, unless otherwise authorised in writing by the responsible officer, if the amount remains unpaid after the time referred to in subrule 30.3 has expired.

30.5 A decision made under this rule must be in writing and must be given to the person in relation to whom it is made and the Vice-Chancellor not later than 7 days after the decision is made.

31 Compensation

31.1 If the responsible officer determines under paragraph 30.1(h) that compensation is payable by a person, the person must pay to the University, in addition to any monetary penalty imposed under paragraph 30.1(f):

(a) the lesser of:

(i) an amount equivalent to the cost of the repair of the damage; and

(ii) $5,000; or

(b) if the damage is irreparable—the lesser of:

(i) an amount equivalent to the cost (including any reasonable administrative cost) of replacing the item or article or part of the information infrastructure, as the case may be; and

(ii) $5,000.

31.2 Nothing in subrule 31.1 prevents the University from recovering, in a court of competent jurisdiction and in addition to the costs of the recovery:

(a) any unpaid amount of the cost of the repair of the damage caused by a person; or

(b) any unpaid amount equivalent to the cost (including any reasonable administrative cost) of replacing the item or article or part of the information infrastructure damaged by the person.

32 Imposition of penalties

32.1 A penalty (other than a suspension referred to in subrule 33.1) must not be imposed on a person unless:

(a) the person is given written notice of:

(i) the breach that is alleged to have been committed by the person; and

(ii) the penalty that is proposed to be imposed for the alleged breach in addition to any suspension under subrule 33.1; and

(b) the notice is accompanied by a copy of this rule and of rules 34 to 37; and

(c) a period of not less than 14 days, or any shorter period that is agreed to by the person, has elapsed since the giving of the notice; and

(d) any written representations made, during the period referred to in paragraph (c), by the person to the responsible officer about the alleged offence or the proposed penalty have been taken into account; and

(e) in the case of a person who appeals under rule 35 against a finding or penalty, the decision of the Appeals Committee is given to the appellant and the responsible officer under subrule 37.3.

33 Suspension from information infrastructure

33.1 If it appears to the responsible officer or his or her nominee that a person is in breach of these Rules, the responsible officer may immediately suspend a person from use of all or part of the information infrastructure for an initial period not exceeding 28 days.

33.2 If a person is be suspended from use of all or part of the information infrastructure under subrule 33.1, written notice must be given to the person before, or not later than 24 hours after, the suspension takes effect.

33.3 The Vice-Chancellor may extend a suspension under subrule 33.1 until the matter (including any appeal) is determined.

PART 7 - APPEALS

34 Information Infrastructure and Services Appeals Committee

34.1 There is to be an Information Infrastructure and Services Appeals Committee.

34.2 The Appeals Committee consists of a Chair and 4 members selected by the Pro Vice-Chancellor, for the purposes of an appeal.

34.3 However, if the appellant is a student, (or if the appeal relates to the person mentioned in subrule 35.7, being a student) an appropriate student representative must be selected under subrule 34.2, by the Pro Vice-Chancellor in consultation with the President of the Australian National University Students’ Association or the Australian National University Postgraduate and Research Students’ Association Inc., as the case requires, to be a member of the Appeals Committee.

34.4 Also, a person is not eligible to be selected as a member of the Appeals Committee, for the purposes of an appeal, if the person is a member of the staff of, or a student in, the same ANU College as the appellant.

34.5 The quorum at a meeting of the Appeals Committee is the Chair and 2 other members.

35 Appeals to Appeals Committee

35.1 If the responsible officer finds that a person has committed an offence against these Rules, the person may appeal to the Appeals Committee against the finding and, if a penalty was imposed in respect of that breach, against the penalty.

35.2 An appeal must be lodged within 14 days of the date of the finding by delivering a notice of appeal to the Pro Vice-Chancellor who must forward the notice to the Vice-Chancellor and the Chair of the Appeals Committee.

35.3 The members of an Appeals Committee present at a hearing may determine the procedure of the Committee at the hearing.

35.4 The Appeals Committee is not bound to act in a formal manner but may inform itself on any matter in any manner as it thinks just.

35.5 However, the Appeals Committee must disregard any statement that appears to it to have been obtained unfairly or to which, in the opinion of the Committee, it would be unjust to have regard.

35.6 An appeal hearing under these Rules is not ineffective by reason only of a formal defect or irregularity in the convening or conduct of the Appeals Committee.

35.7 If:

(a) the responsible officer finds that a person has committed an offence against these Rules; and

(b) the Vice-Chancellor considers that the finding made or penalty imposed is inappropriate in the circumstances of the case;

the Vice-Chancellor may, within 21 days of the finding being reported to the Vice-Chancellor under subrule 30.5, and after giving the person concerned the opportunity to be heard, appeal to the Appeals Committee against the finding or penalty.

36 Representation

36.1 At a hearing by the Appeals Committee, the appellant (or, if the appellant is the Vice-Chancellor, the other person mentioned in subrule 35.7) is entitled to be accompanied by another person, being:

(a) a student; or

(b) a member of the staff of the University; or

except a person acting as a practising lawyer.

36.2 A person referred to in subrule 36.1 may:

(a) advise the appellant in relation to the appeal; and

(b) address the Appeals Committee and examine and cross-examine witnesses on behalf of the appellant.

37 Decisions

37.1 After receiving the evidence and representations advanced by the appellant and any other evidence, about either or both of:

(a) the finding of the responsible officer; and

(b) the penalty (if any) imposed by the responsible officer;

the Appeals Committee may:

(d) vary the decision; or

(e) set aside the decision and make a decision in substitution for the decision set aside; or

(f) set aside the decision.

37.2 If the Appeals Committee is divided in opinion as to the decision to be made on any question, the question must be decided:

(a) if the members of the Committee present and participating in the making of the decision are not equally divided in opinion—according to the opinion of the majority; and

(b) if those members are equally divided in opinion—in favour of the appellant.

37.3 The decision of the Appeals Committee and the reasons for the decision must be given in writing to the appellant and the Vice-Chancellor within 7 days of the making of the decision.

37.4 The decision of the Appeals Committee is final.

PART 8 - MISCELLANEOUS

38 Notices

38.1 For the purpose of these Rules, a notice or communication that is hand delivered by security post to a person (the recipient) at a place shown in the records of the University as the recipient’s:

(a) semester address; or

(b) work address; or

is regarded as having been given to the recipient on the date on which the notice was hand-delivered or, if sent by post, on the date on which it would, in the ordinary course of post, have been delivered to the recipient.

38.2 Nothing in subrule 38.1 prevents a notice or communication under these Rules being sent to a person (the recipient) at an email address:

(a) registered with the University as the recipient’s email address; and

(b) to which the recipient has access.

38.3 If a notice or communication is sent by email to a recipient, the notice or communication is regarded as having been given to the recipient on the date on which it would have been received in the ordinary course of email transmission.

39 Repeal

39.1 The Information Technology Services Rules 2005 and the Library Rules 2005, as amended and in force immediately before the commencement of these Rules, are repealed.

39.2 The following Orders, as amended and in force immediately before the commencement of these Rules, are repealed, namely:

the Information Technology Services (Student Computer Laboratories) Order 2005;
the Information Technology Services (General Conditions) Order 2005;
the Library Order 2005.