Acceptable Use Policy

1. Purpose

As part of its educational mission, the University of Florida (“UF”) acquires, develops and maintains computers, computer systems and networks. These Information Technology (“IT”) resources are intended for UF purposes, including support of UF’s instruction, research and service missions; administrative functions; student and campus life activities; and the free exchange of ideas within the UF community and with local, national and global communities.

2. Applicability

This Policy applies to all users of UF IT resources, regardless of affiliation with UF, and regardless of the location from which such resources are accessed or used.

3. Definitions

AI System means a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations or decisions that can influence physical or virtual environments. Different AI Systems vary in their levels of autonomy and adaptiveness after deployment.

Information System means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of information.

4. Policy Statement

4.1 General Rules

UF provides IT resources to support faculty, staff, students and other members of the UF community in carrying out UF’s mission. In doing so, UF must protect the integrity, security and functionality of its IT resources. These efforts begin with compliance with all applicable laws as well as UF regulations, policies, guidance and contracts. All users of UF IT resources must comply with Policy 1-006, Responsible Use of Artificial Intelligence (“AI”), when using AI in connection with educational activities, job responsibilities, research or instruction. Users are responsible for verifying that any IT tools, technology, or services, including AI, are approved by UF before being used with UF data or to conduct UF business.

UF recognizes that technology is essential to its operations and to the work of the UF community. Incidental personal use of UF IT resources is permitted, provided such use does not interfere with UF responsibilities, does not consume significant resources, and does not violate applicable laws or UF regulations, policies or guidelines. Supervisors may impose additional limitations on non-work-related use in accordance with standard supervisory practices. UF IT resources may not be used for personal commercial purposes or for personal financial or other gain.

Users may not use UF IT resources to gain unauthorized access to, or impair or damage the operation of, computers, networks or other IT resources, whether owned by UF or others. Prohibited activities include blocking, intercepting, or sniffing of communications; running, installing or sharing malicious software; and attempting to circumvent data protection or other security measures.

UF IT resources may not be used to access, create, store, or distribute pornographic material, except where such use has been pre-approved for legitimate academic or research purposes in accordance with applicable UF regulations, policies and guidance.

4.2 Security and Privacy

Users are responsible for safeguarding credentials and complying with all UF information security requirements, including protecting passwords and other authentication or security mechanisms and following “safe computing” practices. UF offers training and other resources on information security. Users are responsible for any activity conducted using their accounts, so it is vital that users do not share their credentials or access. Likewise, users must never use another individual’s account or password. Suspected compromise of credentials or unauthorized account activity must be reported without delay. If a user thinks their credentials have been stolen or compromised, they must report it immediately to the UF Computing Help Desk. Users are responsible for obtaining appropriate authorization prior to accessing UF IT resources.

Users may not share access to UF data or UF IT resources, including usernames and passwords, multi-factor authentication (“MFA”) credentials, Application Programming Interface (“API”) secrets, or any other access mechanism, with systems, software or services that have not been approved for use by UF, including cloud services and AI agents.

Users must not use UF IT resources in a manner that disrupts access for others. The unit responsible for administering the applicable UF IT resource will determine whether a specific use is considered normal, excessive or disruptive. Questions regarding appropriate use of a system should be directed to the relevant IT support unit or the UF Computing Help Desk.

UF employs numerous measures to protect the security of its IT resources and user accounts; however, UF cannot guarantee complete security and confidentiality. Users of UF IT resources should be aware that use of such resources is not private. While UF does not routinely monitor individual usage of resources, the normal operation and maintenance of its IT resources may require activities such as data backup, caching, logging, and monitoring of general usage patterns and other activities necessary or convenient for the provision of service.

UF may monitor or access communications, files, and other records associated with specific users of IT resources without notice to the user when permitted under applicable law or UF regulations, policies or guidelines. Such activities are governed by the Monitoring of IT Resources Policy, which establishes the criteria and approval requirements for such monitoring.

4.3 Public Records

Communications created, transmitted, or stored using UF IT resources are generally subject to Florida Public Records Law, Chapter 119, Florida Statutes to the same extent as communications in other formats or mediums. Users should be aware that most written communications concerning UF matters are public records, regardless of whether UF IT resources are used, and may be subject to disclosure upon request.

Users are not authorized to determine what records are public or to release records. All public records requests must be referred to UF Public Records Center for coordination, review and response.

UF records must be retained and disposed of in accordance with applicable public records laws, state retention periods and UF records management requirements. Users are responsible for complying with these requirements. Questions regarding records retention and disposition should be directed to University Records Management.

4.4 Network Infrastructure

UF maintains a large and complex network environment, which includes wired, wireless and external connections. Any uncoordinated installation of network infrastructure may result in disruption to this network and UF IT resources. Only Network Service Providers authorized by the Chief Information Officer are allowed to implement network infrastructure, including hubs, switches, routers, network firewalls and wireless access points.

Users may not implement or provide alternate methods of access to UF IT resources, including through modems, virtual private networks (“VPNs”), or by operating or providing network infrastructure services such as Domain Name Systems (“DNS”) or Dynamic Host Control Protocols (“DHCP”), unless expressly authorized by UF.

4.5 Impersonation and Spoofing

Users are strictly prohibited from impersonating other individuals or entities or engaging in spoofing activities while conducting UF business or using UF IT resources. Prohibited activities include, but are not limited to:

• Sending communications under another individual’s identity or falsified credentials
• Creating fake accounts or profiles using another individual’s name or likeness
• Misrepresenting one’s identity, role or authority in communications
• Using spoofed email addresses, domains or digital signatures
• Impersonating UF officials, departments or external entities

Violations may result in disciplinary action up to and including termination in accordance with applicable UF regulations, policies and guidelines, and may be referred to law enforcement where appropriate. All communications conducted using UF IT resources must accurately represent the sender’s identity and organizational affiliation.

5. References and Related Information

Federal and State Laws

• Florida Public Records Law, Chapter 119, Florida Statutes
• Florida Computer Crimes Act, Chapter 815, Florida Statutes
• Electronic Communications Privacy Act (18 U.S.C. §§ 2510–2523)
• Computer Fraud and Abuse Act (18 U.S.C. § 1030)
• Family Educational Rights and Privacy Act (FERPA)
• Health Insurance Portability and Accountability Act (HIPAA), as applicable
• U.S. Copyright Act (Title 17, U.S. Code)

UF Regulations and Policies

• Policy 1-006, Responsible Use of Artificial Intelligence Policy
• Policy 5-003, Title IX Policy
• Policy 11-032, Workplace Violence
• Policy 12-011, Data Classification Policy
• Policy 12-021, Monitoring of IT Resources Policy
• Policy 12-014, Electronic Mail
• Policy 12-031, Acceptable Data Use Policy
• Regulation 1.008, Disruptive Behavior
• Regulation 4.040, UF Student Honor Code and Student Conduct Code

UF Operational and Administrative Resources

• UF Computing Help Desk
• UF Information Security Office Contact Information
• UFIT Fast Path Solutions (IRM-Approved Applications)
• UF Records Management
• UF Records Retention Schedules
• UF Public Records Center
• UF Guidelines for AI Use

History