The Catholic University of America



Director of Information Technology

Federal Rules of Civil Procedure Related to Discovery and Electronically Stored Information
Summary of the Law
Under this Federal Rule of Civil Procedure the university must have a process in place with respect to retention of data when litigation can be reasonably anticipated.

Responsibilities: The Director of Information Technology is the person responsible in CPIT for coordinating litigation holds with the OGC.

Digital Millennium Copyright Act Title II: Online Copyright Infringement Liability Limitation
The Digital Millennium Copyright Act (DMCA) makes major changes to copyright law, and attempts to address copyright in the digitally networked environment.

The Director of Information Technology has responsibility for content provider complaints posted into the online DMCA database. This position generates email to students about whom a complaint of copyright infringement is received, and follows up with students who do not view the DMCA video and take the quiz by forwarding this information to the Dean of Students for action. OGC has operational responsibility for complaints of infringement where notice and takedown provisions are implicated. See flowchart for details.

The HEOA of 2008 added new requirements for campuses, as follows: 

(i) an annual disclosure that explicitly informs students that unauthorized distribution of copyrighted material, including unauthorized peer-to-peer file sharing, may subject the students to civil and criminal liabilities;
(ii) a summary of the penalties for violation of Federal copyright laws; and
(iii) a description of the institution's policies with respect to unauthorized peer-to-peer file sharing, including disciplinary actions that are taken against students who engage in unauthorized distribution of copyrighted materials using the institution's information technology system.

In addition, the University must develop and implement written plans to effectively combat unauthorized distribution of copyrighted materials by users of the network without unduly interfering with educational and research use of the network. Included in the plan must be a) one or more technology based deterrents;
b) mechanisms for educating and informing the community about appropriate versus inappropriate use of copyrighted material. This could include adding pertinent information in honor codes, codes of conduct, and email or paper disclosures. c) procedures for handling unauthorized distribution of copyrighted material, including disciplinary procedures; and d) procedures for periodically reviewing the effectiveness of plans to combat the unauthorized distribution of copyrighted materials. Many of these requirements can be met by creating a web page with this material. 

The Director of Information Technology is responsible for ensuring the above requirements are met.

N.B. Eligibility for the limited university liability under the DMCA hinges on the university adopting and reasonably implementing a policy that provides for termination in appropriate circumstances of the computer privileges of users who are repeat infringers. The ISP does not need to monitor its service (i.e., monitor its students' Web pages) or go looking for copyright infringements in order to be eligible for the ISP immunity under this law. If the university receives a complaint from a copyright owner or his/her agent that a student is unlawfully making available digitized copies of copyright-protected material through use of the university's computer networks, the complaint will be forwarded to the student who will be asked to remove the copyrighted material. The student will also be asked to read the CUA Acceptable Use Policy, complete an online tutorial on copyright law, and certify to the Director of Information Technology that these actions have been taken. Failure to honor this request and complete these steps within 72 hours will result in a temporary block being placed on Internet access to the student's personal computer. In addition, first time offenders may be referred for disciplinary action under the Code of Student Conduct if the infringement is egregious, and the student's Internet access will be blocked immediately. If the University receives notification of copyright infringement with regard to a student who has already committed an infringement, the student will be referred for disciplinary action under the Code.


Under the law, companies may send transactional or relationship emails, commercial email where the recipient has given consent, and certain unsolicited commercial email messages. Commercial email is defined in the law as those emails that have as their primary purpose the promoting or advertising of a commercial product or service. The law specifically prohibits the sending of commercial (including transactional) email that is accompanied by header information that is materially false or misleading or with a deceptive subject heading. The law requires the inclusion of a functioning return electronic mail address (or other Internet based mechanism) on all commercial email that the recipient may use to submit a reply not to receive further email from the sender. Commercial email must include clear and conspicuous identification that the message is an ad, notice of the chance to decline further email, and a valid physical postal address from the sender. Best practices are these:

  • Always provide clear, accurate source and contact information for all email sent by staff members or sent on behalf of the organization, including a valid email and postal address to which replies can be sent, and a subject line that correctly reflects the message's contents.
  • Provide email recipients with a clear method for unsubscribing or opting out of future messages. Develop standard opt-out language for all email messages, such as to type "unsubscribe" in the subject line and hit "Reply," or to click a link to a web site that automatically unsubscribes the recipient.
  • Create clear systems and procedures to honor any stop email request in a timely fashion, preferably within 10 business days. Train staff and volunteers on proper procedures for sending email, and have a designated official regularly review outgoing messages to verify that they meet internal standards.
  • Clearly explain the organization's email policies to any corporate sponsors, partners, or vendors with whom it might be cooperating.
  • Ensure that outside vendors comply with industry standards such as those developed by the Direct Marketing Association or the Association for Interactive Media's Council for Responsible Email. Any vendor or organization sending email on your behalf should provide to you the email address of anyone who has requested to be dropped from your email communications list.

The Director of Information Technology has the responsibility to ascertain if admission or alumni relations are sending any *commercial* messages, and if so, to ensure the above "best practices" are followed.



Peer to Peer File Sharing: Paper by Susan Hattan for the NACUA Compliance Conference

UC Boulder HEOA Peer to Peer Compliance Plan

UW Madison Peer to Peer Compliance Plan



updated Oct. 15, 2012