An Acceptable Use Policy (often abbreviated AUP) is a formal document that sets out the rules, responsibilities, and permissions for using an organization’s information technology resources: networks, devices, internet access, email, software, cloud services, etc. It defines what is considered acceptable behavior (for example using resources for educational or business purposes, protecting privacy and security, respecting copyright) and what is forbidden (e.g., accessing harmful or inappropriate content, misusing or damaging resources, sharing credentials). An AUP usually applies to all users, students, employees, volunteers, who access those digital resources and often must be acknowledged in writing to ensure everyone knows the expectations.

Why an AUP matters: it helps balance access and safety. On one hand, technology offers huge educational and operational benefits; on the other hand, without rules, there is risk of misuse, exposure to harmful content, loss of privacy or liability, network security breaches, or legal non-compliance. A well-crafted AUP helps protect users, the institution, and those depending on it, by setting clear boundaries, ensuring accountability, and providing consequences for violations, as well as aligning with legal / regulatory requirements (e.g. around privacy, internet filtering, copyright).

Why AUPs Are More Than Formalities 

(Risks If You Don’t Have One / Don’t Comply)

Some of the risks or drawbacks if a school does not have a strong, compliant AUP:

• Loss of eligibility for funding (e.g. E-rate, state technology grants) if required policies are lacking or non-compliant.

• Legal liability if students are exposed to harmful content, if data breaches occur, or if school-issued devices are misused.

• Damage to reputation.

• Disruption, insecurity, misuse of network or devices that could interfere with instructional time.

• Difficulty enforcing rules or disciplining misuse.

Why an AUP is Needed (Particularly in Education)

Here are the main reasons educational institutions use AUPs:

1. Student Safety & Protection
   To protect students from exposure to inappropriate or harmful content (sexual content, violence, cyberbullying, etc.), misuse of devices, and unsafe online behaviors.

2. Legal & Regulatory Compliance
   Schools and districts often receive federal or state funds that come with legal obligations—such as providing Internet safety measures, filtering content, protecting student data privacy, etc. An AUP helps ensure compliance.

3. Privacy, Data Protection, Intellectual Property
   Ensures that copyright laws, privacy laws (such as FERPA in the U.S.), and related obligations are respected. Prevents misuse of copyrighted materials, protects personal / confidential information.

4. Network / Resource Management
   Helps ensure that resources (bandwidth, devices, support, etc.) are used responsibly. Prevents overuse, misuse, or other behavior that might degrade service or infrastructure.

5. Behavioral Expectations & Discipline
   Sets expectations for responsible digital citizenship: how students / staff should behave online, respectful communication, proper use of devices, etc. Also provides clarity about what happens in case of violations.

6. Risk Mitigation & Liability Reduction
   By making rules explicit and having users acknowledge them, schools can reduce liability (e.g. for misuse, for illegal content accessed via school networks, etc.).

7. Educational Opportunities
   Helps support policies where technology is leveraged for learning. By clearly outlining permitted uses, schools can more safely integrate digital tools, online learning, etc. under controlled conditions.

Here are a few of the legal or policy mandates that drive the requirement for AUPs in public education:

•  CIPA (Children’s Internet Protection Act): Schools/libraries receiving federal funds under certain programs (e.g. E-rate) must adopt policies for Internet safety. This includes usage policies (often implemented via AUPs), Internet filtering, and education of minors about appropriate online behavior. Failure to comply can lead to loss of funding.

• State laws & regulations: Many states have laws that explicitly require school districts to have acceptable use or internet safety policies. Kentucky is one example. Other states may require AUPs as part of technology or safety regulations.

• Federal privacy laws like FERPA: While these don’t require AUPs per se, they require protection of student records and data, confidentiality, limiting access, etc.; AUPs help operationalize these protections in tech uses.

• School board / district policy mandates: Local governance often sets requirements for acceptable use as a condition of device issuance, internet access, etc.

If you would like to learn more about relevant Nevada Laws / Requirements see below - each state has their own statutes regarding technology use.

Here are some of the legal or statutory references that show what’s required or strongly implied in Nevada:

Nevada Revised Statutes (NRS) Chapter 603A: This deals with security of personal information. Any policy that handles student or employee personal data would need to comply with NRS 603A for protecting that data.

NRS 388.134, 388.271, 388.272: These relate to duties/statutes connected with public school technology, internet safety, and possibly oversight or responsibilities of school boards/districts.

NRS 388.268  Department to establish, publish and make available on its Internet website index of data elements for automated system of accountability information for Nevada; biennial update.

   1.  The Department shall establish, publish and make publicly available on its Internet website:

   (a) An index of the data elements that the Department maintains or proposes to include in the automated system of accountability information for Nevada established pursuant to NRS 385A.800, including, without limitation:

             (1) Data concerning individual pupils; and

             (2) Aggregated data concerning pupils within a defined group.

   (b) An explanation of the index of data elements established pursuant to paragraph (a), which must include, without limitation:

             (1) A description of each data element concerning each individual pupil;

Author Valerie Leuchtmann September 21, 2025

Works Cited

Clark County School District. Acceptable Use Policy. CCSD.net. https://ccsd.net/district/acceptable-use-policy

Humboldt County School District. Acceptable Use Policy & Guidelines for Digital Information, Communication, and Technology Resources. HCSDnv.com. https://www.hcsdnv.com/fs/resource-manager/view/b8c6ff97-03a8-4bb9-989d-d514ffbff61b

New York City Department of Education. Internet Acceptable Use Policy. Schools.nyc.gov. https://www.schools.nyc.gov/about-us/policies/internet-acceptable-use-policy

Kentucky Department of Education. Acceptable Use Policy Considerations for Districts. Education.ky.gov. https://education.ky.gov/districts/tech/Pages/Acceptable-Use-Districts.aspx

Virginia Department of Education. Acceptable Internet Use Policy. DOE.Virginia.gov. https://www.doe.virginia.gov/programs-services/school-operations-support-services/safety-crisis-management/internet-safety/acceptable-internet-use-policy

U.S. Federal Communications Commission. Children’s Internet Protection Act (CIPA). FCC.gov. https://www.fcc.gov/consumers/guides/childrens-internet-protection-act

Nevada Legislature. Nevada Revised Statutes (NRS) Chapter 388 – System of Public Instruction; NRS 388.134, 388.271–388.272 (Internet Safety & Technology Use in Schools). https://www.leg.state.nv.us/NRS/NRS-388.html

Nevada Legislature. Nevada Revised Statutes (NRS) Chapter 603A – Security of Personal Information. https://www.leg.state.nv.us/NRS/NRS-603A.html