The College of Saint Rose (the “College”) maintains access for its community to local, national and international sources of information and to provide an atmosphere that encourages the free exchange and sharing of ideas and information that is consistent with the College’s mission – instruction, research and public service. The purpose of this policy is to emphasize and outline the responsibility of those with access to the College’s information technology resources to use these resources under the highest ethical standards possible. The College expects all members of the community to use computing and information technology resources in a responsible manner and to respect rights and privacy of others, the integrity of facilities and controls, all pertinent laws and College policies and standards. The objective of this policy is to outline the minimum standards for acceptable use of technology resources on both College and privately owned computer systems and devices, which include, but are not limited to, equipment, software, networks and data whether owned, leased, or otherwise provided by the College.
- Technology Resource: equipment or services used to input, store, process, transmit and output information, including, but not limited to desktops, laptops, mobile devices and
- Information Resource: Any information that is stored on a College network or system. Information resources are classified into more descriptive categories in the Information Security
- System Administrator: A College employee who has the responsibility and authority to manage one or more technology
- Carrier: a carrier of information simply provides information from one party to another acting as a bridge between the two. A publisher of information, discovers, creates, formats etc. information for the use of themselves and others.
- Commercial Use: the use of the systems of the College in the commerce sector. As this is not in line with the mission of the College, it is generally prohibited (see section B5 for more information).
The College is a carrier of information via electronic channels and hence, except with regard to official College publications, is not expected to be aware of, or responsible for, materials or communications that individuals may post, send, or publish via the World Wide Web, electronic communications, Internet discussion groups, Facebook, YouTube, or any social networks; make available via any file-sharing method; or send via email, tweeting, instant messaging or video; or any actions taken by individuals’ avatars within on-line virtual reality environments.
However, under certain circumstances, the College may be required to respond to complaints regarding the nature or substance of such materials or communications. It is the responsibility of the entire College community to act responsibly and guard against abuses. Therefore, both the community as a whole and each individual user has an obligation to abide by the following standards of acceptable and ethical computer use:
- Use only those computing and information technology resources for which the users have authorization;
- Use computing and information technology resources only for their intended purpose;
- Protect the access and integrity of computing and information technology resources;
- Abide by applicable laws and College policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted software;
- Respect the privacy and personal rights of others, including the right to be free from harassment.
The College reserves the right to limit or restrict the use of its computing and information technology resources based on institutional priorities and financial considerations, as well as when it is presented with evidence of a violation of College policies, contractual agreements, or applicable state and federal laws. If a user is suspected of violating College policy, the College has the right and responsibility to protect the integrity of information technology resources, the rights of all users and the property of the College. The College reserves the right to examine material stored on or transmitted through its network and telecommunications systems if there is reasonable cause to believe that the standards for acceptable and ethical computer use or other College policies are being violated by a member of the College community.
A. Right to Privacy
The College technology resources and the data that is contained in, transmitted through or manipulated by those resources are the properties of the College and are to be used for College- related business. Users have no expectation of privacy when utilizing the College’s technology resources, even if the use is for personal purposes. Moreover, the data that users create using the College’s technology resources remains the property of the College, unless otherwise stipulated in other policies.
B. Guidelines for the Interpretation and Administration of the Acceptable Use Policy for Computing and Information Technology Resources — These guidelines are intended to assist the College community in the interpretation and administration of the Acceptable Use Policy for Technology Resources. The guidelines are put forth as a minimum set of standards for all areas of the College and may be supplemented with unit specific guidelines. However, such additional guidelines must, at a minimum, comply with this policy and cannot supersede this
1. User Responsibility – The following statements and examples outline the basic guidelines all users should be aware of and responsible for executing should they use any of the College’s computing or information technology
The user will access only those resources for which they have authorization. For example, it is a violation to:
- use resources the user has not been specifically authorized to use;
- use someone else’s account and password or share the user account and password with someone else to access files, data or processes without authorization;
- purposely look for or exploit security flaws to gain system or data access;
- Impersonate other individuals in communication or as the author or editor of electronic documents or data;
Use computing and information technology resources only for their intended purposes. For example, it is a violation to:
- use electronic resources for harassment or to stalk other individuals;
- send rash messages such as bomb threats or “hoax messages” to send chain letters;
- intercept or monitor any network communications not intended for the user;
- use computing or network resources for consulting, advertising or other commercial purposes;
- attempt to circumvent security mechanisms;
- use privileged access for other than official duties;
- use former privileges after graduation, transfer or termination;
- use any or all parts of the College’s technology resources in violation of the laws of the United States of America, the State of New York or of any other pertinent law or ordinance;
Protect the access and integrity of computing and information technology resources. For example, it is a violation to:
- release a virus or other malware that damages or harms a system or network;
- prevent others from accessing an authorized service;
- send excessive email messages that may cause problems and disrupt service for other users;
- attempt to deliberately degrade performance or deny service;
- corrupt or misuse information to alter or destroy information without authorization.
Abide by applicable laws and College policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted software. For example, it is a violation to:
- make more copies of licensed software than the license allows;
- download, use or distribute unlicensed software;
- operate or participate in pyramid schemes;
- distribute pornography to minors;
- upload, download, distribute or possess child pornography.
Respect the privacy and personal rights of For example, without authorization from the individual user or an officer of the College, it is a violation to:
- tap a phone line or monitor network activity;
- access or attempt to access another individual’s password or data;
- access or copy another user’s electronic mail, data, programs, or other files.
2. System Administrator Responsibly
System Administrators and providers of technology resources have the additional responsibility of ensuring the integrity, confidentiality, and availability of managed resources. Persons in these positions are granted significant trust to use their privileges appropriately for their intended purpose and only when required to maintain the system. Any private information seen in carrying out these duties must be treated in the strictest confidence, unless it relates to a violation or the security of the system.
Do not use the College’s Information Technology Resources to harass. Users are not permitted to use the College’s information technology resources to create, transmit or store threatening, offensive or harassing materials including, but not limited to, bulk emails to a large number of recipients with the same content which is unrelated to the College’s mission.
Do not produce or transmit any work which has the intent or effect of unreasonably interfering with an individual or group’s educational or work performance at the College or elsewhere, or that creates an intimidating, hostile or offensive educational, work or living environment. This includes viewing, sending or making available offensive materials, unless such activity is appropriate for academic or work purposes. For example, sending email, text or other electronic messages, creating materials or publishing information or graphics to the Web which unreasonably interfere with anyone’s education or work at the College may constitute harassment and is in violation of the intended use of the system.
4. Security caveat
Be aware that although technology providers throughout the College are charged with preserving the integrity and security of resources, security can sometimes be breached through actions beyond their control. Users are responsible for taking appropriate precautions, such as safeguarding their accounts and passwords, taking full advantage of file security mechanisms, backing up critical data and promptly reporting any misuse or violations of the policy. The College must abide by all data breach notification and response requirements as stipulated by law or regulation.
5. Commercial Use
Commercial use is one of the most common violations of acceptable use.
Here are some of the most common examples considered commercial use:
- Using a College system to host a web page for any business, including the users’ private consulting practice, unless given permission by an officer of the College to do so;
- Referring people to a College email address for commercial use (example: in print ads or public /private commercial web pages);
- Sending unauthorized email messages not related to the College’s mission or purpose to large numbers of recipients, especially to recipients external to the campus.
- There are laws against unsolicited commercial email. Violations can result in the College being blacklisted which may prevent the sending and receiving of email to and from College email systems.
- It is considered a violation of acceptable use to send substantially the same email message to more than 50 users.
- When the use has been approved by the system administrator or an officer of the College;
- When the mail uses majordomo, listserv, or another facility that has been specifically engineered to handle mailing lists without causing problems for the receiving In almost all cases, these systems will also allow users to join and leave lists themselves. Even for email to fewer than 50 users, users must abide by other restrictions. This includes the restriction against commercial use, and the general requirement that all activities must abide by the law.
6. Cooperation with System Administrators:
From time to time activities may interfere with or threaten the operation of the system, even though the activity may not clearly be prohibited by the Acceptable Use Policy for Technology Resources. In such cases, the Associate Vice President for IT and Facilities or his/her designee may contact the user to request a stop to the activity. Users are expected to comply with such instructions. Once a user has received such a warning, any further activity of the same kind will be treated as a violation of the Acceptable Use Policy for Technology Resources.
There may be times when activity may threaten the overall integrity, security and operation of information technology at the College. In this scenario, the Associate Vice President for IT and Facilities or his/her designee may terminate access or otherwise block the activity to prevent the loss of system integrity or operation. If the offending party is located and identified, an attempt will be made to notify the user if deemed appropriate without compromising on going security procedures.
If a user thinks the Associate Vice President for IT and Facilities or his/her designee has acted inappropriately in directing the cessation of an activity, the user may ask either the Provost or Vice President for Finance and Administration to review the decision.
However, users will be expected to comply with the initial determination of the Associate Vice President for IT and Facilities or his/her designee while this review occurs.
7. How to Report Infractions Involving Technology Systems:
The majority of reports should be made through normal College support channels (example: the ITS website). For more serious incidents, users or individuals may prefer to contact the Associate Vice President for IT and Facilities or the Director of ITS Infrastructure & Programming. For certain kinds of incidents, special reporting channels are appropriate. However, if users have trouble determining what approach to use, it is always appropriate to consult ITS information channels, the Associate Vice President for IT & Facilities, the Director of ITS Infrastructure & Programming or the Director of Safety and Security.
8. The College of Saint Rose File Sharing Supplement to the Acceptable Use and Copyright Policies:
The following information pertains to students, faculty, administrators, staff, guests of the College, and all users of College resources. Illegal music and movie file sharing and related copyright violations will not be tolerated at the College. If the College receives a reputable claim of copyright infringement, it will initiate an immediate investigation. If there is evidence that copyright infringement has occurred, access to network services will be terminated until the suspected violator meets with a College official to discuss the matter. If after an individual’s computer or other device is examined by College officials and the individual agrees to abide by all laws and College policies related to copyright, network access may be restored.
Repeat violations will be referred to the appropriate College judicial system or corrective action process. Violators may also be subject to civil and criminal fines and possible jail sentences. The College respects copyright and will cooperate with any lawful investigations related to possible copyright infringement.
Today’s technology allows for very easy tracking of music and movie file sharing over the College’s network. Copyright owners are able to detect the sharing of files on our network, including the date, time, file name and network port of the violation, and report this information to the College’s administration demanding immediate action. The College has implemented its own system to detect and deter the illegal sharing of music and movie files. Where appropriate, the complaint will be handled in accord with the notice and takedown procedures specified in §512 of the Digital Millennium Copyright Act.
Failure to comply with this Policy will be addressed through the College’s Corrective Action process, as noted in the College’s employee handbooks and/or union contracts. If warranted, an employee’s failure to comply will result in disciplinary action up to and including termination of employment. Failure to comply may also be a violation of civil/criminal law and may cause the employee to be subject to applicable penalties.