Kingsborough Community College Policy on Acceptable Use of Computer Resources Introduction
Kingsborough’s computer resources are dedicated to the support of the college’s mission of education, research and public service. In furtherance of this mission, Kingsborough respects, upholds and endeavors to safeguard the principles of academic freedom, freedom of expression, and freedom of inquiry.
Kingsborough recognizes that there is a concern among the college community that because information created, used, transmitted, or stored in electronic form is by its nature susceptible to disclosure, invasion, loss, and similar risks, electronic communications and transactions will be particularly vulnerable to infringements of academic freedom. Kingsborough’s commitment to the principles of academic freedom and freedom of expression includes electronic information. Therefore, whenever possible, Kingsborough will resolve doubts about the need to access Kingsborough computer resources in favor of the user’s privacy interest.
However, the use of Kingsborough computer resources, including for electronic transactions and communications, like the use of other college–provided resources and activities, is subject to the requirements of legal, ethical, and moral behavior. This policy is intended to support the free exchange of ideas among members of the Kingsborough community and between the Kingsborough community and other communities, while recognizing the responsibilities and limitations associated with such exchange.
This policy applies to all users of Kingsborough computer resources, whether affiliated with Kingsborough or not, and whether accessing those resources on a Kingsborough campus or remotely.
“Kingsborough Computer resources” refers to all computer and information technology hardware, software, data, access and other resources owned, operated, or contracted by Kingsborough Community College. This includes, but is not limited to, personal computers, handheld devices, workstations, mainframes, minicomputers, servers, network facilities, databases, memory, and associated peripherals and software, and the applications they support, such as e–mail and access to the internet.
“E–mail” includes point–to–point messages, postings to newsgroups (available outside the college) and listservs (for both faculty & staff and students), and all other electronic messages involving computers and computer networks.
Rules for Use of Kingsborough Computer Resources
1.Authorization. Users may not access a Kingsborough computer resource without authorization or use it for purposes beyond the scope of authorization. This includes attempting to circumvent Kingsborough computer resource system protection facilities by hacking, cracking or similar activities, accessing or using another person’s computer account, and allowing another person to access or use the user’s account. This provision shall not prevent a user from authorizing a colleague or clerical assistant to access information under the user’s account on the user’s behalf while away from a Kingsborough campus or because of a disability. Kingsborough computer resources may not be used to gain unauthorized access to another computer system within or outside of Kingsborough. Users are responsible for all actions performed from their computer account that they permitted or failed to prevent by taking ordinary security precautions.
2. Purpose. Use of Kingsborough computer resources is limited to activities relating to the performance by Kingsborough employees of their duties and responsibilities. For example, use of Kingsborough computer resources for private commercial or not–for–profit business purposes, for private advertising of products or services, or for any activity meant solely to foster personal gain, is prohibited. Similarly, use of Kingsborough computer resources for partisan political activity is also prohibited.
Except with respect to Kingsborough employees other than faculty, where a supervisor has prohibited it in writing, incidental personal use of computer resources is permitted so long as such use does not interfere with Kingsborough operations, does not compromise the functioning of Kingsborough computer resources, does not interfere with the user’s employment or other obligations to Kingsborough, and is otherwise in compliance with this policy.
3. Compliance with Law. Kingsborough computer resources may not be used for any purpose or in any manner that violates Kingsborough Community College rules, regulations or policies, or any federal, state or local law. Users who engage in electronic communications with persons in other states or countries or on other systems or networks may also be subject to the laws of those other states and countries, and the rules and policies of those other systems and networks. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular use.
Examples of applicable federal and state laws include the laws of libel, obscenity and child pornography, as well as the following:
o Family Educational Rights and Privacy Act
o Electronic Communications Privacy Act
o Computer Fraud and Abuse Act
o New York State Freedom of Information Law
o New York State Law with respect to the confidentiality of library records
Examples of applicable Kingsborough rules and policies include the following:
o Sexual Harassment Policy
o Policy on Maintenance of Public Order
o Gramm–Leach–Bliley Information Security Program
o University Policy on Academic Integrity
o College and University Information Security policies
4. Licenses and Intellectual Property. Users of Kingsborough Community College computer resources may use only legally obtained, licensed data or software and must comply with applicable licenses or other contracts, as well as copyright, trademark and other intellectual property laws.
Much of what appears on the internet and/or is distributed via electronic communication is protected by copyright law, regardless of whether the copyright is expressly noted. Users of Kingsborough computer resources should generally assume that material is copyrighted unless they know otherwise, and not copy, download or distribute copyrighted material without permission unless the use does not exceed fair use as defined by the federal Copyright Act of 1976. Protected material may include, among other things, text, photographs, audio, video, graphic illustrations, and computer software.
5. False Identity and Harassment. Users of Kingsborough computer resources may not employ a false identity, mask the identity of an account or computer, or use computer resources to engage in abuse of others, such as sending harassing, obscene, threatening, abusive, deceptive, or anonymous messages within or outside Kingsborough.
6. Confidentiality. Users of Kingsborough computer resources may not invade the privacy of others by, among other things, viewing, copying, modifying or destroying data or programs belonging to or containing personal or confidential information about others, without explicit permission to do so. Kingsborough employees must take precautions to protect the confidentiality of personal or confidential information encountered in the performance of their duties or otherwise.
7. Integrity of ComputerNetwork and Resources. Users may not install, use or develop programs, nor hardware, intended to infiltrate or damage a computer resource(s), or which could reasonably be expected to cause, directly or indirectly, excessive strain on any computing facility. This includes, but is not limited to, programs known as computer viruses, Trojan horses, and worms, and any computer hardware not purchased and installed by college personnel. Users should consult with the CIO before installing any programs that they are not sure are safe. Under no circumstances should any noncollege equipment be installed, connected, or in anyway mated to college equipment.
8. Disruptive Activities. Kingsborough computer resources must not be used in a manner that could reasonably be expected to cause or does cause, directly or indirectly, unwarranted or unsolicited interference with the activity of other users. This provision explicitly prohibits chain letters, virus hoaxes or other intentional e–mail transmissions that disrupt normal e–mail service. Also prohibited are spamming, junk mail or other unsolicited mail that is not related to Kingsborough business and is sent without a reasonable expectation that the recipient would welcome receiving it, as well as the inclusion on e–mail lists of individuals who have not requested membership on the lists, other than the inclusion of members of the Kingsborough community on lists related to Kingsborough business. Kingsborough has the right to require users of Kingsborough computer resources to limit or refrain from other specific uses if, in the opinion of the CIO or VicePresident of Administration or the Dean of Students, such use interferes with efficient operations of the system, subject to appeal to thePresident.
9. Kingsborough Names and Trademarks. Kingsborough names, trademarks and logos belong to the college and are protected by law. Users of Kingsborough computer resources may not state or imply that they speak on behalf of Kingsborough or use a Kingsborough name, trademark or logo without authorization to do so. Affiliation with Kingsborough does not, by itself, imply authorization to speak on behalf of Kingsborough.
10.Security. Kingsborough employs various measures to protect the security of its computer resources and of users’ accounts. However, Kingsborough cannot guarantee such security. Users are responsible for engaging in safe computing practices such as guarding and not sharing their passwords, changing passwords regularly, logging out of systems at the end of use, and protecting private information, as well as for following Kingsborough’s Information Security policies and procedures. Users must report incidents of Information Security policy non–compliance or other security incidents toKingsborough’sChiefInformationOfficer.
11. Email/password usage advisory.
Whether information of a sensitive-nature is transported via e-mail, either as text or as an attachment, we remind our constituents to adhere to the following practices.
Passwords, PIN or any type of security or access code should not be transmitted as part of an e-mail message (either as in-line text or attachment) without the data being encrypted. The decryption key must be transmitted separately from the encrypted data. The communication of passwords, PIN, or other type of security or access code should be communicated over a land-based telephone line or secured wireless telephone equipment.Transmission of other private or sensitive information should be handled similarly to passwords, PIN, or any type of security or access code. Private or sensitive information would be data elements or collection of data elements that could be used to attribute directly to an individual. Examples would include, but are not limited to, social security number, drivers' license number, credit/debit card numbers, salary, and medical information.
In some cases, electronic mail messages created from CUNY electronic mail systems are automatically forwarded to non-CUNY electronic mail systems. This practice potentially exposes private or sensitive information to the public Internet or misuse or diversion on non-CUNY provided computers. Kingsborough does not allow and encourage automatic forwarding since sensitive information could be a part of email messages and/or attachments. All official transactions with Student Community, Staff and Faculty should be performed using college provided email accounts to ensure securing non public information. The following two rules govern the use of Email Groups for sending email to Staff or Faculty:
1. The sender is part of the approved sender list;
2. The Email Group mailing may only be carried out using and within the campus email system.
Sometimes individuals are asked to disclose their passwords because of absences (planned or otherwise) from the office. The practice of sharing passwords is not allowed and computer access should only be allowed through a user ID belonging to a specific individual.
12.Filtering. Kingsborough reserves the right to install spam, virus and spyware filters and similar devices if necessary in the judgment of Kingsborough’s Office of Information Technology to protect the security and integrity of Kingsborough computer resources. Notwithstanding the foregoing, Kingsborough will not install filters that restrict access to email, instant messaging,chatrooms or websites based solely on content.
13.Confidential Research Information. Principal investigators and others who use Kingsborough computer resources to store or transmit research information that is required by law or regulation to be held confidential or for which a promise of confidentiality has been given, are responsible for taking steps to protect confidential research information from unauthorized access or modification. In general, this means storing the information on a computer that provides strong access controls (passwords) and encrypting files, documents, and messages for protection against inadvertent or unauthorized disclosure while in storage or in transit over data networks. Robust encryption is strongly recommended for information stored electronically on all computers, especially portable devices such as notebook computers, Personal Digital Assistants (PDAs), and portable data storage (e.g., memory sticks) that are vulnerable to theft or loss, as well as for information transmitted over public networks. Software and protocols used should be reviewed and approved by Kingsborough’sOfficeofInformationTechnology.
14.Kingsborough Access to Computer Resources. Kingsborough does not routinely monitor, inspect, or disclose individual usage of its computer resources without the user’s consent. In most instances, if the college needs information located in a Kingsborough computer resource, it will simply request it from the author or custodian. However, Kingsborough IT professionals and staff do regularly monitor general usage patterns as part of normal system operations and maintenance and might, in connection with these duties, observe the contents of web sites, email or other electronic communications. Except as provided in this policy or by law, these individuals are not permitted to seek out contents or transactional information, or disclose or otherwise use what they have observed. Nevertheless, because of the inherent vulnerability of computer technology to unauthorized intrusions, users have no guarantee of privacy during any use of Kingsborough computer resources or in any data in them, whether or not a password or other entry identification or encryption is used. Users may expect that the privacy of their electronic communications and of any materials contained in computer storage in any Kingsborough electronic device dedicated to their use will not be intruded upon by Kingsborough except as outlined in this policy.
Kingsborough may specifically monitor or inspect the activity and accounts of individual users of Kingsborough computer resources, including individual login sessions, e–mail and other communications, without notice, in the following circumstances:
a. when the user has voluntarily made them accessible to the public, as by posting to Usenet or a web page;
b. when it is reasonably necessary to do so to protect the integrity, security, or functionality of Kingsborough or other computer resources, as determined by the college chief information officer or his or her designee, after consultation with Kingsborough’s chief information officer or his or her designee;
c. when it is reasonably necessary to diagnose and resolve technical problems involving system hardware, software, or communications, as determined by the college chief information officer or his or her designee, after consultation with Kingsborough’s chief information officer or his or her designee;
d. when it is reasonably necessary to protect Kingsborough from liability, or when failure to act might result in significant bodily harm, significant property loss or damage, or loss of significant evidence, as determined by the college president or a vice president designated by the president, after consultation with the Office of General Counsel and the Dean of Faculty (if a Kingsborough faculty member’s account or activity is involved)
e. when there is a reasonable basis to believe that Kingsborough policy or federal, state or local law has been or is being violated, as determined by the college president or a vice president designated by the president, after consultation with the Office of General Counsel and the Dean of Faculty (if a Kingsborough faculty member’s account or activity is involved)
f. when an account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns, as determined by the college president or a vice president designated by the president and the college chief information officer or his or her designee, after consultation with Kingsborough’s chief information officer or his or her designee, the Office of General Counsel, and the Dean of Faculty (if a Kingsborough faculty member’s account or activity is involved)
g. as otherwise required by law or law enforcement.
In those situations in which the Dean of Faculty is to be consulted prior to monitoring or inspecting an account or activity, the following procedures shall apply: (i) the college president shall report the completion of the monitoring or inspection to the Department Chair or Director and the Kingsborough employee affected, who shall also be told the reason for the monitoring or inspection, except where specifically forbidden by law; and (ii) if the monitoring or inspection of an account or activity requires physical entry into a faculty member’s office, the faculty member shall be advised prior thereto and shall be permitted to be present to observe, except where specifically forbidden by law.
A Kingsborough employee may apply to the General Counsel for an exemption from some or all of the circumstances under which Kingsborough may inspect and monitor computer resource activity and accounts, pursuant to subparagraphs (a)–(f) above, with respect to a Kingsborough computer resource used solely for the collection, examination, analysis, transmission or storage of confidential research data. In considering such application, the General Counsel shall have the right to require the employee to affirm in writing that the computer resource(s) will be used solely for the confidential research. Any application for exemption should be made prior to using the computer resource for the confidential research.
Kingsborough, in its discretion, may disclose the results of any general or individual monitoring or inspection to appropriate Kingsborough personnel or agents, or law enforcement or other agencies. The results may be used in college disciplinary proceedings, discovery proceedings in legal actions, or otherwise as is necessary to protect the interests of the College.
In addition, users should be aware that Kingsborough may be required to disclose to the public under the New York State Freedom of Information Law communications made by means of Kingsborough computer resources in conjunction with College business.
Any disclosures of activity of accounts of individual users to persons or entities outside of Kingsborough, whether discretionary or required by law, shall be approved by the General Counsel and shall be conducted in accordance with any applicable law. Except where specifically forbidden by law, Kingsborough employees subject to such disclosures shall be informed promptly after the disclosure of the actions taken and the reasons for them.
The Office of General Counsel shall issue an annual statement of the instances of account monitoring or inspection that fall within categories (d) through (g) above. The statement shall indicate the number of such instances and the cause and result of each. No personallyidentifiable data shall be included in this statement.
15.Enforcement. Violation of this policy may result in suspension or termination of an individual’s right of access to Kingsborough computer resources, disciplinary action by appropriate Kingsborough authorities, referral to law enforcement authorities for criminal prosecution, or other legal action,including action to recover civil damages and penalties.
Violations will normally be handled through college disciplinary procedures applicable to the relevant user. For example, alleged violations by students will normally be investigated, and any penalties or other discipline will normally be imposed, by the Dean of Students.
Kingsborough has the right to temporarily suspend computer use privileges and to remove from Kingsborough computer resources material it believes violates this policy, pending the outcome of an investigation of misuse or finding of violation. This power may be exercised only by the President of each college or the Chancellor.
16.Additional Rules. Additional rules, policies, guidelines and/or restrictions may be in effect for specific computers, systems, or networks, or at specific computer facilities at the discretion of the directors of those facilities. Any such rules which potentially limit the privacy or confidentiality of electronic communications or information contained in or delivered by or over Kingsborough computer resources will be subject to the substantive and procedural safeguards provided by this policy.
17.Disclaimer. Kingsborough shall not be responsible for any damages, costs or other liabilities of any nature whatsoever with regard to the use of Kingsborough computer resources. This includes, but is not limited to, damages caused by unauthorized access to Kingsborough computer resources, data loss, or other damages resulting from delays, non– deliveries, or service interruptions, whether or not resulting from circumstancesundertheKingsborough’scontrol.
Users receive and use information obtained through Kingsborough computer resources at their own risk. Kingsborough makes no warranties (expressed or implied) with respect to the use of Kingsborough computer resources. Kingsborough accepts no responsibility for the content of web pages or graphics that are linked from Kingsborough web pages, for any advice or information received by a user through use of Kingsborough computer resources, or for any costs or charges incurred by a user as a result of seeking or accepting such advice or information.
Kingsborough reserves the right to change this policy and other related policies at any time. Kingsborough reserves any rights and remedies that it may have under any applicable law, rule or regulation. Nothing contained in this policy will in any way act as a waiver of such rights and remedies.