Acceptable Use Standards

 

• Introduction
• STANDARD 1 - Appropriate Use of Facilities
• STANDARD 2 - Appropriate Use of Accounts
• STANDARD 3 - Appropriate Use of Accessible Materials
• STANDARD 4 - Reliability and Integrity of Facilities
• STANDARD 5 - Rules and Regulations
• STANDARD 6 - Proprietary Rights
• STANDARD 7 - Privacy
• STANDARD 8 - System Safeguards
• Statement Concerning Social Media
• Computer Usage and Copyrights
• Plan for compliancy with the unauthorized file-sharing provisions of the Higher Education Opportunity Act
• Guidelines for Safeguarding Personally Identifiable and Confidential Information from Unauthorized or Accidental Disclosure
• Information Security Plan
   

Introduction 

The purpose of this Statement is to reaffirm the Standards that apply to the acceptable use of ������Ƶ's computing and communication facilities, which include all computing, video, data and telecommunication hardware and software systems owned, leased, or granted to the University. 

These Standards are defined and established to assure the integrity, reliability and availability of our computing and communication facilities. The University is strongly committed to the goal of infusing advanced computer and communication technology into the fabric of the curriculum. Users are strongly encouraged to explore and use the University's computing and communication facilities within the limits of these standards.

The Standards set forth below apply to all users of ������Ƶ computing and communication facilities. Violations of any of these Standards may result in revocation of usage privileges and/or appropriate disciplinary action under the University's Campus Code of Conduct or applicable local, Federal and State laws and regulations (e.g., New Jersey Computer Crimes Act, N.J.S.A. 2C:20-23, et seq.).

The Standards of acceptable computer and communication usage follow below along with explanatory discussion of their intent and applicability. 

[Back to Top]

Standard 1 - Appropriate Use of Facilities

Authorized use of and access to the University's computing and communication facilities is intended and permitted solely to support the legitimate educational, administrative and mission-centered programs of the institution. The University may regularly review access logs of servers and networked devices to ensure appropriate utilization.

Discussion - Registered students may have access to these facilities for course-related instructional purposes. Members of the faculty and staff may have access to these facilities for institutionally recognized instructional or research purposes. Faculty and staff may also have access to administrative computing facilities, as needed, in accordance with their job responsibilities. Limited access to facilities may be granted to users such as Alumni Association members, government agencies, non-profit organizations, or organizations which support the interests and needs of the University based upon any usage guidelines established by the University. Resident students in good standing may have access to data and telecommunication facilities for personal use on a fee basis and pursuant to the “Housing Lease Agreement”.

Authorization - Authorization for use of and/or access to academic computing facilities is granted by the Chief Information Officer (CIO). Authorization for the use of and/or access to administrative computing facilities is granted by the Chief Information Officer (CIO) and the Director or supervisor of the organizational unit that is the recognized custodian of the data for which access is requested.

[Back to Top]

Standard 2 - Appropriate Use of Accounts

Computer accounts or other identifiers used to gain access to computer systems or data may be used only by the individual authorized to use the account or identifier and only for the purposes for which the account was granted.

Discussion - Accounts or facilities are not to be used for the transmission of commercial or personal advertisements, solicitations, promotions, or for personal monetary gain that is inconsistent with University policy or federal and/or state statutes. 

Credential Disclosure - Users shall not disclose the password associated with an account or otherwise make an account, computer system or data available to others who have not been authorized to use the account, computer system or data. Users are responsible for all usage of their accounts and/or PINs and are expected to take appropriate safeguards to assure that their account passwords and/or PINs are not known to others. 

[Back to Top]

Standard 3 - Appropriate Use of Accessible Materials

Users shall observe discretion when viewing materials using the University’s computing and communication facilities.

Discussion - Censorship is not compatible with the goals of ������Ƶ; however, some computers may be dedicated to specific research or teaching missions that limit their use. The University does not limit access to any information due to its content when it meets the standard of legality and is viewed in a proper time, place and manner.

Restricted Content - Forms of expression that are not protected by the First Amendment and, therefore, subject to appropriate restrictions and/or referral to authorities by the University include: obscene material, child pornography or other material that violates local, state or federal statutes.

[Back to Top]

Standard 4 - Reliability and Integrity of Facilities

Computer and communication facility users shall not knowingly develop, use, or transmit through the University's facilities, programs, or data any technology that interferes with, infiltrates or damages facilities, or violates any law or regulation. Similarly, implementing methods that mask network traffic for unauthorized or unlawful purposes is in violation of the Acceptable Usage Standards. Privileged, sensitive, confidential, and/or personally identifiable information (PII) may not be exfiltrated from University systems, or transmitted to third parties without a fully executed Confidentiality and Non-disclosure agreement in place.

Discussion - Computer and communication users shall use great care that they do not use programs or utilities or engage in actions that interfere with, infiltrate or damage facilities. 

User Conduct - User shall not engage in any activity that may lead to unauthorized access to systems, accounts or data. Additionally, users must not attempt to circumvent or subvert system or network security measures. Any defects discovered in system security shall be reported immediately to the Chief Information Officer. 

[Back to Top]

Standard 5 - Rules and Regulations

It is prohibited to use electronic communication facilities such as mail, phone, Internet, or systems with similar functions to send fraudulent, harassing, obscene, indecent, profane, intimidating, or unlawful messages that are sufficiently severe, pervasive, or persistent and are objectively offensive as to substantially disrupt or undermine a person’s ability to participate in or receive the benefits, services, or opportunities of the University. Additionally, users are prohibited from using electronic communication facilities to access or attempt to access remote computing facilities without authorization from the remote site.

Discussion - Use of and access to computing and communication facilities, including computing laboratories, computer networks, telephony equipment, and remote facilities accessed through local or wide area networks must be used in accordance with the University’s rules and regulations and not create a hostile work or educational environment based on severe or pervasive conduct. 

User Conduct - Users shall adhere to the rules and regulations governing the use of facilities and equipment and the “Campus Code of Conduct”.

[Back to Top]

Standard 6 - Proprietary Rights

Users shall respect and observe proprietary rights associated with software, data, and documents.

Discussion - Computer software, documents or files protected by copyright are not to be copied from or into computing facilities, except as permitted by license or law. Additionally, the number of copies and the distribution of copies must adhere to copyright restrictions and/or provisions. Further, type written or machine-readable documents protected by copyright are not to be reproduced or copied, unless permitted by the copyright owner or legally accepted “fair use”.

[Back to Top]

Standard 7 - Privacy

Users shall respect the privacy of other users.

Discussion - Computer users shall not attempt or knowingly seek, provide, view, use, delete, or modify information in, or obtain copies of files or programs belonging to other computer or telephony users without the permission of those users. Searching through non-public directories, libraries, or any other storage media to find unauthorized information is likewise prohibited. Further, computer users must not use the facilities to plagiarize or claim the intellectual or literary property of others.

Specifics - Users granted access to administrative data in which individuals are identifiable must respect the confidentiality of the data as well as any federal/state statutory requirements. Disclosure of data pertaining to students, for example, should be in accordance with the “Family Rights and Privacy Act”. Additionally, financial data should be protected in accordance with Federal Trade Commission (FTC) Regulation 16 CRT Part 314.

Any personally identifiable or otherwise confidential data that is stored on personal computers, removable storage devices, or transmitted via email or electronically transferred must be protected by strong passwords and/or encryption. (See “Guidelines for Safeguarding Personally Identifiable and Confidential Information from Unauthorized or Accidental Disclosure”).

Security systems are in place on most facilities to prevent unwanted or unauthorized access. Any defects or weaknesses discovered in the security systems should be immediately reported to the Chief Information Officer or appropriate authority in cases not involving facilities under the auspices of Information Technology Services. Under no circumstances shall computer or telephony users, other than authorized system administrators, access or attempt to access system security programs or files.

Users of e-mail should be aware that electronic mail is recognized as the equivalent of a formal memorandum. The University’s e-mail systems are used to store and forward official University documents, and support the academic and administrative operations of the University. E-mail system files and messages are backed up to tape regularly as a precaution against accidental loss or hardware failure. As such, email may contain privileged, sensitive, confidential, and/or personally identifiable information (PII). The duplication and/or exfiltration of institutional data containing any of the aforementioned properties is strictly prohibited, and may result in the violation of federal regulations including FERPA and HIPAA.

Users are permitted to use their electronic mail account to receive limited unofficial or personal correspondence, provided such use does not adversely impact upon essential academic and administrative usage. E-mail and other electronic communication systems may not be highly secure. Users are therefore advised not to consider any of their work or personal e-mail and electronic communication correspondence on University servers to be private.

The University reserves the right to inspect the content of electronic files when it has reasonable belief that the content of material would violate university policy, state, or federal law. The University retains the right to review the content of any files when the content of such files is likely to be material to the alleged violation or in the death, illness, or separation of a user. The contents of the University’s e-mail and electronic communication systems may be subject to disclosure under a subpoena or other written request pursuant to authorized procedures, including requests made pursuant to the “Open Public Records Act” (OPRA).

System administrators, operators and certain authorized technical staff may be allowed full access to files and programs during maintenance, routine backup operations, or in acting to fulfill assigned duties or safeguard the integrity and reliability of computing and communication facilities. Staff members who are authorized such access shall respect the confidentiality of data stored. In the event that unauthorized computer or telephony system use is suspected, the staff member who detects or is informed of the suspected violation must notify the Chief Information Officer or appropriate authority (See STANDARD 8).

[Back to Top]

Standard 8 - System Safeguards

Computing and communication facilities will be safeguarded to maintain the overall integrity and ensure reliability to all users.

Discussion - Where, in the judgment of the Chief Information Officer (CIO) or appropriate authority, an alleged violation of these Standards or other regulations presents a risk to the integrity of the University's computing and communication facilities and/or the orderly conduct of the operation, an individual’s access and use privileges may be suspended on an interim basis and a hearing may be held pursuant to the procedure described in the “Campus Code of Conduct”. 

User Conduct - Alleged violations also may be resolved informally pursuant to the procedure described in the “Campus Code of Conduct” under Informal Resolution or through the independent administrative action of the Chief Information Officer (CIO) or an appropriate authority, provided both parties agree to resolve the case in this manner.

[Back to Top]

Statement Concerning Social Media

������Ƶ is dedicated to the dissemination of knowledge, the pursuit of truth, the development of students, and the general well-being of society. We ask that members of the community observe the standards put forth in the Campus Code of Conduct (CCC), as well as in the Standards Concerning the Acceptable Usage of ������Ƶ’s Computing Facilities, when using social media platforms.

Campus Conduct - The “Campus Code of Conduct" outlines several principles including five core values: integrity, community, social justice, respect, and responsibility. These core values should be considered and observed while using social media platforms to avoid creating a hostile environment for other members of the campus community. Abusive behavior within a social media platform by a member of the campus community may violate the terms set forth in these agreements. Laws and ������Ƶ policies governing inappropriate conduct such as sexual (or other) harassment, bullying and discrimination apply to social media, blogging and texting; see the University’s Discrimination Policies for employees and students for more details. In the Campus Code of Conduct, this is referred to as “Off Campus Actions and Behaviors”. 

Please note, ������Ƶ does not routinely search social media for violations of University policy. If behavior that appears to be in violation of policy is brought to our attention, the report will be investigated to the extent practical. 

If you are receiving threats or believe yourself to be in immediate danger, please contact the ������Ƶ Police Department. For all other incidents, please report inappropriate content to the Care & Community Standards Office. Further questions about the standards can be addressed to the Chief Information Officer via email at cio@stockton.edu.

[Back to Top]