Barnard College Barnard College

Barnard College Acceptable Use Policy

Effective Date: November 12, 2013 

Executive Summary

Barnard College requires that all users accessing college resources abide by the standards of acceptable usage indicated within this policy.  This policy codifies appropriate usage, establishes the need for users to respect the rights of others and to be in compliance with all college policies, policies of external networks and resources, applicable local, state, federal and international laws and regulations.

Reason for the Policy

Barnard College provides information, data, and other resources. Responsible use of college resources is necessary to create and maintain an open community of responsible users based on mutual respect and cooperation, commitment to the integrity of resources, and compliance with all college policies and applicable local, state, federal and international laws and regulations.  This policy defines acceptable usage of Barnard College resources. 

Who Is Responsible for This Policy

Barnard's Vice President for Information Technology or her designee and the General Counsel are responsible for the maintenance of this policy and for responding to questions regarding this policy. The college reserves the right to amend this policy at any time.

Who Is Governed by This Policy 

This policy applies to all individuals who access, use, or control college resources.  Those individuals include, but are not limited to staff, faculty, students, those working on behalf of the college, guests, tenants, visitors, and individuals authorized by affiliated institutions and organizations.  

Policy Statement

The college’s resources are provided to support the education, research and service missions of the college. Inappropriate use of these resources threatens the atmosphere for the sharing of information, the free exchange of ideas, and a secure environment for creating and maintaining college resources.
 
This policy establishes the expectations for all users of the college’s resources.  It codifies appropriate usage, establishes the need for users to respect the rights of others and to be in compliance with college policies, policies of external networks and resources, applicable local, state, federal and international laws and regulations.
 
The college is not responsible for information residing on non-college resources or available over publicly accessible networks even if accessed via the college’s resources.  Such materials do not necessarily reflect the attitudes, opinions, or values of the college or its constituents.  The college reserves the right to modify or amend this policy and to limit or restrict the use of its resources at its sole discretion.

General Standards for Acceptable Use

  • The college’s resources should be used responsibly, ethically, and professionally while maintaining consistency with the mission of the college.
  • The college’s resources should be used in compliance with all Barnard policies, procedures, applicable local, state, federal and international laws and regulations.
  • Each user is responsible for the proper use of her or his account, protecting sensitive information, and any activity performed via their user account. Therefore, users should choose strong passwords and safeguard them by memorizing and not sharing, printing, writing or storing their passwords electronically.
  • Each user should limit their access to resources that they are explicitly authorized to access.
  • The owner of any device connected to the network is responsible for the security of and activity generated by that device. This includes any traffic, regardless of origin, that travels through such a device.  Users should ensure that the latest patches, software and antivirus updates are installed on their systems.  A device exhibiting the behavior of a malicious machine (e.g., having fallen victim to a virus, worm, or break-in) may be blocked from the network until it has been made secure.  Please refer to college  policy for guidance on maintaining the security of college resources.
  • College resources are provided for authorized use by the members of the college community and certain others primarily for the business of the college. Personal use of these systems by faculty and administrators should be limited to infrequent incidental use.
  • Copying, storing, displaying or distributing copyrighted material using college resources should only be done with the explicit permission of the copyright owner, except as otherwise allowed under copyright law.
  • Any resource intensive activity on a shared system should be coordinated with Barnard College Information Technology (BCIT) to help minimize impact to the system and other users. 
  • Users are required to report any sensitive data or resources, including personal devices, that may have been compromised by unauthorized access, loss, theft or other means to BCIT using the contact information below.
  • College resources should not be used for soliciting, proselytizing, or political activity.

Privacy and Data Protection 

  • Users should treat the contents of college resources as sensitive information and protect it accordingly.
  • Highly sensitive information (e.g., social security numbers, credit card information, personally identifiable information, etc.) must be safeguarded from unauthorized disclosure by Barnard’s approved policies and procedures.  Any questions or concerns regarding the handling of such information should be directed to BCIT and/or the college’s General Counsel.
  • System administrators and providers of college resources have the additional responsibility of ensuring the integrity, confidentiality, and availability of the resources they are managing.  Persons in these positions are granted significant trust and must use their privileges only as required to complete duties assigned to them.

Applicable Acts, Regulations, and Laws

Use of college resources are subject to many laws and regulations. Suspected violations of applicable law are subject to investigation by the college and possibly law enforcement officials.  Some of the applicable laws and regulations are as follows:

  • Family Education Rights and Privacy Act (FERPA):  a federal law that protects the privacy of student education records.
  • Federal Copyright Law: U.S. copyright law grants authors certain exclusive rights of reproduction, adaptation, distribution, performance, display, attribution and integrity to their creations, including works of literature, photographs, music, software, film and video. Violations of copyright laws include, but are not limited to, the making of unauthorized copies of any copyrighted material (such as commercial software, text, graphic images, audio and video recordings) and distributing copyrighted materials over computer networks or through other means.
  • Federal Wire Fraud Law: Federal law prohibits the use of interstate communications resources (phone, wire, radio, or television transmissions) to further an illegal scheme or to defraud.
  • Federal Computer Fraud and Abuse Law: Federal law prohibits unauthorized access to, or modification of information in computers containing national defense, banking, or financial information.
  • New York Computer Crime Law: New York law prohibits access to any computer system or network with the intent to interrupt an organization, or to perpetrate a fraud including the intentional and unauthorized publication of computer passwords.
  • New York Social Security Number Protection Law:  A New York State legislation placing limits on the use and dissemination of social security account numbers.
  • Payment Card Industry Data Security Standard (PCI DSS):  A set of requirements designed to ensure the protection of payment card data.
  • Defamation: Someone may seek civil remedies if they can show that they were clearly identified as the subject of defamatory messages and suffered damages as a consequence. Truth is a defense against charges of defamation.
  • Common law actions for invasion of privacy: Someone may seek civil remedies for invasion of privacy on several grounds.
  • Public disclosure of private facts: the widespread disclosure of facts about a person, even when true, may be deemed harmful enough to justify a lawsuit.
  • False light: a person wrongfully attributes views or characteristics to another person in ways that damage that person's reputation.
  • Wrongful intrusion: the law often protects those areas of a person's life in which they can reasonably expect they will not be intruded upon.

Enforcement

Violations of these policies are adjudicated according to the procedures defined in the student, faculty or employee policies and procedures and may result in the removal of resources access and/or more serious sanctions.

Definitions  

Data is a stored collection of information that may include symbols, words, sounds or images.  
 
Personally Identifiable Information is nonpublic information relating to an individual that reasonably identifies the individual and, if compromised, could cause significant harm to that individual or to the college.  Examples may include, but are not limited to, Social Security numbers, credit card numbers, bank account information, student grades or disciplinary information, salary or employee performance information, donations, patient health information, information that the college has agreed to keep confidential and account passwords or encryption keys used to protect access to confidential college data.
 
Proprietary Information is data, information, or intellectual property in which the college has an exclusive legal interest or ownership right, which, if compromised, could cause significant harm to the college.  Examples may include, but are not limited to, business planning information, financial information, trade secrets, copyrighted material, research or comparable materials from a third party that the college has agreed to keep confidential.
 
Resources include data, networks, computers, and other devices that store or display data, communication devices, and software used on such devices, paper files, and other resources provided by the college.
 
Sensitive Information is any information whose disclosure could cause harm to the college or its constituents including Personally Identifiable Information and Proprietary Information.
 
Users refer to faculty, staff, students and any other individuals that may have access to the college’s resources.

Cross Reference to Related Policies 

Data Privacy Policy

Contacts

For questions or comments: 
Barnard College Information Technology
Email: help@barnard.edu
Telephone: 212-854-7172 

Revision History

Policy Issued:  2013-11-12