Barnard College Barnard College

Barnard College Acceptable Use Policy

November 14, 2013

Updated: November 14, 2023

 

This policy governs the acceptable use of Barnard College’s resources, which are broadly defined as set forth below. All faculty, staff, and students must follow this policy when using College resources, and other College constituents are subject to the policy as set forth below. The College reserves the right to restrict the use of College resources at the College’s sole discretion, and the College may change this policy at any time without notice.

Executive Summary

Barnard College requires that all users accessing college resources abide by the standards of acceptable usage set forth in this policy.  This policy defines appropriate usage of College resources in order to ensure that all users respect the rights of others, maintain the integrity of College resources, and comply with all College policies, the policies of applicable external resources, and applicable local, state, federal, and international laws and and regulations.

Who is Responsible for this Policy

The Barnard College General Counsel, working with the Executive Director for IT, or their designee(s), is responsible for the maintenance of this policy and for responding to questions regarding this policy.

Who is Governed by this Policy

This policy applies to all individuals who access, use, or control College resources. These individuals include, but are not limited to, faculty, staff, students, those working on behalf of the College, guests, tenants, visitors, and individuals authorized to use College resources by affiliated institutions and organizations.  

Policy Statement

The College provides resources to support the mission of the College. Inappropriate use of these resources threatens the mission of the College. This policy establishes expectations for all users of the College’s resources by defining appropriate usage. The College is not responsible for non-College resources, including but not limited to information residing on the Internet, even if those non-College resources are accessed through the College’s networks. The College owns all College resources, and College resources may be accessed by the College General Counsel and her designees as needed to ensure appropriate use, investigate inappropriate use, ensure compliance with applicable laws and policies, and file and respond to litigation.

Definitions

  • Data: A stored collection of information that may include words, numbers, symbols, sounds, or images.  
  • Device: Any personal computer, laptop, mobile phone, tablet, server, terminal, printer, appliance, or other accessory that contains data or is able to access College networks and/or the Internet. 
  • Personally Identifiable Information: Nonpublic data relating to an individual that reasonably identifies the individual and, if compromised, could cause significant harm to that individual or to the College. Examples may include, but are not limited to, Social Security numbers, credit card numbers, bank account information, student grades or disciplinary information, salary or employee performance information, donations, patient health information, information that the College has agreed to keep confidential, and account passwords or encryption keys used to protect access to confidential College data.
  • Proprietary Information: Data or intellectual property in which the College has an exclusive legal interest or ownership right, which, if compromised, could cause significant harm to the College. Examples may include, but are not limited to, business planning documents, financial data, trade secrets, copyrighted material, and research or comparable materials from a third party that the College has agreed to keep confidential.
  • Resources: Any resources provided by the College to College constituents including, but not limited to, physical space, virtual space, furniture, library materials, other materials and supplies, services, systems, data, computer and telephone networks, network accounts, electronic accounts, devices, software, databases, and paper files.
  • Sensitive Information: Any data which, if disclosed, could cause harm to the College or College constituents, including Personally Identifiable Information and Proprietary Information
  • Users: All individuals who access, use, or control College resources. These individuals include, but are not limited to, faculty, staff, students, those working on behalf of the College, guests, tenants, visitors, and individuals authorized to use College resources by affiliated institutions and organizations.

General Standards for Acceptable Use

  • College resources must be used responsibly, ethically, and professionally to support the mission of the College.
  • College resources must be used in compliance with all Barnard policies and procedures and applicable local, state, federal, and international laws and regulations.
  • Users may use only those College resources that the College explicitly authorizes them to access.
  • College resources are provided for purposes related to the mission of the College. Personal use of College resources must be limited to infrequent incidental use.
  • Users are responsible for the proper use of College resources, including the use of personal electronic and network accounts provided by the College and the College’s affiliates and any activities performed through those accounts. When using these personal accounts, users must choose strong passwords and must not share their password with others.
  • The owner of any device connected to College networks is responsible for the security of and activity generated by that device. This includes any traffic, regardless of origin, that travels through such a device.  Users must ensure that the latest patches, software, and antivirus updates are installed on their devices.   
  • When using devices managed by the College, users must not tamper with any security controls, such as anti-malware software, security patching schedules, and restrictions on administrative privileges. When using devices owned by the College but not managed by the College, users are responsible for maintaining the security of those devices. Visit the BCIT Service Portal or contact Barnard College Information Technology (BCIT) for guidance and recommendations regarding secure computing practices. 
  • The College will block from the network any device exhibiting the behavior of a malicious machine (e.g., having fallen victim to a virus, worm, or break-in) until the device has been made secure.
  • Copying, storing, displaying, or distributing copyrighted material using College resources may be done only with the explicit permission of the copyright owner, except as otherwise permitted under copyright law.
  • Any resource-intensive activity on a shared computer system must be coordinated with BCIT to minimize the impact on the system and other users. 
  • Users are required to report to BCIT any resources, including personal devices, that may have been compromised by unauthorized access, loss, theft, or other means.
  • Users may not use College resources to: 
    • Solicit, proselytize, or conduct political activity.
    • Intimidate, harass, threaten, or otherwise do harm to other users including, but not limited to, doxing/doxxing, cyberbullying, creating deep fakes, cyberstalking, and non-consensual image use or impersonation.
    • Violate the privacy of other users. 
    • Log into an account or access College data that the user is not authorized to access.
    • Use the College network to gain unauthorized access to a device or College data or to escalate privileges on a device.
    • Intercept or monitor College data not intended for the user.
    • Attempt to avoid the user authentication or security of devices.
    • Allow any unauthorized person to use College devices.
    • Violate the policies of external networks and resources while using such external resources.
    • Create or intentionally release computer viruses or worms or otherwise compromise a device.

Privacy and Data Protection

  • Users should protect College resources.
  • Barnard approved policies and procedures are designed to prevent the unauthorized disclosure of personally identifiable information and other sensitive information. Any questions or concerns regarding the handling of such information should be directed to BCIT and/or the College’s General Counsel.
  • System administrators and other providers of College resources are responsible for ensuring the integrity, availability, and, when appropriate, confidentiality of the resources they are managing. Persons in these positions are granted significant trust and must use their privileges only as required to complete duties assigned to them by the College. Systems administrators are prohibited from having user access privileges or compensatory controls in order to ensure the integrity of systems; the College segregates duties whenever appropriate.

Applicable Acts, Regulations, and Laws

Use of College resources are subject to College policies and federal, state, and international laws and regulations, including, but not limited to, the Family Education Rights and Privacy Act (FERPA) and laws related to copyright, wire fraud, computer abuse, invasion of privacy, defamation, and protection of private information. Suspected violations of applicable law will be investigated by the College and, when appropriate, referred to law enforcement officials. 

Cross Reference to Related Policies

Data Privacy Policy

Data Access Policy

Confidentiality Policy

Political Activity Policy

Contacts

For questions or comments:

Barnard College General Counsel

Web:  https://barnard.edu/general-counsel

Email: kveteri@barnard.edu

Telephone: 212-853 -7825

Barnard College Service Desk

Policy Updates

The College reserves the right to change or amend this policy at any time.

Revision History

Policy Issued:  2013-11-14

Policy Revised: 2023-11-14