º£½Ç´óÉñ

Statement

Users of Mount Holyoke College (º£½Ç´óÉñ) information resources have an obligation and responsibility to properly use and protect those resources and to respect the rights of others.

Information technology tools are powerful enabling technologies for accessing and distributing the information and knowledge developed at the College and elsewhere. They are strategic resources for meeting the current and future needs of the College. All º£½Ç´óÉñ Community members must be mindful of the rights, privacy, and intellectual property of other º£½Ç´óÉñ Community members when making use of or accessing information and technology resources granted to them by the College. This policy codifies what the College considers appropriate usage of information and technology resources with respect to the rights of others. The privilege to use the information resources of the College carry responsibilities outlined in this policy.

Scope / Responsibilities

This policy is applicable to all Mount Holyoke College students, faculty, staff, affiliates, and others granted use of information and technology resources and institutional data owned, managed, or otherwise provided by º£½Ç´óÉñ. This policy refers to College information and technology resources whether individually controlled or shared, networked, or stand-alone, or hosted by third-party service providers. It applies to all information systems and services owned, leased, operated, or contracted for use by the College.

Information Technology includes but is not limited to hardware and software, email domains, cloud services, wireless devices, personal computers, and other related services, and any use of the organization’s network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network or service, whether used for administration, research, teaching or other purposes.

Institutional Data includes but is not limited to, all data created, collected, maintained, recorded, processed, or managed by º£½Ç´óÉñ, its faculty, staff, and agents working on its behalf. It includes data used for planning, managing, operating, controlling, or auditing the functions of º£½Ç´óÉñ, and also includes research data that contains personally identifiable subject information, proprietary information, and trade secrets (collectively "Institutional Data"). The definition of Institutional Data is not intended to alter the ownership of such data.

External guest Users who are granted the privilege of using º£½Ç´óÉñ’s information technology resources and/or accessing institutional data must be held to the same standards as º£½Ç´óÉñ Users.

Policy

Introduction

As a part of the institution’s physical facilities, academic and social infrastructure, º£½Ç´óÉñ provides and maintains Information Technology and Institutional Data to support the needs and mission of the community. These resources are owned, leased, or contracted for use by º£½Ç´óÉñ, and intended for º£½Ç´óÉñ-related purposes. The purpose of the Acceptable Use Policy ("Policy") is to establish and promote the legal, secure, and ethical use of Information Technology and Institutional Data by all members of the º£½Ç´óÉñ community, and to provide guidelines that protect º£½Ç´óÉñ’s Information Technology and Institutional Data from inappropriate use and Institutional Data from unauthorized disclosure, while also preserving the information sharing requirements of an academic institution, and confidentiality integrity and availability of its resources. This Policy also lays the foundation for the common understanding of privacy and information security at the College. This Policy is meant to complement existing º£½Ç´óÉñ Community Standards, Code of Ethical Conduct and all other º£½Ç´óÉñ policies.

Policy statement

The rights of academic freedom and freedom of expression apply to the use of º£½Ç´óÉñ’s Information Technology and Institutional Data, as do the responsibilities and limitations associated with those rights. The use of º£½Ç´óÉñ Information Technology and Institutional Data resources, like the use of any other º£½Ç´óÉñ- provided resource or º£½Ç´óÉñ-related activity, is subject to the normal requirements of legal and ethical behavior within the º£½Ç´óÉñ community. It is the expectation of º£½Ç´óÉñ that all Users conduct themselves ethically, honestly, and with integrity, as stated in the Code of Ethical Conduct. Any use that disturbs or negatively impacts other Users or º£½Ç´óÉñ’s mission is prohibited.

Users no longer employed by, under contract with, or attending º£½Ç´óÉñ are responsible for returning all º£½Ç´óÉñ-owned information technology resources to Library, Information, & Technology Services. Users are expected to comply with instructions regarding the return of and/or destruction of all º£½Ç´óÉñ-owned information.

Acceptable use

All Users of º£½Ç´óÉñ Information Technology and Institutional Data resources must:

• Adhere to the Code of Ethical Conduct
• Adhere to all applicable laws, regulations, º£½Ç´óÉñ policies, rules, contracts, and licensing agreements.
• Use the technology resources supplied by º£½Ç´óÉñ in a manner and to the extent consistent of the User’s roles and responsibilities.
• Only perform actions that will not jeopardize the confidentiality, integrity, and availability of º£½Ç´óÉñ Information Technology and Institutional Data.
• Respect the rights, privacy, and property of others.

Users of data and technology resources are responsible for the content of their individual communications and are subject to any personal liability resulting from that use. º£½Ç´óÉñ does not accept responsibility or liability for individual or unauthorized communications.

Unacceptable use

The following list is not intended to be exhaustive but is an attempt to provide a framework for activities that constitute unacceptable use. Users, however, may be exempted from one or more of these restrictions during their authorized job responsibilities, after approval from the head of their division and the Chief Information Officer in consultation with LITS staff.

Unacceptable use of º£½Ç´óÉñ Information Technology and Institutional Data resources includes but is not limited to:

• illegal activities or violations of any º£½Ç´óÉñ policy, rule or contract;
• unauthorized use or disclosure of personal, private, sensitive, and/or confidential information;
• unauthorized use or disclosure of Information Technology and Institutional Data;
• distributing, transmitting, posting, or storing any electronic communications, material or correspondence that is threatening, obscene, harassing, pornographic, offensive, defamatory, discriminatory, inflammatory, illegal, or intentionally false or inaccurate;
• attempting to represent º£½Ç´óÉñ in matters unrelated to official authorized roles or responsibilities;
• connecting unapproved devices to the º£½Ç´óÉñ network or to any Information Technology resource;
• connecting º£½Ç´óÉñ Information Technology resources to unauthorized or public networks without approval;
• connecting to any wireless network while physically connected to º£½Ç´óÉñ’s wired network;
• installing, downloading, or running software that has not been approved following appropriate security, legal, and/or LITS review in accordance with º£½Ç´óÉñ policies;
• using º£½Ç´óÉñ information technology resources to circulate unauthorized solicitations or advertisements for non-institutional purposes including but not limited to religious, political, or not-for-profit entities;
• providing unauthorized third parties, including family and friends, access to º£½Ç´óÉñ’s non-public information or resources;
• using º£½Ç´óÉñ information or resources for commercial or personal purposes, in support of "for-profit" activities or in support of other outside employment or business activity (e.g., consulting for pay, business transactions);
• propagating fraudulent mass mailings, spam, or other types of undesirable and unwanted email content using º£½Ç´óÉñ technology resources; and
• tampering, disengaging, or otherwise circumventing institutional or third-party IT security controls.
• copyright infringement or violations of copyright law,
• forgery or other misrepresentation of one's identity
• using any device that adversely affects the º£½Ç´óÉñ network, systems or community use thereof.

Access and Security

The access and use of º£½Ç´óÉñ Information Technology and Institutional Data resources is a privilege granted to the º£½Ç´óÉñ community. º£½Ç´óÉñ expects all Users to use any º£½Ç´óÉñ information resource in a lawful, ethical, responsible way, consistent with the mission of the College and its Code of Ethical Conduct.

All Users have a responsibility to protect º£½Ç´óÉñ information technology resources and institutional data over which they have access or control. Additional policies may apply to specific business units, technology resources and/or institutional data. For more information, consult the divisional head or LITS.

If an account has been closed or expired, or the account owner is not available within a reasonable period of time, the designees of º£½Ç´óÉñ, with the help of LITS, may move files or provide an authorized supervisor with access.

º£½Ç´óÉñ employs various measures to protect the integrity and security of its Institutional Data, Information Technology resources, and of Users’ accounts. Except any privilege or confidentiality recognized by law, Users must understand that email, messages, files, and other electronic data transmitted, stored on or accessed through º£½Ç´óÉñ information technology resources, may not be confidential.

º£½Ç´óÉñ, in its discretion, may disclose the results of general or individual monitoring, including the contents and records of individual communications, to appropriate º£½Ç´óÉñ personnel and/or law enforcement agencies when required and may use those results in appropriate º£½Ç´óÉñ disciplinary proceedings.

When Users are no longer employed by, under contract with or attending º£½Ç´óÉñ, access to and use of Information Technology and Institutional Data will be revoked. Any exceptions or extensions must be documented, have just cause and be approved by the associated divisional head and LITS.

User Account

• Mount Holyoke College User account is for use solely by the individual to whom the account was assigned. Use of the account must not be provided to any other for any reason. If the User suspects someone has obtained access to their account, credentials must be changed immediately, reported to LITS, and access reviewed.
• Sharing of accounts is strictly prohibited. The use of an individual User’s account by anyone else is considered a breach of the policy.

Personal Use

Personal use of º£½Ç´óÉñ’s information technology resources by faculty and staff should be minimal and adhere to this policy. All other authorized Users should refrain from using the college’s technology resources for personal gain.

Password Security

• The password for an individual’s primary º£½Ç´óÉñ account must be different from any other password. It must not be used for other purposes or programs.
• Passwords must follow all the requirements set forth in the password policy.
• Users should never physically write down their password or store it in an unsafe manner.
• Users should never share or disclose their password with others.
• If LITS is made aware of a user’s password exposure, LITS will ask that user to change the password.

Oversight

º£½Ç´óÉñ LITS has created an Information Security Committee which coordinates through the College’s Compliance Committee, to monitor legislation and regulation in this area, develop appropriate institutional policies and communicate with the Mount Holyoke community.

Policy Violations

Users who violate this policy may be denied access to technology resources and may be subject to other penalties and disciplinary action, both within and outside of º£½Ç´óÉñ. Violations will normally be handled through º£½Ç´óÉñ disciplinary procedures applicable to the relevant user. º£½Ç´óÉñ may temporarily suspend or block access to an account or restrict network access prior to the initiation or completion of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security or functionality of º£½Ç´óÉñ or other technology resources or to protect º£½Ç´óÉñ from liability. º£½Ç´óÉñ may also refer suspected violations of applicable law to appropriate law enforcement agencies.

Definitions

These definitions apply to terms as they are used in this policy.

Related Information:

Related Policies:

Code of Ethical Conduct: 
Outlines the general principles to which we subscribe, /policies/code-ethical-conduct

º£½Ç´óÉñ Data Classification Policy: /policies/data-classification

Other Resources:

Data Handling Procedures:

File Sharing Policy: /policies/file-sharing-software

Higher Education Opportunity Act Notice on Distribution of Copyrighted Materials: