This policy applies to any user of the College’s information technology resources, whether initiated from a computer located on or off-campus. This includes any computer and information system or resource, including means of access, networks, and the data residing thereon. This policy applies to the use of all College information technology resources whether centrally-administered or locally-administered. Administrators of individual or dedicated College resources may enact additional policies specific to those resources provided they do not conflict with the provisions of this and other official policies and laws. Users are subject to both the provisions of this policy and any policies specific to the individual systems they use.
The principal concern of this responsible use policy is the effective and efficient use of information technology resources. The primary focus is to insure that the resources are used in a manner that does not impair or impede the use of these resources by others in their pursuit of the mission of the College. This policy is intended to ensure
- the integrity, reliability, and good performance of College resources;
- that the resource-user community operates according to established policies and applicable laws;
- that these resources are used for their intended purposes; and
- that appropriate measures are in place to assure the policy is honored
The policy is intended to permit, rather than proscribe, reasonable resource-user access within institutional priorities and financial capabilities. This policy is intended to promote and encourage responsible use while minimizing the potential for misuse and not imposing broad-based restrictions on all users. This policy is not intended to prevent or prohibit the sanctioned use of campus resources as required to meet Otis College's core mission and academic and administrative purposes.
C. Guiding Principles
The following principles underlie this policy and should guide its application and interpretation:
- Freedom of thought, inquiry, and expression is a paramount value of the Otis College community. To preserve that freedom, the community relies on the integrity and responsible use of College resources.
- Information technology resources are provided to support the College's mission of education and service. To ensure that these shared and finite resources are used effectively to further the College's mission, each user has the responsibility to:
- a. use the resources appropriately and efficiently;
- b. respect the freedom and privacy of others;
- c. protect the stability and security of the resources; and
- d. understand and fully abide by established College policies and applicable public laws.
- Responsible use of College resources will be given priority over the current or potential design, capability or functionality of specific information technology resources including operating systems, hardware, software, and the Internet.
- Users of information technology resources are expected to uphold the highest academic standards in accordance with the Student Code of Conduct and other College policies and practices.
D. Policy Application
As a general guideline, the institution regards the principle of academic freedom to be a key factor in assuring the effective application of this policy and MIS procedures and practices. The law is another source of guidance. The College's role in supporting or acting to enforce such law is also critical to how this policy will be applied.
- All existing laws (Federal, State and local) and State of California and Otis College regulations and policies apply, including not only laws and regulations that are specific to computers and networks, but also those that may apply generally to personal conduct. This may also include laws of other states and countries where material is accessed electronically via College resources by users within those jurisdictions or material originating within those jurisdictions is accessed via College resources.
- The accessibility of certain College information technology resources, such as network-based services, implies a degree of risk that the existence, viewing or receipt of such information/content may be offensive. As a matter of policy, the College protects expression the community and does not wish to become an arbiter of what may be regarded as "offensive" by some members of the community. However, in exceptional cases, the College may decide that such material directed at individuals or classes of individuals presents such a hostile environment under the law that certain restrictive actions are warranted.
- The College reserves the right to limit access to technology resources when policies or laws are violated and to use appropriate means to safeguard resources, preserve network/system integrity, and ensure continued service delivery at all times. This includes monitoring routing information of communications across network services and transaction records residing on College resources, scanning systems attached to the Otis College network for security problems, disconnecting systems that have become a security hazard, and restricting the material transported across the network or posted on College systems.
- Hyperlinks within the policy to external documents are provided for the reference and convenience of readers. They should not be viewed as implying that the referenced document is being incorporated into this policy except as stated or otherwise specified in the policy itself.
E. Policy Provisions
This section is not intended to provide a full accounting of applicable laws and policies. Rather, it is intended to highlight major areas of concern with respect to responsible use of Otis College resources and specific issues required by law.
1. Authorized Use / Access
Access to Otis College's information technology resources is a privilege granted to faculty, staff and students in support of their studies, instruction, duties as employees, official business with the College, and/or other College-sanctioned activities. Access may also be granted to individuals outside of Otis College for purposes consistent with the mission of the College.
With the exception of implicitly publicly accessible resources such as website, access to Otis College information technology resources may not be transferred or extended by members of the College community to outside individuals or groups without prior approval of an authorized College official. Such access must be limited in nature and fall within the scope of the educational mission of the institution. The authorizing College official is expected to ensure that such access is not abused.
Gaining access to the College's information technology resources does not imply the right to use those resources. The College reserves the right to limit, restrict, remove or extend access to and privileges within, material posted on, or communications via information technology resources, consistent with this policy, applicable law or as the result of College disciplinary processes, and irrespective of the originating access point. It is expected that these resources will be used efficiently and responsibly in support of the mission of the College as set forth in this policy. All other use not consistent with this policy may be considered unauthorized use.
2. Data Security, Confidentiality and Privacy
Otis College users are responsible for ensuring the confidentiality and appropriate use of institutional data to which they are given access, ensuring the security of the equipment where such information is held or displayed, ensuring the security of any accounts issued in their name, and abiding by related privacy rights of students, faculty and staff concerning the use and release of personal information, as required by law or existing policies, including the Confidentiality-Security Policy and policy on the Use and Release of Student Information. Otis College is required by State Lawby to disclose any breach of College system security to California residents whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Electronic mail and computer files are considered private to the fullest extent permitted by law. Access to such files will generally require permission of the sender/recipient of a message or the owner of the account in which the material resides, court order, or other actions defined by law. However, in the event of a sanctioned College investigation for alleged misconduct, e-mail or files may be locked or copied to prevent destruction and loss of information. Users may employ methods to increase the privacy of their files, provided they do not violate any provision of this policy or degrade system/network performance.All users of Otis College's information technology resources are advised to consider the open nature of information disseminated electronically, and should not assume any degree of privacy or restricted access to such information. Otis College strives to provide the highest degree of security when transferring data, but cannot be held responsible if these measures are circumvented and information is intercepted, copied, read, forged, destroyed or misused by others.
3. Electronic Information Retention and Disclosure
Original electronic materials and/or copies may be retained for specified periods of time on system backups and other locations; however the College does not warrantthat such information can be retrieved. Unless otherwise required by law and/or policy, Otis College reserves the right to delete stored files and messages to preserve system integrity. Except in an emergency, users will be given advance notice to delete files and messages. Electronic files or messages, whether or not created and stored on College resources, may constitute a College record subject to disclosure under the California Public Records Act or other laws, or as a result of litigation. Electronic copies must be rovided in response to a public record request or legally issued subpoena, subject to very limited exceptions, as with other documents created and retained by the College. Disclosure of confidential information to unauthorized persons or entities, or the use of such information for self-interest or advantage, is prohibited. Access to non-public institutional data by unauthorized persons or entities is prohibited. Requests for disclosure of confidential information and retention of potential evidence ill be honored when approved by authorized College officials or required by state or federal law.
4. Network and System Integrity
In accordance with California State Penal Code Section 502, Otis College's Computer Crimes Policy, and other policies and laws, activities and behaviors that threaten theintegrity of computer networks or systems are prohibited on both College-owned andprivately-owned equipment operated on or through College resources. These activities and behaviors include but are not limited to:
- Interference with or disruption of computer systems and networks and related services, including but not limited to the propagation of computer "worms," "viruses" and "Trojan Horses"
- Intentionally or carelessly performing an act that places an excessive load on a computer or network to the extent that other users may be denied service or the use of electronic networks or information systems may be disrupted
- Failure to comply with authorized requests from designated College officials to discontinue activities that threaten the operation or integrity of computers, systems or networks
- Negligently or intentionally revealing passwords or otherwise permitting the use by others of College-assigned accounts for computer and network access. Individual password security is the responsibility of each user. The user is responsible for all uses of their accounts, independent of authorization.
- Altering or attempting to alter files or systems without authorization
- Unauthorized scanning of ports, computers and networks
- Unauthorized attempts to circumvent data protection schemes or uncover security vulnerabilities
- Connecting unauthorized equipment to the campus network or computers. College authorized business and other activities directly related to the academic mission of the College are excluded.
- Attempting to alter any College computing or network components without authorization or beyond one's level of authorization, including but not limited to bridges, routers, hubs, wiring, and connections.
- Utilizing network or system identification numbers or names that are not assigned for one's specific use on the designated systemUsing campus resources to gain unauthorized access to any computer system and/or using someone else's computer without their permission
- Providing services or accounts on College computers or via College networks to other users from a personal computer unless required to meet the normal activities of students working as individuals or in collaborative groups to fulfill current course requirements. College authorized business and other activities directly related to the academic mission of the College, are also excluded. Registering a Otis College IP address with any other domain name
5. Commercial Use
Use of the College's information technology resources is strictly prohibited for unauthorized commercial activities, personal gain, and private, or otherwise unrelated to the College, business or fundraising. This includes soliciting, promoting, selling, marketing or advertising products or services, or reselling College resources.
Campus auxiliary organizations are authorized to provide services and products to students, faculty and staff, and invited guests of the College through operating and service support leases. The College President or designee may authorize additional limited commercial uses under separate policy provisions. Such uses are excepted from the above prohibitions. These prohibitions are not intended to infringe on authorized uses that enable students, staff and faculty to carry out their duties andassignments in support of the College mission.
6. Political Advocacy
It is generally inappropriate for individual employees to use College resources to engage in political advocacy in election campaigns. Employees should exercise appropriate caution prior to engaging in such activities, which may have negative consequences for them and the College.
This provision does not apply to political activities related to on-campus student government, including the conduct of student elections, or student club activities and sponsored events conducted with prior approval of the College. It does not apply toindividual student activities, e.g., websites, which constitute free speech. Such activities must comply with all other provisions of this policy, including the section on electronic communications, when using College resources.
Harassment of others via electronic methods is prohibited under California StatePeenal Code Secion 653m, other applicable laws and College policies. It is a violation of this policy to use electronic means to harass, threaten, or otherwise cause harm to a specific individual(s), whether by direct or indirect reference. It may be a violation of this policy to use electronic means to harass or threaten groups of individuals by creating a hostile environment.
8. Copyright and Fair Use
Federal copyright law applies to all forms of information, including electronic communications, and violations are prohibited under this policy. Infringements of copyright laws include, but are not limited to, making unauthorized copies of any copyrighted material (including software, text, images, audio, and video), and displaying or distributing copyrighted materials over computer networks without the author's permission except as provided in limited form by copyright fair userestrictions. The "fair use" provision of the copyright law allows for limited reproduction and distribution of published works without permission for such purposes as criticism, news reporting, teaching (including multiple copies for classroom use), scholarship, or research. The College will not tolerate academic cheating, plagiarsm or theft of intellectual property in any form.
9. Trademarks and Patents
Student, faculty and staff use of College information technology resources in the creation of inventions and other intellectual property that may be patented, trademarked or licensed for commercial purposes must be consistent with Otis College's Intellectual Property Policy. Unauthorized use of trade secrets and trademarked names or symbols is prohibited. Use of Otis College's name and symbols must comply with College policy.
10. Electronic Communications
College electronic communications are to be used to enhance and facilitate teaching, learning, scholarly research, support academic experiences, to facilitate the effective business and administrative processes of the College, and to foster effective communications within the academic community. Electronic mail, news posts, chatsessions or any other form of electronic communication must comply with Otis College's Electronic Mail Policy.
11. Web Sites
An official Otis College web page is one which is formally acknowledged by the chief officer of a College department or division as representing that entity accurately andin a manner consistent with Otis College's mission. Without such acknowledgment, a web site, regardless of content, is not "official." Official pages are the property and responsibility of the divisions that create them.
"Unofficial" information may also be posted and maintained by individual students, faculty, staff and student organizations. Otis College does not undertake to edit, screen, monitor, or censor information posted by unofficial authors, whether or not originated by unofficial authors or third parties, and does not accept anyresponsibility or liability for such information even when it is conveyed through College-owned servers.
Both official and unofficial web sites are subject to the other provisions of this policy if they use College resources such as College-owned servers and the Otis College network to transmit and receive information.
F. Policy Compliance
The HR and MIS is authorized by the President to ensure that the appropriate processes to administer the policy are in place, communicated and followed by the College community. The HR and MIS or designee will ensure that suspected violations and resultant actions receive the proper and immediate attention of the appropriate College officials, law enforcement, outside agencies, and disciplinary/grievance processes in accordance with due process.
The HR and MIS or designee will inform users about the policy; receive and respond to complaints; collect and secure evidence as required; advise and assist College offices on the interpretation, investigation and enforcement of this policy; consult with College Legal Counsel on matters involving interpretation of law, campus policy, or requests from outside law enforcement agencies and/or legal counsel; and maintain a record of each incident and MIS resolution to inform future policy changes.
G. Consequences of Non-Compliance
Enforcement will be based upon receipt by MIS of one or more formal complaints about a specific incident or through discovery of a possible violation in the normal course of administering information technology resources.
First offense and minor infractions of this policy, when accidental or unintentional, such as consuming excessive resources or overloading computer systems, aregenerally resolved informally by the unit administering the resource. This may be done through e-mail or in-person intervention and education.
Repeated offenses and serious incidents of non-compliance may lead to College disciplinary action under College disciplinary policies and procedures for students and employees, employee contract provisions where appropriate, private civil action, and/or criminal charges. Serious incidents of non-compliance include but are not limited to unauthorized use of computer resources, attempts to steal passwords ordata, unauthorized use or copying of licensed software, repeated harassment, or threatening behavior.
In addition to the above, inappropriate use of information technology resources may result in personal criminal, civil and other administrative liability.
Appeals of College actions resulting from enforcement of this policy will be handled through existing disciplinary/grievance processes for Otis College students and employees.
H. Reporting Irresponsible or Inappropriate Use
Suspected infractions of this policy should be reported to Information Technology Services in accordance with Appendix D, Policy Implementation and practices. There might be situations when the following additional offices/officials should be notified of suspected violations when filing a complaint:
Supervisors, Department Heads, Deans, Program Administrators and/or Human Resources, MIS, Facilities, if the incident occurs in the course of employment with the College:
- Academic Records - If the incident involves inappropriate use of Otis College student information. The registrar is responsible for investigating reports of FamilyEducational Rights and Privacy Act of 1974 (FERPA) violations and maintaining records for the Department of Education.
- Information Security Officer - If the incident involves inappropriate access to or use of institutional data.
- Otis College Security - If an individual's health and safety appears to be in jeopardy or a violation of law may be involved. 911 for emergencies.
I. Policy Review and Practices Oversight
The CIO of MIS under the guidance of the VP for Administration and Finance is responsible for application and enforcement of this policy. The Technology Committee shall review this policy on an annual basis or as the need arises, make recommendations for any changes, and provide oversight and periodic review of the practices used to implement this policy. Recommended changes shall be reviewed and approved by the CIO of MIS in consultation with the VP-AF and the President. The current version of the policy will be posted and maintained on the Otis College web site. A hard copy will be available at the Millard Sheets Library Reserve Desk.