Employee Technology Use Policy

Purpose of Policy

Computers and other information technology resources are essential tools in accomplishing the work of the College. Information technology resources are valuable community assets to be used and managed responsibly to ensure their integrity, confidentiality, and availability for appropriate research, education, outreach, and administrative objectives of Gustavus. College employees are granted access to these resources in support of advancing the College’s mission. This policy is constructed in a way to allow for complete academic freedom to exist, as outlined in the Faculty Manual Appendix A, while maintaining the integrity of the college’s technology resources. In the use of technology resources, College employees must follow College policies and federal, state and local laws. These include but are not limited to policies and laws related to information security, data privacy, commercial use, and those that prohibit harassment, theft, copyright and licensing infringement, and unlawful intrusion and unethical conduct.

Owner(s)

Director of Gustavus Technology Services and CFO, VP of Finance and Treasurer, Provost and faculty, staff and students employed by Gustavus Adolphus College.

Scope

The purpose of this policy is to outline the acceptable use of technology resources at the College in order to comply with legal and contractual requirements, safeguard these resources, and protect the College against damaging legal consequences that could result from unacceptable use.

1.0 Acceptable Use

Technology resources provided by Gustavus Adolphus College are intended to be used for the work and activities directly associated with employment. In their use of technology resources, employees should respect the rights of other users, avoid actions that jeopardize the integrity and security of information technology resources, and comply with all pertinent licensing and legal requirements.

Employees must comply with applicable contractual agreements and licensing agreements.

Gustavus Technology Services will determine and authorize use of technology resources in collaboration with Gustavus Vice Presidents or designees. Employees must use only technology resources they are authorized to use and only in the manner and to the extent authorized. Ability to access information technology resources does not, by itself, imply authorization to do so.

Users are responsible for protecting their College-assigned accounts and authentication (e.g., password) from unauthorized use. User passwords should be unique, secure, and never shared with others, including other Gustavus Adolphus College users.

Employees are responsible for the content of their personal communications and may be subject to liability resulting from those communications. The College accepts no responsibility or liability for any personal or unauthorized use of its resources by employees. Employees should be aware that communications sent from Gustavus Adolphus College-owned devices or accounts could be construed as representing a College position.

Copyright

Copyright is a form of protection provided by the laws of the United States (title 17, U.S. Code) to the authors of original works of authorship including literary, dramatic, musical, artistic, and certain other intellectual works. This protection is available to both published and unpublished works. Employees should assume materials found on the Internet are copyrighted unless a disclaimer or waiver is expressly stated or the material that is clearly in the public domain (e.g. published before 1923 or a U.S. federal 43 document).

Some examples of copyright violations would include:

Displaying pictures or graphics you have not created yourself. Offering sound recordings you have not produced yourself. Using programs to distribute copyrighted files. Placing any materials owned by others on your web page (or any other medium) without the expressed permission of the original owner. Fair Use

In some circumstances the use of a copyrighted work may be considered a 'fair use.' For more information see:

https://www.copyright.gov/fair-use/more-info.html http://cmsimpact.org/program/fair-use/ https://www.lib.umn.edu/copyright/fairthoughts

2.0 Unacceptable Use

Employees are not permitted to share authentication details or provide access to their College accounts to anyone else.

Employees must not circumvent, attempt to circumvent, or assist another in circumventing the security controls in place to protect information technology resources and data.

Employees must not knowingly download or install software onto College information technology resources which may interfere with or disrupt service, or does not have a clear business or academic use.

Employees are prohibited from willingly engaging in activities that interfere with or disrupt network users, equipment or service; intentionally distribute viruses or other malicious code; or install software, applications, or hardware that permits unauthorized access to information technology resources.

Employees must not engage in inappropriate use, including but not limited to:

Activities that violate state or federal laws, regulations or College policies. Widespread dissemination of unsolicited and unauthorized electronic communications. Employees must avoid excessive use of system information technology, including but not limited to network capacity.

Excessive use means use that is disproportionate to that of other users, or is unrelated to academic or employment-related needs, or that interferes with other authorized uses. Individual divisions within the College (e.g., academic affairs) may require employees to limit or refrain from certain activities in accordance with this provision.

Gustavus discourages the installation of personal software and files on College technology resources that are not directly associated with the work and activities of the College. Gustavus Technology Services is unable to support any personally installed software unrelated to work and activities of the College. Gustavus Technology Services assumes no obligation to transfer or retain any personally licensed software, personal files, or other non-college information or materials.

3.0 Privacy and Security Measures

Employees must not violate the privacy of other technology users. Technical ability to access others’ accounts does not by itself imply authorization to do so.

The College takes reasonable measures to protect the privacy of its information technology resources and accounts assigned to individuals. However, the College does not guarantee absolute security and privacy. Users should be aware that any activity on information technology resources may be monitored, logged and reviewed by College-approved personnel, or may be discovered in legal proceedings. Circumstances under which such review and discovery may occur are described immediately below.

Responsibility for protecting the College's resources and data is a shared responsibility by all employees and Gustavus Technology Services. Gustavus Technology Services treats the contents of individual assigned accounts and personal communications as private and does not examine or disclose the content except:

as required for system maintenance, including security measures; when there exists reason to believe an individual is violating the law or College policy; and/or as permitted by applicable policy or law. Before disclosing the contents of individual files or reassigning the ownership of a user’s account, GTS is required to receive authorization from two Gustavus Vice Presidents that a credible reason exists to take this action.

Employees may add additional measures for protection of information if required by grants or research agreements. If additional protection is added to College technology resources, system administrators must be given access to those resources upon request.

Employees should ensure the security and confidentiality of Gustavus’ data and student information. Student records are subject to heightened confidentiality requirements through legislation such as the Family Educational Rights and Privacy Act (FERPA). College-owned computers are issued with software tools that encrypt data stored on the machines; employees should not disable these tools. When sharing confidential and protected data, all employees should do so using a secure method approved by the College. Confidential Gustavus data or student records should not be created, downloaded or saved to any device in an unprotected format.

The College reserves the right to employ security measures. When it becomes aware of violations, either through routine system administration activities or from a complaint, it is the College's responsibility to investigate as needed or directed, and to take necessary actions to protect its resources and/or to provide information relevant to an investigation.

4.0 Enforcement

Individuals who use information technology resources to violate a College policy, law(s), contractual agreement(s), or violate an individual’s rights, may be subject to limitation or termination of user privileges and appropriate disciplinary action, legal action, or both. Alleged violations will be referred to the appropriate College office or law enforcement agency.

The College may temporarily deny access to information technology resources if it appears necessary to protect the integrity, security, or continued operation of these resources, or to protect itself from liability.

Help with this Policy

Contact the Director of Gustavus Technology Services for questions and comments on this policy.

Policy Authority

The Director of Gustavus Technology Services has responsibility for this policy and will obtain necessary approvals and changes to this policy.

Related Policies or References

Administrative and Support Staff Handbook; All College Policies.

Approved by the President's Cabinet: August 29, 2017.