Technology/Internet Ethics & Acceptable Use Policy
Relationship with the Mission and Goals of Eastern Florida State College
In support of Eastern Florida State College’s mission, the college provides information technology for use by its students, faculty, and staff. All users are expected to conduct themselves in a manner that reflects respect for the rights of others and protects the integrity of data, equipment, software licenses, and information technology. Use of the college’s computers and network must at all times be consistent with lawful and ethical behavior and in compliance with international, federal, state, and local law, the State Board of Education Rules for Community Colleges, and all other policies and procedures of the college. Access to the college’s information technology by faculty, staff, students, and community users is a privilege extended for the purpose of academic endeavors and other pursuits in support of and consistent with the educational objectives of Eastern Florida State College. Additionally, there is no expectation of privacy by employees, students, or others when using email or Internet communications when such communications occur over the Eastern Florida State College provided network, connection or equipment or other college provided information technology.
Information Technology includes use of computers, computer systems, workstations, peripheral equipment (such as modems, terminals and printers), and related hardware and software, data sets, storage devices (such as DVD’s, CD-ROMS and hard or soft drives), networks, servers, Internet access, the college’s website and web pages, email and systems, and learning management systems.
Technology Security Goals
Eastern Florida State College is also committed to safeguard the confidentiality, integrity and availability of all information assets of the institution to ensure that all regulatory and operation requirements are fulfilled. The college is also committed to ensure that all regulatory and operation requirements are fulfilled. The overall security goals for the information security are as follows:
- Ensure compliance with all applicable laws, regulations and guidelines.
- Comply with requirements for confidentiality, integrity and availability.
- Establish controls for protecting the college’s information and information systems against theft, abuse, intrusion and other forms of harm and loss.
- Motivate administrators and employees to maintain ownership of all information technology assets in order to minimize security incidents.
- Ensure the college is capable of continuing service in the event of a security incident or other major disaster.
- Ensure the protection of personal data.
- Ensure that all external service providers comply with the college’s information security needs and requirements.
- Ensure flexibility and an acceptable level of security for accessing information systems from both on and off campus.
Eastern Florida State College's current business strategy and framework for risk management are the guidelines for the identifying, assessing evaluating and controlling information related risks through the establishment and maintenance of the Information Security procedures.
Security procedures and guidelines will act as support to ensure that security of all Eastern Florida State College systems are at the highest they can be while still allowing for the efficient completion of all administrative tasks, learning and teaching. These procedures include (but are not limited to) password procedures, continuity plans, backup procedures, defense against malicious code or activities, system and information access control, incident management, reporting, and audit compliance.
The term information security is related to the following basic concepts:
- Confidentiality – the property that information is not available or disclosed to unauthorized individuals, entities or processes.
- Integrity – the property of safeguarding the accuracy and completeness of assets.
- Availability – the property of being accessible and usable upon demand by an authorized and authenticated entity.
Some of the most critical needs of the systems supporting Eastern Florida State College activities are availability and reliability of the network, infrastructure and services. While Eastern Florida State College is an open access, public record institution it will in certain situations prioritize confidentiality over availability and reliability in the event of a breach or intrusion.
Every user of the college's information system will comply with this information security policy/procedure. Violation of this policy and relevant security requirements will therefore constitute a breach of trust between the user and Eastern Florida State College may have consequences for employment or student attendance.
Acquisition of Privileges
Students, faculty and staff may be provided Internet access or other information technologies using an account assigned to them by the college. Students, faculty, and staff are responsible for any activity originating from their accounts which they can reasonably be expected to control. Accounts and passwords may not, under any circumstances, be used by persons other than those to whom they have been assigned by the account administrator. In cases when unauthorized use of accounts or resources is detected or suspected, the account owner should change the password and report the incident to the appropriate department or personnel. The college reserves the right to review any material on user accounts for purposes of maintaining security, server space, and compliance with acceptable use policies. The college may require users to limit or refrain from specific uses if such use interferes with the efficient operations of the college-wide system.
Users will complete the appropriate annual security awareness program to keep their security privileges. Security breaches or the misuse of security privileges are to be reported immediately to the Security Incident Committee and the Associate Vice President, Information Technologies. The Security Incident Committee will review and report their findings to the appropriate college personnel for further consideration.
EFSC Responsibility and Liability
The college has no control over the information accessed through the Internet and is not responsible for the Internet's content. The Internet is an uncontrolled information resource with a highly diverse user population and should be used with discretion and in compliance with this Technology and Internet Ethics and Acceptable Use Policy (AUP). The college may deny use of its information technology to persons under the age of 15.
Adherence to other Policies and Procedures
Any use of Eastern Florida State College information technology for illegal, inappropriate, or obscene purposes, or in support of such activities, is prohibited. Engagement in such prohibited activities may result in suspension, termination or revocation of access to information technology, internet privileges, user account, or other sanctions as deemed appropriate.
Users must not utilize computing resources to gain unauthorized access to remote computers or networks to impair or damage the operations of Eastern Florida State College's computers, networks, terminals or peripherals. This includes but is not limited to blocking communication lines, intercepting or sniffing communications, and running, installing, or sharing virus programs. Deliberate attempts to circumvent data protection or other security measures is prohibited and may be subject to other penalties and disciplinary action as set forth herein or within any other college policies or procedures. Eastern Florida State College security procedures will be adhered to with regards to all information technology.
The college recognizes that defining immoral or unethical uses of the Internet is highly subjective. In cases where use of information technology is questionable, the college may review such cases to determine compliance with this AUP. Examples of illegal, immoral, or unethical uses of the college Internet computers include, but are not limited to:
- Deliberately using or accessing materials that are profane, offensive, or obscene to the reasonably prudent person
- Using inflammatory or derogatory language or libeling or slandering remarks
- Any actions that place secure data at risk (i.e. FERPA and/or HIPPA violations)
- Activities connected with any attempt to overthrow the government of the United States
- Any actions of malicious intent
- Violating the conditions of the State of Florida Education Code dealing with student's rights or privacy
- Re-posting or otherwise disseminating personal communications without the author's consent
- Using an EFSC computer to actively engage in procuring or transmitting material that is in violation of sexual harassment, pornographic or creating a hostile workplace
- Creating or causing security breaches or disruptions of network communication. Security breaches includes accessing data of which the employee is not an intended recipient. Disruption includes but is not limited to, port scanning, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
- Executing any form of network monitoring which will intercept data not intended for the employee's host, unless this activity is a part of the employee's normal job/duty.
- Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's network connection, via any means, locally or via the Internet/Intranet/Extranet.
- Circumventing established College software security procedures or obtaining information system access and passwords which one is not entitled.
- Unauthorized alteration or removal of college hardware or software.
- Unauthorized access, alteration or destruction of College owned data or software.
- Connecting or installing personal or non-College owned hardware or software to the college network without prior approval.
- Purposely attempting to gain access to information technology through the use of hacking or other unapproved means.
- Purposely violating any Eastern Florida State College Information Security Procedures.
- Other actions that are not in accordance with The Code of Ethics and Principles of Professional Conduct of the Education Profession of Florida
Any student, faculty, staff, or community user who improperly utilizes or accesses Eastern Florida State College's information technology (hardware and or software) and in the course of improper access or utilization causes any damage, loss of service or interruption of services due to willful or negligent behavior, may be liable for all direct and consequential damages resulting from such willful or negligent misuse.
Additionally, all students, faculty, staff, and community users must comply with federal and state laws, college rules and policies, and the terms of applicable contracts including software licenses while using the college's information technology resources. Examples of applicable laws, rules and policies include the laws of libel, privacy, copyright, trademark, Florida Computer Crimes Act, the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, all other international, federal, state and local laws, including the Florida State Board of Education Rules for Community Colleges, and the college's sexual harassment policy and student code of conduct and all Eastern Florida State College Information Security Procedures. Users who engage in electronic communications with persons in other states or countries or on other systems or networks may also be subject to the laws of those jurisdictions and the rules and policies of those other systems and networks.
Any student, faculty, staff, or community user utilizing the printing function of any standalone or networked computer must comply with all departmental policies and procedures regarding such printing function. This includes, but may not be limited to, all limitations on the number of pages printed and or payment for the cost of such printing.
Current technology easily allows users to duplicate and distribute copyrighted video images, audio recordings and other digital materials. The receipt of, possession of, or distribution of copyrighted material without the permission of the copyright holder is prohibited and is in violation of the laws of the United States (Title 17, U.S. Code). Violators of copyright law could be subject to felony charges in state or federal court, and may also be sued by the copyright holder in civil court. Additionally, such improper use may be a violation of the EFSC's student code of conduct and may amount to actionable plagiarism. Users are responsible for any consequences of copyright infringement and the college disclaims any liability or responsibility resulting from such use.
All software loaded on campus computers must be licensed by the college. Faculty, staff, students, and community users are prohibited from downloading software to individual campus computers or servers; if found, unlicensed software will be removed, and access to campus computing resources may be suspended and/or terminated.
The Digital Millennium Copyright Act of 1998 requires the college to file with the Copyright Office a designation of an agent to receive notifications of claimed infringement. The college's agent is listed at http://www.copyright.gov/onlinesp/list.
For purposes of this document, email includes point-to-point messages, listserves, and any electronic messaging involving computers and computer networks. EFSC Titan Mail/Office 365 is the official email account for students. Students are responsible for accessing their email accounts and retrieving all communications sent to the students from the college.
The college has adopted email protocol and procedures which are routinely outlined in student publications. The use of the EFSC provided Course Management System's (i.e Canvas) communication tools, also requires adherence to all protocols and procedures for the use of email. Organizational email accounts, including those used by student organizations, are held to the same standards as those for individual use by other students, faculty, or staff. Email is also generally subject to the Florida Public Records Law to the same extent as it would be on paper.
Examples of inappropriate and unacceptable uses of email may include but are not limited to:
- Chain mail that misuses or disrupts resources - email sent repeatedly from user to user, with requests to send to others
- Abusive, threatening, obscene, pornographic, harassing, or hate mail
- Willful introduction of virus or virus hoaxes
- Spamming or junk mail or other disseminations that may fail to otherwise accurately identify the sender
- Any use of web-based or other communication tools that otherwise violates the Family
Education Rights & Privacy Act (FERPA) or the Health Insurance Portability and Accountability
Act of 1996 (HIPAA)
- Do not include social security numbers (SSN), IDs or names in the subject lines of an email. The SSN or IDs should not be included in an email at all.
- o If you receive an email with this information, remove it from the subject line before forwarding or responding
Personal or Commercial Use
College-provided informational resources are not to be used by anyone for commercial purposes or for personal financial or other gain. Occasional personal use of college information technology resources for other purposes is permitted when it does not consume a significant amount of those resources, does not interfere with the performance of the faculty or staff's job, and is otherwise in compliance with this policy. Further limits may be imposed upon personal use in accordance with normal supervisory procedures concerning the use of college equipment.
Policy Monitoring and Passwords
The college does not routinely monitor an individual's use of the college's information technologies. However, the college employs various measures to protect the security of its information technology resources and its users' accounts. Users should be aware that the college does not provide security and confidentiality when using its computer technology. Users should therefore engage in "safe computing" practices by establishing appropriate access restrictions for their accounts, guarding their passwords and routinely changing all passwords. The normal operation and maintenance of the college's computing resources require the backup and caching of data and monitoring usage patterns. The college may also monitor the activity and accounts of specific users in the event of a complaint relating to this policy or possible security breach.
Access to certain college systems requires the use of usernames and passwords. Many of these systems require the user to periodically change passwords as outlined in the Information Security Procedures.
Security of student and financial records on EFSC systems is a highly regulated environment. All users must adhere to the following rules to maintain the security of records and to ensure an accurate audit trail:
- Never provide your username, B number, and password to another user. By doing so, the audit trail is broken, and you may be held accountable for actions in the system you did not perform. If someone has forgotten their username, B number and/or password, contact the college's technical support desk. If you don't have an account and need access, contact your supervisor. Users allowing other faculty and staff to use their username, B number, and password will have their access removed.
- Never leave written evidence of your username, B number, and password around the office or workspace.
Technology and Internet ethics and acceptable use policies and procedures will be implemented as follows:
- A full version of the Technology and Internet Ethics and Acceptable Use Policy and procedures will be placed in the Eastern Florida State College Library Resources on the college's intranet.
- An abbreviated version of the Technology and Internet Ethics and Acceptable Use Policy will be placed in the faculty and student handbooks. A notice will also be placed in these handbooks indicating where a complete copy of the Internet ethics and acceptable use policies and procedures may be obtained.
- Information Security Procedures are maintained within the Information Technologies district office.
Review of AUP
In order to insure that the policies and procedures regarding the use of technology and the Internet by faculty, staff, students, and community users represent a contemporary application of this technology, and to accommodate the change process, the college's Information Technology Department will review this AUP annually.
Data Classification and Security
Enterprise-level administrative data is an asset owned by Eastern Florida State College. The college will protect the integrity and confidentiality of all enterprise-level administrative data and all user-developed data sets and systems that may have access to this data regardless of the environment to which it resides or the form that it may take.
Data will be classified and appropriate security measures will be implemented commensurate with their value, sensitivity and risk.
Security Incident Response
Information security breaches or security violations should be reported immediately to the Information Technology department Associate Vice President to allow for the expedient response as outlined in the Information Security Procedures.
Privacy, Access and Security
Eastern Florida State College respects the privacy of all visitors to the college's websites as permitted by law. This policy covers the use and collection of any information from these visits as well as the protection of that information.
There are four types of information that the college's website may collect during your visit. These are network traffic logs, website visit logs, cookies, and information voluntarily provided.
In the course of ensuring network security and consistent service for all users, Eastern Florida State College employs software programs to monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage college computers or the network, and monitor and tune the performance of the college network. In the course of such monitoring, these programs may detect such information as e-mail headers, addresses from network packets, and other information. Information from these activities is used only for the purpose of maintaining the security and performance of the college's networks and computer systems. Personally identifiable information from these activities is not released to external parties without your consent unless required by law.
Eastern Florida State College's web sites routinely collect and store information from online visitors to help manage those sites and improve service. This information includes the pages visited on the site, the date and time of the visit, the Internet address (URL or IP address) of the referring site, the domain name and IP address from which the access occurred, the version of browser used, the capabilities of the browser, and search terms used on our search engines. This site makes no attempt to identify individual visitors from this information: any personally identifiable information is not released to external parties without your consent unless required by law.
In the course of using these web sites, you may choose to provide us with information to help us serve your needs. For example, you may send us electronic mail (through a mailer or a web form) to request information, you may sign up for a mailing list, or you may send us your address so we may send you an application or other material. Any personally identifiable information you send us will be used only for the purpose indicated. Requests for information will be directed to the appropriate staff to respond to the request, and may be recorded to help us update our site to better respond to similar requests. We will not sell, exchange or otherwise distribute your personally identifiable information without your consent, except to the extent required by law. We do reserve the right to work with third-party vendors, to host this information solely for the purposes intended and in accordance with this policy. We do not retain the information longer than necessary for normal operations. Each web page requesting information discloses the purpose of that information. If you do not wish to have the information used in that manner, you are not required to provide it. Please contact the person listed on the specific page, or listed below, with questions or concerns on the use of personally identifiable information.
Collegewide Social Media
Social networks have been adopted by the College to communicate with others. They provide real-time ways to connect with those who share common interests. These guidelines and procedures (Section 106.16 of EFSC Procedures Manual) have been created to provide a road map for the appropriate use of social media by the faculty, staff and students of Eastern Florida State College.
They apply to all forms of social media and communication technology used on behalf of the College, affect all employees and students, plus individuals who use College computer resources and expressly prohibit conduct through social media that is considered illegal or against Eastern Florida State College policies or professional standards.
Sections of these guidelines pertaining to the permissible use of social media and permissible use of graphics, including EFSC logos and other branding, also apply to employees while using personal social media accounts outside of regular work hours, insofar as the use of social media may affect an individual's responsibility as a member of the Eastern Florida State College community. Violations may result in disciplinary or legal actions by the College.