Acceptable Use of Information Technology

Statement

Users of °µÍø½ûÇø (MHC) information resources have an obligation and responsibility to properly use and protect those resources and to respect the rights of others.

Information technology tools are powerful enabling technologies for accessing and distributing the information and knowledge developed at the College and elsewhere. They are strategic resources for meeting the current and future needs of the College. All MHC Community members must be mindful of the rights, privacy, and intellectual property of other MHC Community members when making use of or accessing information and technology resources granted to them by the College. This policy codifies what the College considers appropriate usage of information and technology resources with respect to the rights of others. The privilege to use the information resources of the College carry responsibilities outlined in this policy.

Scope / Responsibilities

This policy is applicable to all °µÍø½ûÇø students, faculty, staff, affiliates, and others granted use of information and technology resources and institutional data owned, managed, or otherwise provided by MHC. This policy refers to College information and technology resources whether individually controlled or shared, networked, or stand-alone, or hosted by third-party service providers. It applies to all information systems and services owned, leased, operated, or contracted for use by the College.

Information Technology includes but is not limited to hardware and software, email domains, cloud services, wireless devices, personal computers, and other related services, and any use of the organization’s network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network or service, whether used for administration, research, teaching or other purposes.

Institutional Data includes but is not limited to, all data created, collected, maintained, recorded, processed, or managed by MHC, its faculty, staff, and agents working on its behalf. It includes data used for planning, managing, operating, controlling, or auditing the functions of MHC, and also includes research data that contains personally identifiable subject information, proprietary information, and trade secrets (collectively "Institutional Data"). The definition of Institutional Data is not intended to alter the ownership of such data.

External guest Users who are granted the privilege of using MHC’s information technology resources and/or accessing institutional data must be held to the same standards as MHC Users.

Policy

Introduction

As a part of the institution’s physical facilities, academic and social infrastructure, MHC provides and maintains Information Technology and Institutional Data to support the needs and mission of the community. These resources are owned, leased, or contracted for use by MHC, and intended for MHC-related purposes. The purpose of the Acceptable Use Policy ("Policy") is to establish and promote the legal, secure, and ethical use of Information Technology and Institutional Data by all members of the MHC community, and to provide guidelines that protect MHC’s Information Technology and Institutional Data from inappropriate use and Institutional Data from unauthorized disclosure, while also preserving the information sharing requirements of an academic institution, and confidentiality integrity and availability of its resources. This Policy also lays the foundation for the common understanding of privacy and information security at the College. This Policy is meant to complement existing MHC Community Standards, Code of Ethical Conduct and all other MHC policies.

Policy statement

The rights of academic freedom and freedom of expression apply to the use of MHC’s Information Technology and Institutional Data, as do the responsibilities and limitations associated with those rights. The use of MHC Information Technology and Institutional Data resources, like the use of any other MHC- provided resource or MHC-related activity, is subject to the normal requirements of legal and ethical behavior within the MHC community. It is the expectation of MHC that all Users conduct themselves ethically, honestly, and with integrity, as stated in the Code of Ethical Conduct. Any use that disturbs or negatively impacts other Users or MHC’s mission is prohibited.

Users no longer employed by, under contract with, or attending MHC are responsible for returning all MHC-owned information technology resources to Library, Information, & Technology Services. Users are expected to comply with instructions regarding the return of and/or destruction of all MHC-owned information.

Acceptable use

All Users of MHC Information Technology and Institutional Data resources must:

  • Adhere to the Code of Ethical Conduct
  • Adhere to all applicable laws, regulations, MHC policies, rules, contracts, and licensing agreements.
  • Use the technology resources supplied by MHC in a manner and to the extent consistent of the User’s roles and responsibilities.
  • Only perform actions that will not jeopardize the confidentiality, integrity, and availability of MHC Information Technology and Institutional Data.
  • Respect the rights, privacy, and property of others.

Users of data and technology resources are responsible for the content of their individual communications and are subject to any personal liability resulting from that use. MHC does not accept responsibility or liability for individual or unauthorized communications.

Unacceptable use

The following list is not intended to be exhaustive but is an attempt to provide a framework for activities that constitute unacceptable use. Users, however, may be exempted from one or more of these restrictions during their authorized job responsibilities, after approval from the head of their division and the Chief Information Officer in consultation with LITS staff.

Unacceptable use of MHC Information Technology and Institutional Data resources includes but is not limited to:

  • illegal activities or violations of any MHC policy, rule or contract;
  • unauthorized use or disclosure of personal, private, sensitive, and/or confidential information;
  • unauthorized use or disclosure of Information Technology and Institutional Data;
  • distributing, transmitting, posting, or storing any electronic communications, material or correspondence that is threatening, obscene, harassing, pornographic, offensive, defamatory, discriminatory, inflammatory, illegal, or intentionally false or inaccurate;
  • attempting to represent MHC in matters unrelated to official authorized roles or responsibilities;
  • connecting unapproved devices to the MHC network or to any Information Technology resource;
  • connecting MHC Information Technology resources to unauthorized or public networks without approval;
  • connecting to any wireless network while physically connected to MHC’s wired network;
  • installing, downloading, or running software that has not been approved following appropriate security, legal, and/or LITS review in accordance with MHC policies;
  • using MHC information technology resources to circulate unauthorized solicitations or advertisements for non-institutional purposes including but not limited to religious, political, or not-for-profit entities;
  • providing unauthorized third parties, including family and friends, access to MHC’s non-public information or resources;
  • using MHC information or resources for commercial or personal purposes, in support of "for-profit" activities or in support of other outside employment or business activity (e.g., consulting for pay, business transactions);
  • propagating fraudulent mass mailings, spam, or other types of undesirable and unwanted email content using MHC technology resources; and
  • tampering, disengaging, or otherwise circumventing institutional or third-party IT security controls.
  • copyright infringement or violations of copyright law,
  • forgery or other misrepresentation of one's identity
  • using any device that adversely affects the MHC network, systems or community use thereof.

Access and Security

The access and use of MHC Information Technology and Institutional Data resources is a privilege granted to the MHC community. MHC expects all Users to use any MHC information resource in a lawful, ethical, responsible way, consistent with the mission of the College and its Code of Ethical Conduct.

All Users have a responsibility to protect MHC information technology resources and institutional data over which they have access or control. Additional policies may apply to specific business units, technology resources and/or institutional data. For more information, consult the divisional head or LITS.

If an account has been closed or expired, or the account owner is not available within a reasonable period of time, the designees of MHC, with the help of LITS, may move files or provide an authorized supervisor with access.

MHC employs various measures to protect the integrity and security of its Institutional Data, Information Technology resources, and of Users’ accounts. Except any privilege or confidentiality recognized by law, Users must understand that email, messages, files, and other electronic data transmitted, stored on or accessed through MHC information technology resources, may not be confidential.

MHC, in its discretion, may disclose the results of general or individual monitoring, including the contents and records of individual communications, to appropriate MHC personnel and/or law enforcement agencies when required and may use those results in appropriate MHC disciplinary proceedings.

When Users are no longer employed by, under contract with or attending MHC, access to and use of Information Technology and Institutional Data will be revoked. Any exceptions or extensions must be documented, have just cause and be approved by the associated divisional head and LITS.

User Account

  • °µÍø½ûÇø User account is for use solely by the individual to whom the account was assigned. Use of the account must not be provided to any other for any reason. If the User suspects someone has obtained access to their account, credentials must be changed immediately, reported to LITS, and access reviewed.
  • Sharing of accounts is strictly prohibited. The use of an individual User’s account by anyone else is considered a breach of the policy.

Personal Use

Personal use of MHC’s information technology resources by faculty and staff should be minimal and adhere to this policy. All other authorized Users should refrain from using the college’s technology resources for personal gain.

Password Security

  • The password for an individual’s primary MHC account must be different from any other password. It must not be used for other purposes or programs.
  • Passwords must follow all the requirements set forth in the password policy.
  • Users should never physically write down their password or store it in an unsafe manner.
  • Users should never share or disclose their password with others.
  • If LITS is made aware of a user’s password exposure, LITS will ask that user to change the password.

Oversight

MHC LITS has created an Information Security Committee which coordinates through the College’s Compliance Committee, to monitor legislation and regulation in this area, develop appropriate institutional policies and communicate with the Mount Holyoke community.

Policy Violations

Users who violate this policy may be denied access to technology resources and may be subject to other penalties and disciplinary action, both within and outside of MHC. Violations will normally be handled through MHC disciplinary procedures applicable to the relevant user. MHC may temporarily suspend or block access to an account or restrict network access prior to the initiation or completion of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security or functionality of MHC or other technology resources or to protect MHC from liability. MHC may also refer suspected violations of applicable law to appropriate law enforcement agencies.

Definitions

These definitions apply to terms as they are used in this policy.

TermDefinition
Information Technologyincludes, but is not limited to, all computer-related and multimedia equipment, computer systems, software/network applications, interconnecting and wireless networks, facsimile machines, voicemail and other telecommunications equipment and facilities, as well as all transmitted or stored information (collectively "Information Technology"). Information Technology also includes personal computers, servers, wireless networks and other devices not owned by MHC but connected to MHC's Information Technology, regardless of whether these items are located on property owned by MHC.
Institutional Dataincludes, but is not limited to, all data created, collected, maintained, recorded or managed by MHC, its faculty, staff, and agents working on its behalf. It includes data used for planning, managing, operating, controlling, or auditing the functions of MHC, and also includes research data that contains personally identifiable subject information, proprietary information, and trade secrets (collectively "Institutional Data"). The definition of Institutional Data is not intended to alter the ownership of such data.
UsersUsers of Information Technology, and Institutional Data owned or managed by MHC, include, but are not limited to, MHC faculty and visiting faculty, staff, students, external persons and guest Users, or organizations and individuals accessing external network services, such as the Internet and Intranet (collectively "Users").

Related Information:

Related Policies:

Code of Ethical Conduct: 
Outlines the general principles to which we subscribe, /policies/code-ethical-conduct

MHC Data Classification Policy: /policies/data-classification

Other Resources:

Data Handling Procedures:

File Sharing Policy: /policies/file-sharing-software

Higher Education Opportunity Act Notice on Distribution of Copyrighted Materials: