Appropriate Use and Information Security/Confidentiality Policy

Purpose

To provide Bethune-Cookman University (B-CU) faculty, staff, and students with accessible and professional computing facilities and establish appropriate terms, conditions, and restrictions on the use of said facilities. This appropriate use policy covers all computing assets of Bethune-Cookman University. "Computing assets" includes but is not limited to all networks, desktop computers, servers, printers, email services, web services, and any computer access. By using any University computing facility or service or any other University computing asset, the user agrees to all the following policies outlined in this policy.

To protect the integrity, security, and confidentiality of data and/or information stored on Bethune-Cookman University computing systems.

Appropriate use of information technology resources at Bethune-Cookman University includes instruction, independent study, research, and official work of the offices, sectors, recognized student and campus organizations, and agencies of the University.

Policy

Users who maintain or access data or information contained in electronic form in the University’s computing systems must:

  1. follow standard security practices such as maintaining password secrecy and logging out of accounts when not in use;
  2. use it only as required in the performance of their jobs;
  3. disclose confidential information to other staff on a need-to ­know basis; and
  4. exercise due and diligent care to protect data and information from unauthorized access, use, disclosure, alteration, or destruction.

Users are responsible for complying with all applicable laws and regulations   regarding the dissemination and protection of data and information that is confidential, particularly with regards to the Family Educational Rights and Privacy Act of 1974 (FERPA) - also known as the Buckley Amendment, the Health Insurance Portability and Accountability Act (HIPAA), and any other applicable state and federal legislation dealing with information privacy.

Under no circumstances shall student Social Security Number(s) be extracted and/or stored on computer systems external to the Bethune-Cookman University’s Administrative Systems.

Any printed reports containing student Social Security Number(s) must be pre-approved in writing by the Registrar. These reports shall be used in a “need to know” manner and shall be kept in a confidential environment. Paper reports containing Social Security Number(s) or other confidential information may not be thrown in the trash, but all be shredded.

Under no circumstances shall employee Social Security Number(s) be extracted and/or stored on computer systems external to the Bethune-Cookman University’s Administrative Systems.

Any printed reports containing employee Social Security Number(s) must be pre-approved in writing by the Director of Human Resources. These reports shall be used in a “need to know” manner and shall be kept in a confidential environment. Paper reports containing Social Security Number(s) or other confidential information may not be thrown in the trash, but all be shredded.

Faculty or staff maintaining databases and/or copies of printed reports containing Social Security Number(s) or other confidential information are personally responsible for abiding by FERPA, HIPAA, and other state and federal regulations.

Institutional data (generally data required for use by more than one organizational unit and relevant to planning, managing, operating, controlling, or auditing administrative functions of an administrative or academic unit of the University), including any and all student related records, shall be stored on computers owned and operated by Bethune-Cookman University unless express permission has been granted to do otherwise by the Chief Information Officer.

Although not exhaustive, the following list emphasizes activities that are NOT allowed on Bethune-Cookman University, networks or computer systems. No University computing facility or service or any other University computing asset will be used in any illegal activity, including but not limited to:

  1. conduct or behavior that is prohibited by University policies including harassment or hate crimes as defined in these policies and state and federal laws and regulations;
  2. commercial activity not authorized in writing by an Officer of the University;
  3. accessing or distributing any type of illegal pornography;
  4. the "hacking" of any computer system;
  5. distributing or making unauthorized use of any data, information stored in the computing systems;
  6. knowingly recording any inaccurate or false data in University records;
  7. using or having others use University technology for personal business;
  8. giving their passwords or access to any other person (University or outside personnel);
  9. making, distributing, or using unauthorized or illegal copies of licensed and/or copyrighted software, media, or material;
  10. obstructing others’ work or access by consuming large amounts of system resources such as disk space, CPU time, and network bandwidth;
  11. knowingly introducing destructive software such as programming loops or “viruses” into the system, or running Internet file-sharing applications (such as Napster, Lime Wire, KaZaA, etc.) which provide “stealth” sharing services;
  12. attempting to circumvent or subvert any system’s security measures or resource allocations;
  13. disrupting service, detrimentally impacting bandwidth, or intentionally damaging files, hardware, or software belonging to Bethune-Cookman University;
  14. installing a router, wireless router, or wireless access point on any University network (including the Residence Halls) without written approval from CIT; and
  15. creating a hostile or intimidating work or academic environment through the personal viewing of sexually explicit or offensive materials in the workplace or computer labs.

In cases of doubt, it is the users responsibility to inquire with the Chief Information Officer in the Center for Information Technology concerning the permissibility of technology use.

With reference to discovery or access by the University, there shall be no user confidentiality as to any information contained or transmitted by any University computing facility or service or any other University computing asset.

Proprietary information is stored on or transmitted using any University computing asset at the risk of the user; the University cannot assure that such proprietary information will remain private or confidential.

Procedure

Any user who discovers unauthorized access attempts or other improper usage of Bethune-Cookman University technology should report the infraction to the Chief Information Officer, or other appropriate administrator.

Management personnel are responsible for ensuring employees and students are aware of and trained in the provisions of this policy.

Enforcement

Employee violations of any part of this policy will result in disciplinary action up to and including dismissal.

Student violations of any part of this policy will result in disciplinary action up to and including suspension or expulsion.

Authorized access to networks, systems, data, and information is a privilege granted to individuals to perform their University duties. Misuse of this access could result in the loss of this privilege and therefore the inability to perform one’s job. By using Bethune-Cookman University computing systems users signify understanding and acceptance of the policies outlined therein.