Policy on Acceptable Use of Data and Information Systems
Approved July 2010
Unless otherwise specifically detailed in writing, all College owned or controlled information technology resources (computers, networks, servers and other devices) and all data contained in any College owned or controlled information system (Banner, Adirondack, Email, and other systems) is property of the College and exists expressly for the purpose of educational use and legitimate College-related business. Any other use of these resources or systems or release of data contained in them is prohibited. Employees are expected to comply with this policy and the use of any system is considered an acknowledgement they will do so. Students are required to affirm their intent to comply with the student code of conduct prior to being given access to these systems. Employee violations of this policy may lead to disciplinary action in accordance with applicable collective bargaining agreements and SUNY and New York State policies. Student violations of this policy may lead to disciplinary charges as described in the Code of Student Rights, Responsibilities and Conduct. Misuse of these resources or systems or the data contained in them may also subject employees and students to prosecution consistent with New York State Law. SUNY Oswego reserves the right revoke an individual’s access to any and all information systems or data.
SUNY Oswego Acceptable Use of Data and Information Systems Policy
Requirements and Procedures for Compliance
Approved July 2010
1. The College’s network provides data and services in support of its educational mission. It is the responsibility of each member of the campus community to use these resources appropriately and in compliance with all campus policies and local, state, and federal laws and regulations. Access is a privilege that can be revoked due to misuse. By connecting to the campus network, users agree to the terms and conditions of the Acceptable Use of Data and Information Systems Policy as well as the policies in the Faculty and Professional Staff Handbook and the Student Handbook. The College will make every reasonable effort to protect the privacy and security of user data. The College reserves the right to exam user data in resolving computer or network malfunctions, investigating information security incidents, or responding to disciplinary or legal actions involving a user.
2. Users who administer computers on the campus network that are used as servers have the additional responsibility to respond to any use of their server(s) that is in violation of the Acceptable Use of Data and Information Systems Policy. Server administrators must take steps to prevent recurrence of such violations and report these violations to Campus Technology Services (CTS) Technology Support Center. Additionally, server administrators must fully cooperate with campus, local, state, and federal civil and criminal authorities investigating complaints of abuse of network services (e.g., by installing monitoring and tracking software, providing access to activity logs, etc).
3. Campus units and individuals who configure computing systems to provide information retrieval services to the public at large must do so in a manner consistent with the College’s mission. For any such services provided through the campus network the College’s name must not be used in ways that suggest or imply endorsement of other organizations, their products, or services.
4. The campus network is a shared resource. Excessive use of network resources which inhibits or interferes with the use of the network by others is not permitted. Any person operating a network-intensive application, a defective computer, or other network-connected device which overloads the network will be notified and steps will be taken to protect the overall network. This may include disconnecting the offending system from the network until the problem is resolved. If the condition is an imminent hazard to the campus network or disrupts the activities of others, the offending system or the section of the network to which it is attached may be disconnected without prior notice.
5. The campus network may not be used for any illegal activities. Any receipt, transmission or retransmission of software or data must observe copyright laws, license restrictions, and College policies. Illegal activities include, but are not limited to, file-sharing in violation of the Digital Millennium Copyright Act (DMCA) and denial of service attacks.
6. Campus network resources may not be used to defame, harass, intimidate or threaten. College harassment policies cover all uses of the campus network including e-mail correspondence, distribution lists, and web pages.
7. A user may not view, copy, alter or destroy any data, or connect to a host on the network without explicit permission of the owner.
8. Campus network services, equipment, wiring or jacks may not be altered, removed, or extended beyond the location of their intended use.
9. The campus network may not be used to provide access to campus information systems for purposes other than those that are in support of the College’s mission.
10. Access to the campus network may not be resold or otherwise provided to anyone not formally affiliated with the College unless prior written permission is obtained from Campus Technology Services.
11. College owned or controlled network resources, such as Penfield Library’s digital resources and databases, may not be retransmitted outside of the College community.
12. Users may not forge or otherwise misrepresent another’s identity through any form of communication.
13. The campus network may not be used to circumvent protection schemes or exercise security loopholes in any computer or network component.
14. The campus network may not be used for commercial or profit-making enterprises, except for those activities officially sanctioned by the College.
15. Violations of the Acceptable Use of Data and Information Systems Policy will be adjudicated by the Campus Technology Services or other appropriate campus administrative units. Violations of local, state and federal law will be referred to the appropriate authorities. Violations of these regulations may result in judicial sanctions as prescribed by the Code of Student Rights, Responsibility and Conduct such as:
a. Loss of access privileges
b. Monetary reimbursement to the College or other appropriate sources
c. Reassignment or removal from campus housing and/or the College
d. Prosecution under applicable civil or criminal laws
Further information on the campus Acceptable Use of Data and Information System Policy is available from the office of the Chief Technology Officer.