Acceptable Use Policy
This policy defines the appropriate use of Lycoming College information technology assets. Those that violate this policy are subject to the full range of sanctions set forth in the Student Handbook, Administrative Handbook, and Faculty Handbook in accordance with state and federal laws.
Information security requires the participation and support from all members of the Lycoming College community with access to information assets. It is the responsibility of every member of the Lycoming College community to help ensure that all information assets are kept secure and available.
This policy applies to all members of the Lycoming College community, which includes, but is not limited to, full and part-time employees, temporary employees, students, visitors, volunteers, third parties, contractors, and consultants (collectively known as “users”) who have access to, support, administer, manage, or maintain Lycoming College information technology assets.
The mission of Lycoming College is to provide a distinguished baccalaureate education in the liberal arts and sciences within a coeducational, supportive, residential setting. Lycoming College provides users access to information technology resources in support of this mission. Access to these information technology assets is a privilege granted to the members of the Lycoming College community. Proper use and protection of these information technology assets is essential.
Each user is responsible and obligated to ensure that all computing and communication resources are used only for their intended purpose in compliance with this policy and that information contained or transmitted via these resources are protected from unauthorized use, appropriation, or corruption. State and federal laws relating to copyright, security, and intellectual property bind all members of this community. The College reserves the right to limit or restrict computing privileges and access to its information assets.
Those who use Lycoming College information technology assets are responsible for the integrity of those resources. All users must respect the rights of other users, respect the integrity of the physical facilities and controls, and abide by all pertinent license and contractual agreements. Causing network congestion or hampering the ability of others to use the College’s information resources is prohibited.
Lycoming College information technology assets are to be used for the College-related activities for which they are designed. The College provides each member of the academic community ample information technology resources to disseminate content legally. These resources should not be used to distribute copyrighted material, unless allowable by Fair Use guidelines. This applies to images, music, software, movies, or any other digital content. The use of the College information technology resources to offer goods or services of a commercial nature is strictly forbidden.
Network Access Control
All computers accessing the Lycoming College network (wired and wireless) require registration via the Lycoming College network access control system. As part of this process, all computers are scanned to ensure the latest operating systems patches as well as anti-virus/malware software have been installed. Guest (Internet) access is available to temporary users for a period of 24-hours by signing in with a Name, Email address, and documented reason for guest access.
Internet access is made available to all members of the Lycoming College community.
Prior authorization from Information Technology Services is required for any user to connect or operate a web server on the Lycoming College network.
All email accounts using the lycoming.edu domain name and all data transferred or stored using our email system are property of the College. Users should understand that by using College email or other information resources they waive their right to privacy. However, specific to scholarly work, the creator maintains intellectual property rights to works exchanged through the College email system. As outlined in the Use Policy section below, email messages are part of the College record and upon internal investigation, subpoena or other legal process or termination of employment, are subject to review, audit, and disclosure. When composing an email message, users must comply with all policies regarding the acceptable use of the College’s information technology assets.
Inappropriate Use of Email
Inappropriate use of email is prohibited. Users receiving such email should immediately contact ITS Help at 570-321-4150 or email@example.com. In case of serious risk or harm, contact Safety and Security at 570-321-4064. Examples of inappropriate use of email include:
- Messages which are harassing, obscene, or threatening;
- Unauthorized exchange of sensitive or confidential information (Refer to Data Classification Policy);
- Creation and exchange of advertisements, solicitations, chain letters and other unofficial, unsolicited email;
- Violation of any laws, including copyright laws, or Lycoming College policies;
- Knowing transmission of a message containing a computer virus or malware;
- Misrepresentation of the identity of the sender or authenticity of the email message;
- Use or attempted use of another’s account.
Confidentiality of Records
Lycoming College maintains strict confidentiality requirements and regulations in compliance with the Gramm-Leach-Bliley Act (GLBA), Family Educational Rights and Privacy Act of 1974 as amended (FERPA), and the Health Insurance Portability and Accountability Act (HIPAA) in addition to other state and federal laws. These laws pertain to the security and privacy of all non-public information including student, employee, alumni, parent, donor, volunteer, and general College information whether in hard copy or electronic form.
The policy of Lycoming College is that a user who has access to protected information must protect against unauthorized access or use of such information, ensure the security and privacy of such information and maintain the confidentiality of all protected information, which includes College restricted (confidential) and private (sensitive) information. This obligation will continue after separation from the College. Such users shall not release protected information to the public, or to co-workers who have not been authorized or who do not have a legitimate business/educational need to know. Any questions regarding release of such information to another person will be directed to the supervisor and/or the Data Owner or Data Steward as outlined in the College’s Data Classification Policy.
Users must disclose any anticipated threats or hazards that may compromise the confidentiality of such information.
Lycoming College defines UNAUTHORIZED ACCESS to be:
- Access to student, employee, or College information not necessary to carry out job responsibilities.
- Access to the records of a student or employee for which the user does not have signed authorization from a data owner or data steward.
- Release of student or employee information to unauthorized internal or external users.
- Release of more student or employee information to an authorized individual/agency than is essential for meeting the stated purpose of an approved request.
- Disclosure of system username, password, or access codes to an unauthorized individual to gain unauthorized access to confidential information.
Furthermore, it is the policy of Lycoming College that information may not be divulged, copied, released, sold, loaned, reviewed, altered or destroyed except as properly authorized within the scope of applicable state or federal laws. Users will be held responsible for the misuse or wrongful disclosure of confidential information and/or for failure to safeguard the system username, password or access codes to confidential information and further acknowledge responsibility for all activities undertaken using the system username, password or access codes.
Lycoming College requires a user to abide by the rules, regulations, policies, and procedures of Lycoming College as well as state and federal laws applicable to individual positions at the College. Lycoming College may at any time revoke access to protected information.
Failure to comply with the terms of this policy and corresponding procedures may result in legal and/or disciplinary actions. Disciplinary actions include possible separation of relationship with the College, regardless of whether criminal or civil penalties are imposed, depending upon the nature and severity of the breach of confidentiality.
The College’s communication systems are primarily for educational purposes. The College reserves the right to review, audit and disclose all matters disseminated or stored on its systems. This includes e-mail, voice mail and computer files stored on the College’s systems.Other relevant policies include Data Classification, Electronic File Retention Upon Leaving Employment, Password, and Voice Mail which can be found at https://www.lycoming.edu/its/policies-procedures/.
The College only reviews stored material when necessary upon receiving a complaint either internal or external of a violation of College policy, state, or federal laws. Prior to an investigation and review of stored materials, approval of the President along with the appropriate member of his Administrative Cabinet is required. If the President is unavailable, two Administrative Cabinet members are required to review and approve the investigation request. If an internal investigation has occurred, the person whose files have been reviewed will be informed in a timely manner. An investigation may also occur in response to a subpoena or other valid legal process.
All users are urged to be sensitive to the public nature of shared computing facilities, including e-mail services, and refrain from transmitting to others within or outside the system inappropriate images, sounds or messages which might reasonably create an atmosphere of discomfort and harassment.
Your signature below indicates your agreement to the obligations described above and agree not to use Lycoming’s information and technology assets in any way that diminishes the effectiveness of those assets. I understand that upon violation of the terms of this agreement, the College retains the right to deny future information technology privilege. I, also, understand that I may be subject to further disciplinary action by the College and/or legal action arising from the violation of any state or federal laws.
Supervisor Signature, Date (if applicable)
Supervisor – Printed name (if applicable)
Approved by the Information Technology Committee on 2/21/2017 and 10/17/2017
Approved by the President’s Administrative Cabinet on 12/19/2017
Last Reviewed: 12/19/2017