Responsible and Acceptable Use of Electronic Resources

Executive Summary

Hobart and William Smith Colleges ("HWS" or the "Colleges") makes its Electronic Resources available to best support the needs of its community and the mission of the Colleges. The purpose of the Responsible and Acceptable Use of Electronic Resources Policy ("the Policy") is to establish and promote the legal, secure, and ethical use of Electronic Resources by all members of the HWS community, and to provide guidelines that protect the Colleges' Electronic Resources from inappropriate use, while also preserving the information sharing requirements of an academic institution. This Policy also lays the foundation for the common understanding of privacy and information security at the Colleges. This Policy complements the HWS Handbook of Community Standards and all Human Resources, faculty and other policies of HWS.

While the Colleges support freedom of expression, the right to privacy, the diversity of values and perspectives, and the right to acknowledgment for all members of the HWS community, privacy cannot be guaranteed. The Colleges may find it necessary to access and disclose information from Users computer and network accounts to the extent required by law, to uphold contractual obligations or applicable Colleges' policies and/or practices, or to diagnose and correct technical problems. When access to a User's accounts or files is required to diagnose and correct technical problems, the Colleges will make a reasonable effort to contact the User prior to the performance of any corrective measures. Information Technology Services performs regular backups of network based file systems and implements measures to ensure network security. Nevertheless, system failures may lead to loss of data, so Users should not assume security or preservation of data. For these reasons, the ultimate privacy of messages and files cannot be ensured.

Although HWS does not monitor access to online content without cause, Users should be aware that electronic mail, messages, files, and other electronic information sent through computer networks, including the Internet, may not be confidential. HWS reserves the right at any time to monitor and view any files or software stored on HWS systems or transmitted over HWS networks, when it determines there is cause to do so.

The Colleges expect that HWS students, faculty and employees will use the Electronic Resources offered by the Colleges in a lawful, ethical, responsible way, consistent with the mission of the Colleges. External guest Users who are granted the privilege of using the Colleges Electronic Resources will be held to the same standards as HWS students, faculty, and employees. All Users of the Colleges' Electronic Resources are responsible for complying with this Policy. HWS will enforce this Policy and impose sanctions on Users who are found to be in violation of this Policy.

The Colleges offer Electronic Resources primarily to support the educational and operational needs, and the official business of the Colleges. Users of HWS Electronic Resources may use them for personal purposes only as provided in this Policy.

Users who access and use HWS Electronic Resources must take reasonable and necessary measures to safeguard the operating integrity of the systems and their accessibility by others, thus the Colleges reserve the right to inspect, examine, and release the contents of any Electronic Resources, and therefore privacy should not be expected. HWS may release information when authorized by the User; when authorized by the President of HWS, the Chief Information Officer, or the Director of Human Resources; and where otherwise required by law.

The Colleges consider any violation of this Policy to be a significant matter and reserve the right to limit, refuse or revoke access to its Electronic Resources and Institutional Data. Users may appeal a decision by the Colleges through existing grievance and appeal policies/procedures with the Office of Human Resources (for faculty and staff), the Faculty Grievance Committee (for faculty, when appropriate), or Student Affairs (for students). Appeals by all other Users will be handled by the HWS office deemed appropriate by the Colleges. Discretion in interpreting, implementing, modifying and revising this Policy is vested solely in the Colleges. Changes to this Policy will be communicated to all Users. This Policy is intended to be an addition to existing HWS policies and does not alter or modify any existing HWS rule or regulation. Supporting Policies may be developed that build on this Acceptable Use Policy and Users must abide by those Supporting Policies as well.

Introduction and Definitions

The purpose of this Policy is to provide guidance to all Users on the proper and acceptable use of the Colleges' Electronic Resources. This policy applies to all Users. Users must use Electronic Resources in compliance with the law and all HWS policies. This Policy should be read and applied together with the HWS Handbook of Community Standards, Supporting Policies, and all Human Resources, faculty and other policies of HWS.

Users have a responsibility to protect HWS Electronic Resources and Institutional Data over which they have access or control. Any student User who suspects a violation of this Policy or who has knowledge of potential vulnerabilities or security loopholes in an HWS system or network should immediately notify the Vice President of Student Affairs or the Chief Information Officer. All other Users who suspect a violation of this Policy or who are aware of potential vulnerabilities or security loopholes in an HWS system or network should immediately notify the Director of Human Resources or the Chief Information Officer.

The following definitions apply throughout this Policy:

• Electronic Resources includes, but is not limited to, all computer-related and multimedia equipment, computer systems, software/network applications, interconnecting and wireless networks, facsimile machines, voicemail and other telecommunications equipment and facilities, as well as all transmitted or stored information (collectively "Electronic Resources"). Electronic Resources also include personal computers, servers, wireless networks and other devices not owned by HWS but connected to HWS' Electronic Resources. Electronic Resources also include personal computers, servers, internet connections, wireless networks and other devices not owned by HWS but connected to HWS' Electronic Resources, regardless of whether these items are located on property owned by the Colleges.
• Institutional Data includes, but is not limited to, all data created, collected, maintained, recorded or managed by the Colleges, its staff, and agents working on its behalf. It includes data used for planning, managing, operating, controlling, or auditing the functions of HWS, and also includes research data that contains personally identifiable subject information, proprietary information, and trade secrets (collectively "Institutional Data"). The definition of Institutional Data is not intended to alter the ownership of such data.
• Users of Electronic Resources, and Institutional Data owned or managed by HWS, include, but are not limited to, HWS faculty and visiting faculty, staff, students, external persons and guest users, or organizations and individuals accessing external network services, such as the Internet and Intranet (collectively "Users").

Access, Personal Use and Privacy

Access

Access to and use of the Colleges' Electronic Resources and Institutional Data is a privilege which may be granted to members of the HWS community and revoked, subject to authorization and existing grievance/appeals policies.

HWS reserves the right to limit, refuse or revoke access to its Electronic Resources and Institutional Data and to remove material stored or posted on campus computers when applicable HWS policies, contractual obligations, or state or federal laws are violated. Violations of this Policy will be addressed under the existing policies and rules regarding students, faculty and staff, as discussed in the Enforcement section of this Policy. Computer use privileges may be temporarily or permanently revoked pending the outcome of an investigation of misuse or a violation of this Policy, other HWS policies, contractual obligations or the law. If a User who loses his/her computing privileges cannot perform his/her job without those privileges, the Users employment may be suspended or terminated, as outlined in HWS policies and procedures as applicable.

HWS will act to preserve the integrity and functionality of Electronic Resources, to restore the integrity of the system in case of malfunction, abuse, virus, or similar issue, and to protect data and assets. If needed, HWS may, in its sole discretion, deactivate User accounts, passwords or other access codes, delete files, or disable access to Electronic Resources in other ways.

Although HWS does not block access to online content, HWS reserves the right to do so where online content violates applicable law or activity diminishes the capacity of HWS networks, threatens the welfare of the Colleges or its core academic mission, or in cases of misuse.

Personal Use

The Colleges expect that Users will use Electronic Resources for purposes related to their studies, teaching, research and service responsibilities, their discharge of duties as employees, their official business with HWS, and other HWS authorized activities. Except as stated above, any personal use of Electronic Resources related to operating a personal business or commercial enterprise is expressly prohibited unless permission to do so has been specifically granted.

Personal use of Electronic Resources is allowed but should not interfere with the ability of other Users to access Electronic Resources, as reasonably determined by the Colleges. Personal use may not interfere with the primary educational mission of the Colleges and may not otherwise violate this Policy, other HWS policies or applicable laws.

Privacy

HWS may find it necessary to access and disclose information from Users' computer and network accounts to the extent required by law, to uphold contractual obligations or applicable Colleges policies and/or practices, or to diagnose and correct technical problems. HWS may release information when authorized by the User; when authorized by the President of HWS, the Chief Information Officer, or the Director of Human Resources; and where otherwise required by law. When access to a Users accounts or files is required to diagnose and correct technical problems, the Colleges will make a reasonable effort to contact the User prior to the performance of any corrective measures. Information Technology Services performs regular backups of network based file systems and implements measures to ensure network security. Nevertheless, system failures may lead to loss of data, so Users should not assume security or preservation of data is guaranteed. For these reasons, among others, the ultimate privacy of messages and files cannot be ensured.

Users should be aware that electronic mail, messages, files, and other electronic information sent through computer networks, including the Internet, may not be confidential, except to the extent required by law. HWS reserves the right at any time to monitor network activity when it determines there is cause to do so and to monitor and view any files or software stored on HWS systems or transmitted over HWS networks when authorized by provisions described in this Policy.

HWS will enforce this Policy and impose sanctions on Users who are found to be in violation of this Policy no matter how the violation came to the attention of the Colleges. The range of sanctions is described in the Enforcement section of this Policy.

Institutional Data is a valuable asset and must be maintained and protected by Users. If confidential information, including personally identifiable information, must be stored and/or transmitted, it must be done so in accordance with HWS policy and the protocols established by individual departments to ensure that confidential information is not improperly or unlawfully accessed or distributed.

Institutional Data related to students may not be examined or otherwise disclosed unless in accordance with the Colleges Educational Records Policy and the Family Educational Rights and Privacy Act. While HWS cannot guarantee complete confidentiality of Institutional Data, including information collected for research purposes (e.g., anonymous survey data or information collected by participants in research studies), HWS will not disclose personally identifying Institutional Data when it has guaranteed confidentiality, except where required by law. HWS will adhere to the standards set forth herein when authorization is granted to access a Users e-mail, electronic files, or voice mail.

Security

Users are responsible for the use of their computer accounts. This responsibility begins with selecting a secure password in accordance with the Colleges Supporting Password Policy and requires that Users maintain the confidentiality of that password and change the password regularly to assure the continued security of the account. If unauthorized use of an HWS account is discovered or detected, the incident should be reported immediately to Information Technology Services'.

Responsibility of Users

Responsible and Lawful Use

All Users of the Colleges' Electronic Resources and Institutional Data are expected to use such resources in a responsible, ethical and legal manner consistent with HWS' mission and policies. All Users agree to be subject to this Policy.

Users of the Colleges' Electronic Resources and Institutional Data must comply with all policies, procedures, standards, contracts and licenses of the Colleges, as well as all applicable laws. Users are responsible for discovering, understanding, and complying with applicable policies, procedures, standards, contracts, licenses and laws.

Integrity of Electronic Resources

Users of Electronic Resources are expected to maintain the integrity of such resources. For example, Users may use only their own accounts and may only use such accounts in a manner consistent with this Policy. Users, including those standing behind local routers, wireless routers, and firewalls, must be identified or identifiable when using Electronic Resources.

Users may not: (1) supply false or misleading data or circumvent the restrictions associated with Electronic Resources; (2) attempt to modify documents or the work product of others or to interfere in any manner with Electronic Resources in the absence of written authorization from proper HWS authorities, except for those who are expected to do so in the normal course of their authorized HWS duties/business; or (3) use or create unauthorized links to HWS' Electronic Resources.

Integrity of Network Systems

The Colleges may offer various network systems and services for designated Users. Users granted access to networks offered by the Colleges must use the networks in a manner consistent with this Policy, as well as all other HWS policies and applicable laws. No one may access networks offered by the Colleges unless expressly authorized to do so. Users who have been granted permission to access a network may not allow unauthorized persons to use the network.

Copyrights and Licenses

Subject to "fair use" exemptions, Users must respect the ownership rights of others in their use of Electronic Resources, including the use of personal, published or proprietary software, and refrain from plagiarism, invasion of privacy and similar violations. Users of HWS' Electronic Resources must comply with all copyright and licensing restrictions. Unauthorized downloading and distributing copyrighted material is prohibited. Users may not use Electronic Resources to copy, modify, inspect, or distribute proprietary data, directories, records, programs, files, disks or other software in violation of legal statutes. Users must also comply with the Copyright Protection and File-Sharing Supporting Policy.

Prohibited Uses

The following statements of prohibited conduct are accompanied by specific examples that highlight types of activities that constitute irresponsible or unacceptable use of HWS Electronic Resources. This list is not intended to be exhaustive or complete. It should, however, serve as a set of examples of obviously inappropriate behavior. If you are in doubt about the appropriateness of something you want to do, ask first by contacting the Director of Human Resources or Information Technology Services (if you are an employee User), the Vice President of Student Affairs or Information Technology Services (if you are a student User) or Information Technology Services (if you are a guest User).

1. The Colleges' Electronic Resources and Institutional Data may not be used to damage, impair, disrupt or in any way cause purposeful or reckless damage to the Colleges networks or computers or external networks or computers.

   For example, Users may not:

   • Use HWS Electronic Resources to breach security of any computer system;
   • Knowingly give passwords or IDs for others to use;
   • Use computer resources to send large amounts of email (e.g., e-mail "spamming") to an internal or external system;
   • Send email of any type to someone's address in an effort to disable his/her email capabilities;
   • Run DNS or DHCP servers that interfere with the Colleges' network;
   • Forge, alter or willfully falsify electronic mail headers, directory information, or other information generated and/or maintained by the Colleges;
   • Use Electronic Resources irresponsibly or in a manner that adversely affects the work of others. This includes recklessly or intentionally (a) damaging any system by introducing computer “viruses” or “worms,” (b) damaging or violating information not belonging to you, or (c) misusing or allowing misuse of Electronic Resources; or
   • Use the Colleges' Electronic Resources for non-HWS-related activities that unduly increase the network load (e.g., chain mail, network gaming and spamming).

2. Unauthorized access, reproduction or use of the resources of others is prohibited.

   For example, Users may not:

   • Make copies of materials in violation of copyright laws (note that it is not a violation of this Policy for faculty Users to make copies of materials in a manner that is permissible under the U.S. Copyright Law, including the Fair Use Limitation);
   • Create or execute any computer programs intended to (a) obscure the true identity of the sender of electronic mail or electronic messages, (b) bypass, subvert, or otherwise render ineffective the security or access control measures on any network or computer system without the permission of the owner, or (c) examine or collect data from the network (e.g., a "network sniffer" program);
   • Use Electronic Resources to gain unauthorized access to resources of the Colleges or other institutions, organizations or individuals;
   • Use false or misleading information for the purpose of obtaining access to unauthorized resources;
   • Access, alter, copy, move or remove information, proprietary software or other data files without prior authorization;
   • Use Electronic Resources to discover another individual's password;
   • Use Electronic Resources to obtain personal information (e.g. educational records, grades, or other HWS files) about individuals without their permission;
   • Use Electronic Resources to forge an academic or other type of document;
   • Use Electronic Resources to take without authorization another person's work or to misrepresent one's own work;
   • Use electronic communication to collude on examinations, papers, or any other academic work;
   • Use Electronic Resources to falsify or fabricate research data;
   • Use Electronic Resources to obtain or release another individual's or entity's proprietary information or trade secrets;
   • Use Electronic Resources for remote activities that are unauthorized at the remote site;
   • Intercept transmitted information intended for another User;
   • Scan computers for open or used ports; or
   • Impersonate or use pseudonyms or other methods of disguising, concealing, or misleading others as to the identity of the User.

3. Use of the Colleges' Electronic Resources to interfere with or cause impairment to the activities of other individuals is prohibited.

   For example, Users may not:

   • Send chain e-mail or information about pyramid schemes;
   • Send large quantities of email to an individual's mailbox (e.g., email "spamming") which has the effect of interfering with or causing impairment to that individual's activities;
   • Change an individual's password in an effort to access his/her account; or
   • Communicate or use any password, personal identity information such as personal identification number, student records, individually identifiable health information, as well as credit card number or other personal or financial information without the permission of its owner.

4. Use of the Colleges' Electronic Resources to harass or make threats to specific individuals, or a class of individuals, is prohibited both by this Policy and New York State Law (see N.Y. Penal Law §§ 215.51, 240.30).

   For example, Users may not:

   • Send unwanted and repeated communications of a harassing or threatening nature by electronic mail, voicemail or other form of electronic communication;
   • Send communications by electronic mail, voicemail or other form of electronic communication which are harassing or motivated by bias on grounds of race, ethnicity, religion, gender, or sexual orientation or any other protected status (including, without limitation, any communication that violates HWS' Sexual Misconduct Policy or any other HWS non-discrimination policies);
   • Use email or newsgroups to threaten, stalk or harass; or
   • Post or send via any form of electronic communication personal or sensitive information about individuals that may harm or defame.

5. Use of HWS Electronic Resources and Institutional Data in pursuit of unauthorized commercial activities is prohibited.

   For example, Users may not:

   • Use Electronic Resources for personal commercial gain, or other commercial purpose without approval by the Colleges;
   • Use Electronic Resources to operate or support a non-HWS-related business;
   • Use Electronic Resources in a manner inconsistent with the Colleges' contractual obligations to suppliers of those resources or with any published policy of the Colleges;
   • Use the Colleges' granted Web-space for personal monetary gain (this includes clickable ads and pay-per-click banners) without approval by the Colleges;
   • Register domain names to the Colleges' network without proper approval in advance; or
   • Transmit commercial or personal advertisements, solicitations, endorsements or promotions unrelated to the missions of the Colleges.

6. Use of HWS Electronic Resources or Institutional Data to violate city, state, federal or international laws, rules, regulations, rulings or orders, or to otherwise violate any HWS rules or policies is prohibited.

   For example, Users may not:

   • Violate copyright and trademark laws, which includes but is not limited to pirating software, illegally uploading or downloading music, movies, or images (MP3s and videos), and illegally uploading or downloading books whether in audio format or otherwise;
   • Effect or receive unauthorized electronic transfer of funds;
   • Disseminate child pornography or other unlawful material; or
   • Violate any laws or participate in the commission or furtherance of any crime or other unlawful or improper purpose.

7. Use of Electronic Resources must be consistent with the Colleges' policies on academic honesty.

   For example, Users may not:

   • Use Electronic Resources to sabotage or plagiarize the work of others;
   • Enter or change a grade without proper authority; or
   • Gain access to prohibited material in an effort to cheat.

8. Users may not use Electronic Resources in a manner inconsistent with this Policy, regardless of access to list serves, bulletin boards, and other Internet resources not affiliated with HWS. HWS is not responsible for the information contained on Internet resources not affiliated with HWS and Users bear the risk of their actions with respect to other Internet resources.

   For example, Users may not:

   • Copy material from Internet resources in an effort to plagiarize or cheat; or
   • Hold HWS responsible for information found on the Internet.

Enforcement

Reporting Violations

Users who believe they have witnessed or been a victim of a violation of this Policy should notify or file a complaint with the appropriate HWS office as follows: student Users should report suspected violations to the Vice President for Student Affairs; faculty Users should report suspected violations to the Provost and Dean of the Faculty; staff Users should report violations to the Director of Human Resources and guest Users should report violations to Information Technology Services.

Violations of This Policy

Violations of this Policy will be addressed under the policies and rules regarding students, faculty and staff. The violations described in this Policy range from minor to extremely serious; even a minor offense may be treated severely depending on the circumstances. Certain violations may also be subject to prosecution under federal, state or local laws.

Penalties for Violations

The range of possible sanctions as a result of violations of this Policy includes, but is not limited to, the following:

• Loss of Electronic Resources privileges;
• Disconnection from the Colleges' Network;
• Disciplinary sanctions as outlined in the Handbook of Community Standards; Faculty Handbook, Administrative Handbook, or the SEIU Collective Bargaining Agreement;
• Reassignment or removal from HWS housing and/or suspension or separation from the Colleges;
• Prosecution by the Colleges or third parties to the fullest extent of the law;
• Referral to other authorities for civil litigation and criminal prosecution under applicable civil or criminal laws; and
• Discipline of employees up to and including termination of employment.

Nothing in this Policy shall supersede any grievance procedures in the Faculty Handbook or applicable collective bargaining agreement.

Appeals

Users may appeal a decision by the Colleges through existing grievance and appeal policies/procedures with the Office of Human Resources (for faculty and staff), the Faculty Grievance Policy (for faculty, when appropriate), or Student Affairs (for students). Appeals by all other Users will be handled by the HWS office deemed appropriate by the Colleges.

Indemnification and Restitution

The Colleges reserve the right to seek restitution and/or indemnification from Users for damage(s) arising from violations of this Policy and/or negligent use of the Colleges' Electronic Resources; Users agree that they will be responsible for paying such restitution and/or indemnifying the Colleges.

Questions about this Policy should be submitted to the office of the Colleges' Chief Information Officer.