This rule establishes College policies with regards to the Acceptable Use Policy at Hillsborough Community College.
Access to HCC's information technology resources is a privilege granted to HCC users (faculty, staff and students) in support of their studies, instruction, duties as employees, official business with the College, and/or other College-sanctioned activities. Access may also be granted to individuals outside of HCC for purposes consistent with the mission of the College.
With the exception of implicitly publicly accessible resources such as websites, access to HCC information technology resources may not be transferred or extended by members of the College community to outside individuals or groups without prior approval of the appropriate faculty, staff member or administrator. Such access must be limited in nature and fall within the scope of the educational mission of the institution. The authorizing College official is expected to ensure that such access is not abused.
Gaining access to the College's information technology resources does not imply the right to use those resources. The College reserves the right to limit, restrict, remove or extend access to and privileges within, material posted on, or communications via its information technology resources, consistent with this policy, applicable law or as the result of College disciplinary processes, and irrespective of the originating access point.
It is expected that these resources will be used efficiently and responsibly in support of the mission of the College as set forth in this policy. All other use not consistent with this policy may be considered unauthorized use.
2.2. Data Security, Confidentiality and Privacy
HCC users are responsible for ensuring the confidentiality and appropriate use of institutional data to which they are given access, ensuring the security of the equipment where such information is held or displayed, ensuring the security of any accounts issued in their name, and abiding by related privacy rights of students, faculty and staff concerning the use and release of personal information, as required by Florida Statute, Federal Statute or existing policies (i.e. Chapter 815, Florida Statutes, Computer Crimes Act, Title 18, United States Code, Electronic Communications Privacy Act of 1986, Gramm-Leach-Bliley Act, Family Educational Right to Privacy Act)
Electronic mail and computer files are considered private to the fullest extent permitted by law. Access to such files will generally require permission of the sender/recipient of a message or the owner of the account in which the material resides, court order, or other actions defined bylaw or College policy. However, in the event of a sanctioned College investigation for alleged misconduct, e-mail or files may be locked or copied to prevent destruction and loss of information. Users may employ methods to increase the privacy of their files, provided they do not violate any provision of this policy or degrade system/network performance.
All users of HCC's information technology resources are advised to consider the open nature of information disseminated electronically, and should not assume any degree of privacy or restricted access to such information. HCC strives to provide the highest degree of security when transferring data, but cannot be held responsible if these measures are circumvented and information is intercepted, copied, read, forged, destroyed or misused by others.
2.3. Electronic Information Retention and Disclosure
Original electronic materials on central computing equipment and/or copies may be retained for specified periods of time on system backups and other locations; however the College does not warrant that such information can be retrieved.
Unless otherwise required by law and/or policy, HCC reserves the right to delete stored files and messages to preserve system integrity. HCC also reserves the right to modify system parameters provided timely notice is provided to system users when appropriate. Except in an emergency, users will be given ample advance notice, taking the academic year calendar into account, to save any personal files and messages.
Electronic files or messages, whether or not created and stored on College resources, may constitute a College record subject to disclosure under the Florida Public Records Act or other laws, or as a result of litigation. Electronic copies must be provided in response to a public record request or legally issued subpoena, subject to very limited exceptions, as with other documents created and retained by the College.
Disclosure of confidential information to unauthorized persons or entities, or the use of such information for self-interest or advantage, is prohibited. Access to non-public institutional data by unauthorized persons or entities is prohibited.
Requests for disclosure of confidential information and retention of potential evidence will be honored when approved by authorized College officials or required by state or federal law.
2.4. Network and System Integrity
In accordance with Florida Statutes, FIRN Acceptable Use Policy and other policies and laws, activities and behaviors that threaten the integrity of computer networks or systems are prohibited on both College-owned and privately-owned equipment operated on or through College resources. These activities and behaviors include, but are not limited to:
2.4.1. Intentional or careless interference with or disruption of computer systems and networks and related services, including but not limited to the propagation of computer "worms,""viruses" and "Trojan Horses" and other activities that could have a negative impact on the HCC computing environment in the judgment of the Vice President of Information Technology or designee.
2.4.2. Intentionally or carelessly performing an act that places an excessive load on a computer or network to the extent that other users may be denied service or the use of electronic networks or information systems may be disrupted
2.4.3. Failure to comply with authorized requests from designated College officials to discontinue activities that threaten the operation or integrity of computers, systems or networks
2.4.4. Negligently or intentionally revealing passwords or otherwise permitting the use by others of College-assigned accounts for computer and network access. Individual password security is the responsibility of each user. The user is responsible for all uses of their accounts, independent of authorization.
2.4.5. Altering or attempting to alter files or systems without authorization
2.4.6. Unauthorized scanning of ports, computers and networks
2.4.7. Unauthorized attempts to circumvent data protection schemes or uncover security vulnerabilities
2.4.8. Connecting unauthorized equipment to the campus network or computers. College authorized business and other activities directly related to the academic mission of the College are excluded.
2.4.9. Attempting to alter any College computing or network components, including but not limited to bridges, routers, hubs, wiring, and connections, without authorization or beyond one’s level of authorization as designated by the administrator responsible for that equipment, i.e. the Vice President of Information Technology, or campus President or designee.
2.4.10. Utilizing network or system identification numbers or names that are not assigned for one’s specific use on the designated system
2.4.11. Using campus resources to gain unauthorized access to any computer system and/or using someone else's computer without their permission
2.4.12. Providing services or accounts on College computers or via College networks to other users from a personal computer unless required to meet the normal activities of students working as individuals or in collaborative groups to fulfill current course requirements. College authorized business and other activities directly related to the academic mission of the College, are also excluded.
2.4.13. Registering a HCC IP address with any other domain name for other than College business.
It is recognized that Information Technology programs have unique needs that may require exceptions from the restrictions within this Acceptable Use Policy. Because of these needs an Experimental Network, that is separate from the college-wide network, will be established and exempted from the restrictions of the Acceptable Use Policy except where state and federal laws are concerned. The Experimental Network will be governed by its own Acceptable Use Policy. Any Experimental Network traffic that passes outside the college firewall will be in compliance with the FIRN Acceptable Use Policy.
2.5. Commercial Use
Use of the College's information technology resources is strictly prohibited for unauthorized commercial activities, personal gain, and private, or otherwise unrelated to the College business or fundraising. This includes soliciting, promoting, selling, marketing or advertising products or services, or reselling College resources.
Campus auxiliary organizations are authorized to provide services and products to students, faculty and staff, and invited guests of the College through their operations. The College President or designee may authorize additional limited commercial uses. Such uses are excluded from the above prohibitions. These prohibitions are not intended to infringe on authorized uses that enable students, staff and faculty to carry out their duties and assignments in support of the College mission.
Use of College information technology resources for purposes of perpetrating fraud in any form is strictly prohibited. Fraudulent activities include but are not limited to sending any fraudulent electronic transmission, fraudulent requests for confidential information and fraudulent submission and/or authorization of electronic purchase requisitions.
2.7. Political Activities:
Section 104.31, Florida Statutes prohibits the use of state resources for political campaign activity. This provision does not apply to political activities related to on-campus student government, including the conduct of student elections, or student club activities and sponsored events conducted with prior approval of the College. It does not apply to individual student activities, e.g., websites, which constitute free speech. It does not apply to incidental and minimal use of state resources. Such activities must comply with all other provisions of this policy, including the section on electronic communications, when using College resources.
Harassment of others via electronic methods is prohibited under Florida Statutes and other applicable laws and College policies. It is a violation of this policy to use electronic means to harass, threaten, or otherwise cause harm to a specific individual(s), whether by direct or indirect reference. It may be a violation of this policy to use electronic means to harass or threaten groups of individuals by creating a hostile environment.
2.9. Copyright and Fair Use
Federal copyright law applies to all forms of information, including electronic communications, and violations are prohibited under this policy. Infringements of copyright laws include, but are not limited to, making unauthorized copies of any copyrighted material (including software, computer code, text, images, audio, and video), and displaying or distributing copyrighted materials over computer networks without the author's permission except as provided in limited form by copyright fair use restrictions. The "fair use" provision of the copyright law allows for limited reproduction and distribution of published works without permission for such purposes as criticism, news reporting, teaching (including multiple copies for classroom use), scholarship, or research. The College will not tolerate academic dishonesty or theft of intellectual property in any form.
College electronic communications are to be used to enhance and facilitate teaching, learning, scholarly research, support academic experiences, to facilitate the effective business and administrative processes of the College, and to foster effective communications within the academic community. Electronic mail, news posts, chat sessions or any other form of electronic communication must comply with Florida Statutes, Florida Educational Code, HCC Policies and the Student Code of Conduct.
An official HCC web page is one that is formally acknowledged by the chief officer of a College department or division as representing that entity accurately and in a manner consistent with HCC's mission. Without such acknowledgment, a web site, regardless of content, is not "official." Official pages are the property and responsibility of the College or department that created them and follow the College (Novus) Web Style Guide and College Logo Guidelines "Unofficial" information may also be posted and maintained by individual faculty, staff and student organizations. HCC does not undertake to edit, screen, monitor, or censor information posted by unofficial authors, whether or not originated by unofficial authors or third parties, and does not accept any responsibility or liability for such information even when it is conveyed through College-owned servers.
Both official and unofficial web sites are subject to the other provisions of this policy if they use College resources such as College-owned servers and the HCC network to transmit and receive information.
The Vice President of Information Technology, or designee, is authorized by the President to ensure that the appropriate processes to administer the policy are in place, communicated and followed by the College community. The President or designee will ensure that suspected violations and resultant actions receive the proper and immediate attention of the appropriate College officials, law enforcement, outside agencies, and disciplinary/grievance processes in accordance with due process.
The President or designee will inform users about the policy; receive and respond to complaints; collect and secure evidence as required; advise and assist College offices on the interpretation, investigation and enforcement of this policy; consult with College Legal Counsel on matters involving interpretation of law, campus policy, or requests from outside law enforcement agencies and/or legal counsel; and maintain a record of each incident and its resolution to inform future policy changes.
2.13.Consequences of Non-Compliance
Enforcement will be based upon receipt by Office of Information Technology of one or more formal complaints about a specific incident or through discovery of a possible violation in the normal course of administering information technology resources.
First offense and minor infractions of this policy, when accidental or unintentional, such as consuming excessive resources or overloading computer systems, are generally resolved informally by the unit administering the resource. This may be done through e-mail or in person discussion and education.
Repeated offenses and serious incidents of non-compliance may lead to College disciplinary action under College disciplinary policies and procedures for students and employees, employee contract provisions where appropriate, private civil action, and/or criminal charges. Serious incidents of non-compliance include but are not limited to unauthorized use of computer resources, attempts to steal passwords or data, copyright violations, unauthorized use or copying of licensed software, repeated harassment, or threatening behavior.
In addition to the above, inappropriate use of Information Technology resources may result in personal criminal, civil and other administrative liability.
Appeals of College actions resulting from enforcement of this policy will be handled through existing disciplinary/grievance processes for HCC students and employees.
2.14.Reporting Irresponsible or Inappropriate Use
The President or designee is responsible for reviewing violations of this policy and will act in accordance with College policies and guidelines for investigations and resolution of problems. Suspected infractions of this policy should be reported to the Vice President of Information Technology. Any employee may report a violation of this policy. The infraction must be reported to their immediate superior who may take those actions that are appropriate under this policy.
Initial policy draft.
Policy designated as official policy.