Acceptable Use: 9.00

ADMINISTRATIVE PROCEDURES

Title: ACCEPTABLE USE Identification: 9.00
Effective Date: November 18, 2025
Authority:
FS 1001.64; 1001.65		 Signature/Approval: Dr. Ken Atwater

PURPOSE

This procedure establishes and outlines the Acceptability Standards to which authorized users may access technology resources at Hillsborough College.

PROCEDURE

  1. ACCESS

    Access to the college’s information technology resources is a privilege granted to college users (faculty, staff, and students) in support of their studies, instruction, duties as employees, official business with the College, and/or other College-sanctioned activities. Access may also be granted to individuals outside of the college for purposes consistent with the College's mission.

    Except for publicly accessible resources such as websites, access to college information technology resources may not be transferred or extended to outside individuals or groups by members of the College community without prior approval from the Vice President of Information Technology or their designee. Such access must be limited in nature and fall within the scope of the institution's educational mission.

    Gaining access to the College's information technology resources does not imply the right to use those resources. The College reserves the right to limit, restrict, remove, or extend access to and privileges within material posted on, or communications via its information technology resources, consistent with this procedure, applicable law, or as the result of the College’s disciplinary processes.

    These resources are expected to be used efficiently and responsibly to support the college's mission, as outlined in this procedure. Any other use that is not consistent with this procedure may be considered unauthorized.
     

  2. DATA SECURITY, CONFIDENTIALITY AND PRIVACY

    College users are responsible for ensuring the confidentiality and appropriate use of institutional data to which they are given access, ensuring the security of the equipment where such information is held or displayed, ensuring the security of any accounts issued in their name, and abiding by related privacy rights of students, faculty and staff concerning the use and release of personal information, as required by Florida Statutes, Federal Laws or existing policies (i.e. Chapter 815, Florida Statutes, Computer Crimes Act, Title 18, United States Code, Electronic Communications Privacy Act of 1986, Gramm-Leach-Bliley Act, Family Educational Rights and Privacy Act, etc.)

    The College reserves the right to access any file on the College’s computers to support college business, legal or regulatory compliance, court order, or other actions defined by law, College policy, or procedure. However, in the event of a college investigation for alleged misconduct, email or files may be locked or copied to prevent destruction and loss of information. Employees may not delete college data without following applicable college Records Retention rules and procedures.

    All users of the college’s information technology resources are advised to consider the open nature of information disseminated electronically, and they should not assume any degree of privacy or restricted access to such information. The College strives to provide the highest degree of security when transferring data. However, the College cannot be held responsible if these measures are circumvented and information is intercepted, copied, read, forged, destroyed, or misused by others.
     

  3. GENERATIVE ARTIFICIAL INTELLIGENCE (AI) TECHNOLOGIES USE

    The College recognizes the potential of Generative Artificial Intelligence (AI) technologies to aid our productivity and innovation. The College is committed to using these tools in a manner that aligns with its core values and operational standards. The College provides access to enterprise-grade Generative Artificial Intelligence (AI) solutions to support teaching, learning, and administrative functions. These resources are made available to college users as tools that can enhance productivity and innovation. All users who choose to utilize these resources are expected to adhere to the policies and guidelines governing their use, ensuring the secure and effective integration of these technologies into daily operations.

    Users are required to utilize college-licensed and approved AI products when handling any institutional data (a list of approved AI software can be found at https://hccfl.sharepoint.com/sites/oit/SitePages/enterprise-software.aspx ). This is crucial for ensuring compliance with college privacy, security, and data classification policies. The upload, input, or transfer of sensitive or restricted data into any publicly available AI tool not on the approved list of software is strictly prohibited, as these tools do not adhere to college security standards. Users may only use publicly available information, such as the course catalog or campus map, in these non-approved tools.

    For the purpose of these guidelines, "sensitive" and "restricted" data are defined as information that must be protected from unauthorized access due to legal, contractual, or privacy requirements. The unauthorized disclosure of this data could cause significant harm to individuals or the college. Examples of sensitive or restricted data include, but are not limited to:

    • Personally Identifiable Information (PII): Social Security Numbers, birth dates, driver's license numbers, and other unique identifiers.
    • Student Education Records: Grades, disciplinary records, and financial aid information (as protected by the Family Educational Rights and Privacy Act -FERPA).
    • Protected Health Information (PHI): Any health or medical information (as protected by the Health Insurance Portability and Accountability Act -HIPAA).
    • Financial Data: Credit card numbers, bank account details, and financial aid records.
    • Proprietary Information: Confidential research data, unpublished academic papers, or internal administrative documents not intended for public release.
    • User Credentials: Passwords, private keys, or other authentication data.
       

    More information about Data Classification and Guidelines can be reviewed online in Administrative Procedure, Data Classification And Handling: 9.08. Employees shall consult with the Office of Information Technology if they need clarification on the correct and authorized tools for their work.
     

  4. ELECTRONIC INFORMATION RETENTION AND DISCLOSURE

    Original electronic materials on central computing equipment and/or copies may be retained for specified periods of time on system backups and other locations; however, the College does not guarantee that such information can be retrieved (due to backup schedules and frequency or issues beyond our control).

    Electronic files or messages, whether created and stored on college resources or not, may constitute a college record subject to disclosure under the Florida Public Records Act or other laws, or as a result of litigation. Electronic copies must be provided in response to a public record request or legally issued subpoena, subject to very limited exceptions, as with other documents created and retained by the College.

    Disclosure of confidential information to unauthorized persons or entities, or the use of such information for self-interest or advantage, is prohibited. Access to non-public institutional data by unauthorized persons or entities is prohibited.

    Requests for disclosure of confidential information and retention of potential evidence will be honored when approved by authorized College officials or required by state or federal law.
     

  5. NETWORK AND SYSTEM INTEGRITY

    In accordance with Florida Statutes and other policies and laws, activities and behaviors that threaten the integrity of computer networks or systems are prohibited on both College-owned and privately-owned equipment operated on or through college resources. These activities and behaviors include, but are not limited to:

    1. Intentional or careless interference with or disruption of computer systems and networks and related services, including but not limited to the propagation of computer malware and other activities that could have a negative impact on the college’s computing environment in the judgment of the Vice President of Information Technology or designee.
    2. Intentionally or carelessly performing an act that places an excessive load on a computer or network to the extent that other users may be denied service, or the use of electronic networks or information systems may be disrupted.
    3. Failure to comply with authorized requests from designated College officials to discontinue activities that threaten the operation or integrity of computer systems or networks.
    4. Negligently or intentionally sharing passwords, negligently storing passwords in an unsecure location, reusing passwords across multiple platforms, permitting others to access college-assigned accounts for computer or network access. Individual password security is the responsibility of each user. The user is responsible for all uses of their accounts, independent of authorization.
    5. Altering or attempting to alter files or systems without authorization
    6. Unauthorized scanning of ports, computers, and networks
    7. Unauthorized attempts to circumvent data protection schemes or uncover security vulnerabilities.
    8. Connecting unauthorized equipment to the campus network or computers.
    9. Attempting to alter any college computing or network components, including but not limited to bridges, routers, hubs, wiring, and connections, without authorization.
    10. Utilizing network or system identification numbers or names not assigned for one's specific use on the designated system.
    11. Using campus resources to gain unauthorized access to any computer system and/or using someone else's computer without permission.
    12. Registering a college IP address or Domain without permission from the Vice President of Information Technology or their designee.
       

  6. COMMERCIAL USE

    Use of the College's information technology resources is strictly prohibited for unauthorized commercial activities, personal gain, and activities that are private or otherwise unrelated to the College's business. This includes soliciting, promoting, selling, marketing, or advertising products or services, or reselling College resources.
     

  7. FRAUD

    The use of college information technology resources to perpetrate fraud in any form is strictly prohibited. Fraudulent activities include, but are not limited to, sending any fraudulent electronic transmission, fraudulent requests for confidential information, and fraudulent submission and/or authorization of electronic purchase requisitions.
     

  8. HARASSMENT

    Harassment of others via electronic methods is prohibited under Florida Statutes, other applicable laws, and College policies or procedures. Using electronic means to harass, threaten, or otherwise cause harm to a specific individual(s), whether by direct or indirect reference, is a violation of this procedure.
     

  9. COPYRIGHT AND FAIR USE

    Federal copyright law applies to all forms of information, including electronic communications, and violations are prohibited. Infringements of copyright laws include, but are not limited to, making unauthorized copies of any copyrighted material (including software, computer code, text, images, audio, and video), and displaying or distributing copyrighted materials over computer networks without the author's permission except as provided in limited form by copyright fair use restrictions. The "fair use" provision of the copyright law allows for limited reproduction and distribution of published works without permission for such purposes as criticism, news reporting, teaching (including multiple copies for classroom use), scholarship, or research. The College will not tolerate academic dishonesty or theft of intellectual property in any form.
     

  10. ELECTRONIC COMMUNICATIONS

    College electronic communications are to be used to enhance and facilitate teaching, learning, scholarly research, support academic experiences, facilitate effective business and administrative processes within the College, and foster effective communications within the academic community. Electronic mail, posts, messaging, or any other form of electronic communication must comply with Florida Statutes, the Florida Educational Code, college Policies and Procedures, and the Student Code of Conduct.
     

  11. WEBSITES

    An official College web page is one that is formally acknowledged by the Executive Director of Marketing and Public Relations in a manner consistent with the college’s mission. Without such acknowledgment, a website, regardless of content, is not "official." Official pages are the property and responsibility of the College and follow the College Branding Style Guidelines. "Unofficial" information may also be posted outside of the College’s official website and maintained by individual faculty, staff, and student organizations. The College does not undertake to edit, screen, monitor, or censor information posted by unofficial authors, whether or not originating from unofficial authors or third parties. The College does not accept any responsibility or liability for such information, even when it is conveyed through college-owned systems. Websites are subject to the other provisions of this procedure if they utilize College resources, such as college-owned servers and the college’s network, to transmit and receive information.
     

  12. POLICY COMPLIANCE

    The Vice President of Information Technology or designee will ensure that suspected violations and resultant actions receive the proper and immediate attention of the appropriate College officials, law enforcement, outside agencies, and disciplinary/grievance processes in accordance with due process.

    The Vice President of Information Technology or designee will inform users about the procedure; receive and respond to complaints; collect and secure evidence as required; advise and assist College offices on the interpretation, investigation, and enforcement of this policy; consult with College Legal Counsel on matters involving interpretation of law, campus policy, or requests from outside law enforcement agencies and/or legal counsel; and maintain a record of each incident and its resolution to inform future policy changes.
     

  13. CONSEQUENCES OF NON-COMPLIANCE

    Non-compliance may lead to disciplinary action under college disciplinary policies, procedures, and/or applicable bargaining agreements for students and employees, private civil action, and/or criminal charges.
     

  14. REPORTING IRRESPONSIBLE OR INAPPROPRIATE USE

    The Vice President of Information Technology or designee is responsible for reviewing violations of this procedure and will act in accordance with college policies, procedures, and guidelines for investigations and problem resolution. Suspected infractions of this procedure should be reported to the Vice President of Information Technology. Any employee may report a violation of this procedure.

HISTORY:

Adopted: 3/26/13