VII:01:01 Use of Information Technology Resources
Section 1 Objectives of this Policy
The objectives of this policy include: 1) to articulate the rights and responsibilities of persons using information technology resources owned, leased, or administered by Volunteer State Community College (VSCC); 2) to protect the interests of users and VSCC; and 3) to facilitate the efficient operation of VSCC information technology systems.
Section 2 Definitions
"Information technology resources" or "IT resources" include computers and computer time, data processing or storage functions, computer systems and services, servers, networks, printers and other input/output and connecting devices, and related computer records, programs, software, and documentation.
"Personal or private for-profit use" shall mean a use of VSCC information technology resources which has as a primary objective financial gain of the user. Activities by a student which are typical of the student job search process (e.g. use of campus e-mail to contact potential employers) are not to be considered personal or private for-profit uses.
"Public record" means all documents, papers, letters, maps, books, photographs, microfilms, electronic data processing files and output, films, sound recordings, or other material, regardless of physical form or characteristics made or received pursuant to law or ordinance or in connection with the transaction of official business by any governmental agency. TCA ? 10-7-301(6)
Section 3 Supplementary Institutional Policies and Regulations
All supplementary policies and procedures adopted by VSCC will be consistent with Federal and State law and with other policies of the Tennessee Board of Regents.
Section 4 Conformance with State policies
This policy is intended to be fully consistent with the State of Tennessee Internet Acceptable Use Policy and the State of Tennessee Electronic Mail Acceptable Use Policy, and the Tennessee Board of Regents (TBR) Information Technology Resources Policy (1:08:00:00), as they currently exist or as they may be amended in the future, as well as with any other applicable
policies regarding information technology systems which may be promulgated in the future by the State of Tennessee Department of Finance Office of Information Resources (OIR) or the Tennessee Board of Regents (TBR). To the extent that a discrepancy exists between this policy and State or TBR policy, precedence will occur in the following order: State policy, TBR policy, and VSCC policy.
Section 5 Applicability
This policy shall apply to all persons and organizations using the information technology facilities and resources owned, leased or administered by VSCC, including all persons employed (either as full-time, part-time or temporary employees or as independent contractors) by VSCC and all students enrolled at VSCC. Those provisions contained herein which apply solely to employees and independent contractors are so identified individually. Unless so identified, provisions contained herein apply equally to all persons and organizations covered by this policy.
Section 6 User responsibilities
The following lists of user responsibilities are intended to be illustrative, and not exhaustive.
Section 6.1 Access
- Users shall obtain proper authorization before using VSCC information technology resources.
- Users shall not use VSCC information technology resources for purposes beyond those for which they are authorized.
- Users shall not share access privileges (account numbers, usernames, and passwords) with persons who are not authorized to use them.
- Users shall not use VSCC information technology resources in an attempt to access or to actually access computers external to the VSCC system when that access is not authorized by the computer's owner (no "hacking" allowed).
Section 6.2 Respect for others
- A user shall not attempt to obstruct usage or deny access to other users. This would include but is not limited to use of disk space as well as use of bandwidth.
- Users shall not transmit or distribute material that would be in violation of existing VSCC policies or guidelines using VSCC information technology resources.
- Users shall respect the privacy of other users, and specifically shall not read, delete, copy, or modify another user's data, information, files, e-mail or programs (collectively, "electronic files") without the other user's permission. Users should note that there should be no expectation of privacy in electronic files stored on the resident memory of a computer available for general public access, and such files are subject to unannounced deletion. In all circumstances, the fact that a resource is unprotected does not imply permission for an unauthorized person to use it.
- Users shall not intentionally introduce any program or data intended to disrupt normal operations (e.g. a computer "virus" or "worm") into VSCC information technology resources.
- Forgery or attempted forgery of e-mail messages is prohibited.
- Sending or attempts to send unsolicited junk mail or chain letters is prohibited.
- Flooding or attempts to flood a user's mailbox is prohibited.
- Users of computing resources are expected to conduct themselves in a manner that does not constitute a danger to any person 's health or safety, interfere with, or harass individuals or institutional activities.
- Only email messages conveying information concerning official college business are to be broadcast to all or most users of the VSCC email system(s).
- Appropriate postings to VSCC provided electronic discussion and/or announcement boards are encouraged. These postings may include but are not limited to items for sale, photos of family members, community events, and discussion on topics of interest to the campus community. Items may remain on such boards for a period of not longer than thirty (30) days. It is the responsibility of the individual posting items to the board to remove them.
- The Human Resources department is to be solely responsible for sending email notices regarding deaths, retirements, new hires, and other human resource-related matters to the campus. Any individual or department wishing to make a general announcement about such events must work through the Human Resources department.
- Use of removable storage media (including but not limited to flash drives, external hard drives, DVD, and CD-ROM) to store confidential or personal identifiable information is strongly discouraged. If required by an employee's job responsibilities, removable storage media should only be used if the media is protected and with the approval of the supervisor. Employees should seek advice on acceptability of removable storage media security from the Information Technology department.
- Employees should make every effort to safeguard all removable storage media and laptop computers at all times. Employees should limit the amount of personal information on these devices to that information which is relevant and pertinent to the applicable duties of the employee.
Section 6.3 Respect for State-owned property
- A user shall not intentionally, recklessly, or negligently misuse, damage or vandalize VSCC information technology resources.
- A user shall not attempt to modify VSCC information technology resources without authorization.
- A user shall not circumvent or attempt to circumvent normal resource limits, logon procedures, or security regulations.
- A user shall not use VSCC information technology resources for purposes other than those for which they were intended or authorized.
- A user shall not use VSCC information technology resources for any private or personal for-profit activity.
- Except for those not-for-profit business activities which are directly related to an employee's job responsibilities or which are directly related to an organization which is affiliated with VSCC, a user shall not use VSCC information technology resources for any not-for-profit business activities, unless authorized by the Director of Information Technology (or his/her designee).
- Users shall at all times endeavor to use VSCC information technology resources in an efficient and productive manner, and shall specifically avoid excessive game playing, printing excessive copies of documents, files, data, or programs; or attempting to crash or tie-up computer resources.
- Users shall utilize software only in accordance with the applicable license agreement. VSCC licenses the use of most of its computer software from a variety of outside companies. VSCC does not own this software or its related documentation and, unless authorized by the license, does not have the right to reproduce it.
Section 6.4 Additional Responsibilities of Employees and Independent Contractors
- Users who are Employees and Independent Contractors shall not make use of VSCC information technology resources for purposes which do not conform to the purpose, goals, and mission of VSCC and to the user's job duties and responsibilities.
- Users shall not use VSCC information technology resources for solicitation for religious or political causes.
Section 7 Digital/Electronic Signatures and Transactions
Volunteer State Community College must comply with the Tennessee Uniform Electronic Transactions Act (T.C.A. ?47-10-101 et seq.) This Act permits the use of electronic signatures and electronic transactions under certain circumstances.
- In order to be legally enforceable, an electronic signature must meet the following two criteria.
A. An electronic signature must be attributable (or traceable) to a person who has the intent to sign the record or contract with the use of adequate security and authentication measures that are contained in the method of capturing the electronic transaction (e.g., use of personal identification number or personal log-in identification username and password) (T.C.A. ?47-10-109) (If Public Key Infrastructure technology ("PKI") is to be used in the creation of the digital signature, contact the Director of Information Technology who will contact the TBR Chief Information Officer prior to implementation.)
B. The recipient of the transaction must be able to print or store the electronic record of the transaction at the time of receipt. (T.C.A. ?47-10-109)
- The use of electronic/digital signatures in compliance with state and federal laws is permitted.
Section 8 No unlawful uses permitted
Users shall not engage in unlawful uses of the information technology system resources of VSCC. Unlawful activities violate this policy and may also subject persons engaging in these activities to civil and / or criminal penalties. This list of unlawful activities is illustrative and not intended to be exhaustive.
Section 8.1 Obscene materials
The distribution and display of obscene materials is prohibited by the laws of Tennessee (see Tenn. Code Ann. ? 39-17-902). Obscene materials are defined under Tennessee law (see T.C.A. ? 39-17-901(10)) as those materials which:
- The average person applying contemporary community standards would find that the work, taken as a whole, appeals to the prurient interest;
- The average person applying contemporary community standards would find that the work depicts or describes, in a patently offensive way, sexual conduct; and
- The work, taken as a whole, lacks serious literary, artistic, political, or scientific value.
Federal law (18 U.S.C. 2252) prohibits the distribution across state lines of child pornography.
Section 8.2 Defamation
Defamation is a civil tort which occurs when one, without privilege, publishes a false and defamatory statement which damages the reputation of another.
Section 8.3 Violation of Copyright
Federal law gives the holder of copyright five exclusive rights, including the right to exclude others from reproducing the copyrighted work. Sanctions for violation of copyright can be very substantial. Beyond the threat of legally imposed sanctions, violation of copyright is an unethical appropriation of the fruits of another's labor.
Pursuant to the Digital Millennium Copyright Act of 1998, the TBR designated agent for receipt of complaints of copyright infringement occurring with the use of information technology resources is the TBR Assistant Vice Chancellor for Information Technology. The TBR agent shall develop and maintain a policy regarding receipt and disposition of complaints of copyright infringement. The Director of Information Technology is the VSCC designated agent. Upon receipt of complaints of copyright infringement, the VSCC Director of Information Technology shall promptly inform the TBR Assistant Vice Chancellor of Information Technology.
The illegal use, downloading, copying, or distribution of materials (i.e. proprietary music, video, software, or database information) via VSCC information technology resources is prohibited.
Section 8.4 Gambling
Gambling, including that performed with the aid of the Internet, is prohibited under Tennessee state law (see Tenn. Code Ann. ? 39-17-502).
Section 9 World Wide Web Home pages
The principles of use articulated above in Sections 6 and 7 are generally applicable to World Wide Web home pages. For example, use of VSCC information technology resources to post a web page for personal or private for-profit use is prohibited under Section 6.3.5. Illegal content in web pages stored on VSCC IT resources is prohibited under Section 6.2.2. Obscene content is prohibited under Section 7.1. Incorporation of copyrighted material, without either permission of the copyright holder or under a lawful exemption, is prohibited under Section 7.3.
In addition to the principles of use outlined in Sections 6 and 7, users may not incorporate into web pages or other electronic documents the trademarks or logos of others without express, written permission. Persons who are not employees of VSCC may not make use of VSCC trademarks or logos without express, written permission. The Office of Public Relations must also approve all proposed use of VSCC trademarks and logos by employees on web pages.
Section 10 Advertising
Use of VSCC information technology resources to promote or advertise activities or entities which are not related to VSCC is prohibited, unless such use is consistent with the mission of VSCC and results in substantial benefit to VSCC. The Director of Information Technology is authorized to determine whether a given use is consistent with the mission of the Institution and results in substantial benefit to the Institution, consistent with other TBR (in particular, TBR Policy 3:02:02:00) or VSCC Policies. Sale of advertising in web-based versions of Institution-affiliated student publications is specifically permitted.
Section 11 VSCC monitoring and inspection of electronic records
Electronic records sent, received, or stored on computers owned, leased, or administered by VSCC is the property of Volunteer State Community College. As the property of VSCC, the content of such records, including electronic mail, is subject to inspection by VSCC personnel. While VSCC does not routinely do so, VSCC is able and reserves the right to monitor and / or log all network activity of users without notice, including all e-mail and Internet communications. Users should have no reasonable expectation of privacy in the use of these resources.
Section 12 Disclosure of electronic records
Pursuant to the Tennessee Code Annotated, Title 10, Chapter 7, and subject to exemptions contained therein, electronic files (including e-mail correspondence) which are 1) generated or received by VSCC employees and 2) either owned or controlled by the State or 3) maintained using VSCC IT resources may be subject to public inspection upon request by a citizen of the State of Tennessee. VSCC personnel receiving such a request for public inspection should refer the request to the Records Coordinator (or his/her designee). VSCC may charge reasonable fees for making copies of such records, pursuant to T.C.A. ? 10-7-506.
While disclosure under T.C.A. Title 10, Chapter 7 applies to employees, disclosure of the electronic records of all users which are maintained using VSCC IT resources may be made pursuant to a valid subpoena or court order, when otherwise required by federal, state or local law, or when authorized by the Records Coordinator.
Section 13 Retention of electronic records
Electronic records needed to support Institutional functions must be retained, managed, and made accessible in record-keeping or filing systems in accordance with established records disposition authorizations approved by the Public Records Commission and in accordance with TBR Guideline G-070, "Disposal of Records". Each employee of VSCC, with the assistance of his or her supervisor as needed, is responsible for ascertaining the disposition requirements for those electronic records in his or her custody. The system administrator is not responsible for meeting the record retention requirements established under T.C.A. Title 10, Chapter 7, and VSCC, as owner of electronic records stored on VSCC computers, reserves the right to periodically purge electronic records, including e-mail messages. Users who are either required to retain an electronic record, or who otherwise wish to maintain an electronic record should either:
- Print and store a paper copy of the record in the relevant subject matter file; or
- Electronically store the record on a storage medium or in an electronic storage location not subject to unannounced deletion.
Section 14 Violation of this policy
Section 14.1 Reporting allegations of violations
Persons who have reason to suspect a violation of this policy, or who have direct knowledge of behavior in violation of this policy should report that allegation of violation to the Director of Information Technology or his/her designee.
It is the responsibility of each direct supervisor to address use by their direct reports of VSCC IT resources (including announcement boards, discussion boards and College's email system(s)) which is not in compliance with college, TBR, State, and Federal regulations. Supervisors are authorized to take appropriate action as noted below to prevent further misuse of these systems by their employees. If misuse continues, it is the responsibility of the appropriate Vice President to take further action against both the employee and the supervisor.
Section 14.2 Disciplinary procedures
Allegations of violation of this policy shall be referred by the Director of Information Technology to the appropriate person(s) for disciplinary action. If a student, the policy violation will be referred to the Vice President of Student Services under TBR Policy 3:02:00:01. If an employee, the policy violation will be referred to the immediate supervisor. If there is a policy violation, which the Director of Information Technology believes rises to the level of a serious violation of this or any other VSCC policy, the Director of Information Technology is authorized to temporarily revoke access privileges after consultation with the Vice President of Business and Finance or the President. In those cases, the revocation of access must be reviewed by the appropriate disciplinary authority for review and final determination of access privileges. In such cases the authorization of the Director of Information Technology carries with it the authorization to make subjective judgments, such as whether material or statements violate VSCC Policy.
Section 14.3 Sanctions
Persons violating this policy are subject to revocation or suspension of access privileges to VSCC IT resources. Additionally other penalties, as outlined in TBR Policy 3:02:00:01, may be imposed upon student users. Sanctions for violation of this policy by employees may extend to termination of employment. Violations of law may be referred for criminal or civil action.
Section 14.4 Appeals
Sanctions imposed upon students at Volunteer State Community College and imposed at the discretion of the Director of Information Technology may be appealed to the Vice President of Student Services. Other sanctions may be appealed under established Institution procedure.
TBR Source: TBR Board Meeting June 28, 2002; March 30, 2007
VSCC Source: July 5, 1989, March 1, 1993, March 1, 2005, President; April 3, 2006, President's Cabinet; February 29, 2008, President; September 22, 2008, President's Cabinet