Acceptable use of technology

The purpose of this acceptable use policy is to outline the acceptable use of the university technology resources and to promote the efficient, ethical, and lawful use of such resources.

It is the policy of Lynn University to maintain access for its community to local, national, and international sources of information and to provide an atmosphere that encourages the open exchange of ideas and sharing of information. Access to this environment and the university’s information technology resources is a privilege and must be treated with the highest standard of ethics and in accordance with all applicable laws.

The university expects all members of the community to use computing and information technology resources in a responsible manner, respecting the public trust through which these resources have been provided, the rights and privacy of others, the integrity of facilities and controls, state and Federal laws, and university policies and standards.

This policy outlines the standards for acceptable use of university information technology resources by faculty, staff, students, guests, external organizations and affiliated individuals which include, but are not limited to, equipment, software, networks, data, and telephones whether owned, leased, or otherwise provided by the Department of Information Technology (IT) at Lynn University.

IT is responsible for the maintenance and distribution of all university-owned and leased resources (i.e., laptop and desktop computers, mobile devices, etc.) and information systems. As the owners of these resources and systems, IT is also responsible for the management, distribution, and approval of all software and software licenses. The installation of any non-university owned or approved software on any university owned computer, unless otherwise specifically allowed under published guidelines for certain university owned computers (such as student designated iPads) is strictly prohibited.

Should you have questions about university information technology policies, please do not hesitate to contact the Lynn University Information Technology Department.

Authorized user(s) - are all users of a university technology resource(s) including, but not limited to, employees, temporary employees, faculty, students, alumni, campus visitors, contingent workers, contractors, vendors, consultants and their related personnel, volunteers, and other users authorized by the university to access its systems and networks.

Information technology resources - are assigned computer accounts, email services, and the shared university network(s), which includes information systems, staff and facilities operated by the university, whether owned, leased, used under license or by agreement, including, but not limited to: telephones (including electronic devices) and telephone equipment, voice mail, SMS, desktop laptop computers, mobile devices, hardware, software, networks, computing laboratories, databases, files, information, software licenses, computing-related contracts, network bandwidth, usernames, passwords, documentation, disks, CD-ROMs, DVDs, magnetic tapes, and other electronic media or storage devices. Email, chat, facsimiles, mail, any connection to the university's network(s) or use of any part of the university’s network(s) to access other networks, connections to the internet that are intended to fulfill information processing and communications functions, communication services, hardware, including printers, scanners, facsimile machines, any off-campus computers and associated equipment provided for the purpose of university work or associated activities.

Institutional data - any information collected, manipulated, stored, reported, or presented in any format, on any medium, at any location by any unit, program or office of the university in support of Lynn University’s mission. There are three types of institutional data: high risk; medium risk; and low risk. See the data classification and data governance policy for additional information.

High risk data - includes (1) Institutional data that is required by law/regulation to be protected; (2) Institutional data the university is required to self-report to the government and/or provide notice to the individual if the data is inappropriately accessed, and (3) Institutional data that could have a significant adverse impact on the university’s mission, safety, finances, or reputation if there is a loss of confidentiality, integrity, or availability of the data or information system housing the data.

Low risk data - Institutional data and information systems are classified as "low risk" if they are not considered to be medium or high risk, and the data is intended for public disclosure, or the loss of confidentiality, integrity, or availability of the data or system would have no adverse impact on the institution mission, safety, finances, or reputation.

Medium risk data - includes institutional data and information systems not considered to be high risk, and data that is not generally available to the public, or the loss of confidentiality, integrity, or availability of the data or system could have a mildly adverse impact on the institution mission, safety, finances, or reputation.

Mobile device - any handheld or portable computing device running an operating system optimized or designed for mobile computing that is capable of accessing, storing, and manipulating information in an untethered manner (usually, but not always, through a wireless connection). This includes, but is not limited to, laptops, tablets, smart phones/cell phones, PDAs, or other portable devices. Any device running a full desktop version operating system is not included in this definition.

Public information - is institutional data, including directory information (unless a student has expressly requested non-disclosure pursuant to FERPA) that is available to the general public.

Social media - all forms of on-line tools or services through which virtual communication is created allowing users to publish commentary and share information, ideas, personal messages and other content, including but not limited to, blogs, wikis, and social networking sites (which include, but are not limited to: Facebook, Youtube, LinkedIn, Tumblr, Instagram, Pinterest, Flipboard and Twitter, Snapchat, Tik Tok, LinkedIn, etc.).

I. Standards of acceptable and ethical use

Acceptable and ethical use of university information technology resources is defined as use that is consistent with the mission and education goals of the university. All uses inconsistent with these objectives are considered to be inappropriate use.
Preserving the access to the university’s information technology resources is a community effort that requires each member to act responsibly and guard against abuses. Therefore, both the community as a whole and each individual authorized user have an obligation to abide by the following standards of acceptable and ethical use:

1. Use only those computing and information technology resources for which you are authorized to use;
2. Protect the access and integrity of the university’s computing and information technology resources;
3. Safeguard institutional data (see the university’s data classification policy) in accordance with the university’s information security policies, standards and controls;
4. Abide by applicable laws and university policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted software;
5. Use university computing and information technology resources only for their intended purpose; and
6. Respect the privacy ,personal rights, and property of others.

Failure to comply with the appropriate use of these resources threatens the atmosphere for the sharing of information, the open exchange of ideas, and the secure environment for creating and maintaining information property. Any member of our community found using information resources for unethical and/or unacceptable practices has violated this policy and may be subject to corrective action, up to and including revocation of system privileges, expulsion from school, termination of employment and/or legal action as may be appropriate.

IT reserves the right to limit or restrict the use of its computing and information technology resources based on institutional priorities and financial considerations, as well as when it is presented with evidence of a violation of university policies, contractual agreements, or state and federal laws.

Although all members of the community have an expectation of privacy, if an authorized user is suspected of violating this Policy, his or her right to privacy may be superseded by the university’s requirement to protect the integrity of information technology resources, the rights of all users and the property of the university. The university, thus, reserves the right to examine material stored on or transmitted through its resources if there is cause to believe that the standards for acceptable and ethical use are being violated by a member of the university community or a trespasser onto its systems or networks.

Authorized users of computer systems owned by the university do so subject to applicable laws and university policies. The university disclaims any responsibility and/or warranties for information and materials residing on non-university systems or available over publicly accessible networks. Such materials do not necessarily reflect the attitudes, opinions, or values of the university, its faculty, staff, or students.

Note: While the university makes university information technology resources available primarily to achieve its mission, and for administrative activities, it realizes the need to encourage the personal use of such resources for the convenience of the campus community. Thus, it is reasonable to allow the personal use of university information technology resources for electronic mail, document preparation, personal or course webpage publication, or other activity that can facilitate convenience or enhance productivity, to the extent that the activity is within the limits prescribed by this policy.

II. Unacceptable uses of university information technology resources

Authorized users of university information technology resources are not permitted to:

1. Engage in any activity that is illegal under local, state, federal, or international law while utilizing a university information technology resources. Such activities include, but are not limited to:
   1. Activities that violate the rights of any party or property protected by copyright, patent, or similar laws or regulations including, but not limited to, the unauthorized copying of copyrighted material including, digitization and distribution of photographs from magazines, books, or other copyrighted sources, copyrighted music, bit torrent and other forms of peer-to-peer sharing of copyrighted information and the installation of any copyrighted software for which the university or the end user does not have an active license.
      1. Note, however, that it is not a violation of this policy if the unlicensed use of the copyright protected work is done in accordance with the legal doctrine of Fair Use as defined in 17 US Code Section 107 of the Copyright Act of 1976.
   2. Exporting software, technical information, encryption software, or technology in violation of international export control laws;
   3. Using university information technology resources to actively engage in procuring or transmitting material that is in violation of sexual or gender-based harassment or hostile environment workplace laws;
   4. Using university information technology resources to access child pornography, or engage in unlawful discrimination or threats of violence;
2. Engage in any activity while utilizing a university information technology resources that is in violation of university policies, including but not limited to information security-related policies and associated standards and controls. Such activities include, but are not limited to:
   1. Using and/or accessing university information technology resources and non-public institutional data without proper authorization;
      1. Authorized users may access institutional data only to conduct university business and only as authorized;
      2. Authorized users must maintain all records containing institutional data. Each department is responsible for establishing and documenting their own data retention schedule for the institutional data that they produce and consume;
      3. In cases when an authorized user must create or store non-public institutional data on a local hard drive or a portable device such as a laptop computer, tablet computer, smart phone, or other mobile device, the authorized user must ensure the data is encrypted;
      4. Non-public institutional data must be encrypted during transmission over an unsecured network. Electronic mail that contains non-public institutional data must be encrypted through the university’s encrypted email system. IT provides tools and processes for authorized users to send encrypted data over unsecured networks to and from other locations;
      5. Authorized users who store non-public institutional data using commercial cloud services must use services provided or approved by information technology department , rather than personally obtained cloud services; exceptions are to be documented, reviewed and approved by the information security officer;
      6. Authorized users must not use security programs or utilities except as such programs are required to perform their official duties on behalf of university;
      7. All computers and mobile devices connecting to a university’s network must run security software prescribed by IT as necessary;
      8. Devices determined by university to lack required security software or to otherwise pose a threat to university information technology resources may be immediately disconnected by IT from a university network without notice;
      9. Authorized users in units approved to accept and/or access cardholder data or utilize devices or systems that store or access cardholder data must adhere to the standards and controls set forth in the university payment card industry data security policy.
   2. Purposefully introduce malicious programs to a university information technology resource (e.g., viruses, worms, Trojan horses, etc.) or otherwise attempt to intentionally damage, destroy, or disrupt university network communications.
      1. Disruption includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes;
   3. Deleting or tampering with another authorized user’s files or institutional data stored by another authorized user on any university information technology resource. Even if the authorized user’s files are unprotected, with the exception of files obviously intended for public reading such as webpages, it is improper for another authorized user to read them unless the data owner has given permission (e.g., in an announcement in class or on a computer bulletin board);
   4. Tapping or spoofing phone or university network transmissions, including wireless transmissions;
   5. Revealing an assigned university account password or any other related authenticator (i.e., access cryptographic keys, PIN, etc.) to others or allow use of an assigned account by others. This includes family and other household members when university-related work is being done at home (see the university password policy);
      1. Authorized users must use reasonable efforts to keep passwords and or any other related authenticator secure in accordance with the university’s password policy;
      2. Authorized users must log out or lock their computer at all times when they are away from their computers, laptops, iPads, tablets, or other devices.
   6. Using university information technology resource for private business, commercial or political activities, fundraising or advertising on behalf of non-university organizations or make fraudulent offers of products, items, or services originating from any university account;
   7. Using a wireless router that has not been authorized by IT for use on the university network or in conjunction with other university information technology resources;
   8. Executing any form of university network monitoring which will intercept institutional data not intended for the authorized user, unless this activity is a part of authorized user’s normal job or duty;
   9. Circumventing authorized user authentication or security of any host, network, or account;
   10. Using any program, script, or command or sending messages of any kind, with the intent to interfere with, or disable, an authorized user's session;
   11. Providing personally identifiable information to parties outside of the university (other than FERPA compliant transactions) unless specifically authorized to do so;
   12. Downloading software, freeware, and shareware unless explicitly authorized by IT;
   13. Creating, altering, or deleting any electronic information contained in or posted to any campus computer or other information system for fraudulent or deceptive purposes;
   14. Signing an electronic document (including e-mail), or posting to a website, message board, or social network, or appearing as a virtual reality avatar, with someone else's name if the person whose name is being using has not consented;
   15. Using a resources or information system to create, alter, or delete electronic information contained in or posted to any computer system on or outside the campus for which the user is not authorized to do so;
   16. Falsifying a hardware address for a device connecting to the campus network or a wireless interface used to connect a device to the university’s network
   17. Using another's account-affiliated resource or personal computer or networked device without authorization;
   18. Borrowing or using an internet protocol address assigned to another person or entity, creating a fraudulent IP addresses for a device the user owns or are using, or attempting to use with one device the IP address assigned to another the user owns or uses. Individuals may not operate a server that assigns, or attempts to control, IP addresses on the campus network or other applicable information system;
   19. Abusing electronic mail and Internet activities. Examples of such abuses include, but are not limited to:
       1. Sending unsolicited electronic mail messages, junk mail, spam, or advertising material to individuals who did not specifically request such material;
       2. Forging or the unauthorized use of electronic mail header information;
       3. Discriminating on the basis of race, color, religion, sex, sexual orientation, sexual identity, gender, gender expression, or gender identity, age, national origin, ancestry, citizenship, disability, gender related status, pregnancy, genetic disposition, veteran or military status, marital status, familial status or any other legally protected characteristic;
       4. Sending, viewing, or downloading offensive content of any kind, including pornographic material or messages of a sexist, obscene, harassing, threatening, or racist nature;
       5. Sending, viewing, or downloading messages of a religious or political nature for the purpose of proselytizing and/or soliciting funds or donations;
       6. Creating or forwarding chain letters, Ponzi, or other pyramid schemes or any type;
       7. Transmitting non-public institutional data in a non-encrypted form;
       8. Gambling or any other activities that are illegal or violate a university policy; and
       9. Authorized users are responsible for the content of their electronic mail messages and social media postings.

Any questions as to whether use of university information technology resources could violate the spirit of this policy should be brought to the attention of IT.

III. Virus protection responsibilities

Authorized users of Lynn University’s information technology resources and information systems, including but not limited to university computers and networks, must take necessary steps to protect the university from unwanted viruses.

Recommended processes to prevent virus problems include but are not limited to:

1. NEVER open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then double delete them by emptying your trash;
2. Delete spam, chain, and other junk email without forwarding, in accordance with Lynn University’s acceptable use of technology policy;
3. Never download files from unknown or suspicious sources;
4. Avoid direct disk sharing with read/write access unless there is absolutely a business requirement to do so;
5. Keep your machine, especially laptops, physically secured. Confidential and sensitive information must be safeguarded. Take appropriate measures (e.g., encryption for electronic information, physically secure physical media) to prevent unauthorized disclosure;
6. Be alert and aware of information stealing methods such as: social engineering, phishing scams, and shoulder surfing to obtain personal and sensitive information about you;
7. Implement credible and reputable anti-virus software, perform continuous and/or scheduled scanning, and keep it up-to-date;
8. Implement anti-spyware to protect private personal information;
9. Implement current technology security preventive solutions to protect your computers from unwanted threats;
10. Enable the built-in firewall that is included in major operating systems and/or install a firewall application;
    
11. When logged into the network, remember to log out after you are finished. Also, enable a password-protected screen saver when leaving your computer temporarily;
12. Never download or open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, and then permanently delete them by emptying your trash;
13. Delete spam, chain and other junk email without forwarding it; and
14. Avoid creating shared folder with open or full access.

IV. Student use of information technology resources and systems

Understanding basics of campus computing is the key in helping you get connected with everything from student email, online registration, viewing grades, participating in online classes, keeping up with campus news, campus events, and more. Students are expected to comply with all university IT policies, including but not limited to those policies set forth below:

A. Student acceptable use policy

Preserving the access to information systems and resources is a community effort that requires each member to act responsibly and guard against abuses. Therefore, both the community as a whole and each student user has an obligation to abide by the university’s standards of acceptable and ethical use (refer to sections I and II above). Some key standards are summarized below for ease of reference:

1. Use only those computing and information technology resources for which you have been authorized;
2. Protect the access and integrity of computing and information technology resources;
3. Abide by applicable laws and university policies and respect the copyrights and intellectual property rights of others, including the legal use of copyrighted software;
4. Use computing and information technology resources only for their intended purpose; and
5. Respect the privacy, personal rights, and property of others.

Student users of the university’s information technology resources are also reminded that all computers connected to Lynn University’s network must have appropriate software running on their machine to ensure a secure environment for all users. Lynn University will provide the monitoring software to ensure compliance with this policy. The software will assist students in maintaining their computers in the manner prescribed by Lynn University. The software needed before granting access to the Lynn University network will include:

1. Lynn University approved anti-virus software;
2. The most current security patch for the operating system; and
3. Other software as periodically deemed appropriate by Lynn University to ensure a safe and secure internet and intranet experience for all students
4. If you are not clear on what constitutes an appropriate use, you are expected to contact IT to determine whether a particular activity is permissible.

B. Student bandwidth management

In an effort to secure and provide adequate network and Internet traffic Lynn University does manage, monitor, prioritize, and control bandwidth.

C. Student Technology Support

The University provides support services to students of Lynn University. All student computers must meet a set of minimum technology requirements for supported use at the university.
The IT Department provides the following services to students but not limited to:

1. Troubleshoot network related issues;
2. Troubleshoot university related application and email issues;
3. Troubleshoot authentication issues;
4. Troubleshoot operating system issues; and
5. Assist in contacting the manufacturer and give direction to possible issues.

The IT Department does not provide the following services for students:

1. Repairing hardware issues;
2. Installing computer and software for students; and
3. Unpacking and setting up of computers, printers and other peripherals.

V. Social media use guidelines

A. Student social networking

Lynn University students must be concerned with any behavior that might reflect badly on themselves, their families, and Lynn University. Such behavior includes any activities conducted online.

Students are not restricted from using any online social network site and/or digital platform. However, users must understand that any content they make public via online social networks or digital platforms (i.e., cell phones, smart phones, PDAs, etc.) is expected to follow acceptable social behaviors and also to comply with federal and state government laws and Lynn University policies, procedures, rules, and regulations, including the student code of conduct. Examples of misconduct include, but are not limited to, derogatory language about any member of the Lynn University community; demeaning statements about or threats to any third party; and incriminating photos or statements depicting hazing, sexual harassment, vandalism, stalking, underage drinking, illegal drug use. Such inappropriate behavior may be subject to disciplinary action.

In addition, student should keep the following guidelines in mind when participating on social networking web sites:
1. Before participating in any online community, students must understand that anything posted online is available to anyone in the world;
2. Students should not post information, photos, or other items online that could reflect negatively on themselves, their family, their team, the athletics department, or Lynn University;
3. Students should not post their home address, local address, phone number(s), birth date, or other personal information, as well as personal whereabouts or plans.
4. Potential employers, internship supervisors, graduate program personnel, and scholarship committees now search these sites to screen candidates and applications.

B. Employee use of social media and the internet during work hours

Lynn University acknowledges the growing popularity of social media and other communications as a means for publicly sharing experiences, ideas and opinions. Because of the legal and other ramifications that may stem from public communications, the university has adopted the following policy guidelines that applies during working and non-working time. These guidelines apply to all communications that may be accessed by the public, including, but not limited to blogs, personal web sites, discussion forums, and social media.

All Internet and social media communications activity is subject to this policy, as well as the university’s information security policies, standards and controls. This activity should not interfere with the employee’s work obligations as determined by the employee’s supervisor.

The following requirements must be met:
1. Public internet communications. This policy applies to all Internet communications that may be accessed by the public, including but not limited to blogs, personal websites, and discussion forums.
2.  Blogging not permitted on university time. All blogging and other internet activity during work hours and/or using university equipment or connections is subject to the university internet and computer use policies. Blogging and other public internet communications during an employee’s working time should not interfere with the employee’s work obligations as determined by the employee’s supervisor.

During non-working time, the following requirements must be met:

1. Disclaimer required. Any reference to Lynn University, Lynn University employees, or students publicly posted on the internet must contain a disclaimer indicating that the thoughts and opinions expressed belong to the author and do not necessarily reflect those of the university.
a. For non-university business participation on social media sites, employees must use a personal e-mail address. Use of personal e-mail accounts serves to prevent confusion and works to eliminate any misperception that an employee is speaking on behalf of the university.
2. Posting of high and medium risk institutional data prohibited. Employees may not disclose unauthorized trade secrets, confidential business information (e.g., business plans, strategies, customer information, non-directory student records, etc.), or other proprietary information belonging to Lynn University or its customers not otherwise available to persons or firms outside the university to individuals outside the University, including through blogs and other Internet postings.
3. Employees wishing to post blogs or other public internet communications should be aware that copyright and trademark law may restrict the use and copying of material belonging to Lynn University and others. Employees may not violate the intellectual property or privacy rights of others.
4. Other prohibited activities:
a. An employee’s personal use of social media or internet communications should be consistent with university policy, including but not limited to Lynn University’s equal employment opportunity policy and its policies against sexual or other harassment. If conduct is in violation of our policies and/or is seen as compromising the interest of the university, the university may request that you cease the violative commentary or remove the offensive posting, and may take appropriate disciplinary action.
b. Employees must not use social media to maliciously defame the university or any employee or member of the university community or make grossly reckless or maliciously false statements about the university.
5. Other guidelines. Employees are reminded that they are personally responsible for material they post on a blog or website. In addition, employees wishing to maintain blogs or websites should be aware that they could be held responsible for content posted by third parties, such as comments. Employees are encouraged to monitor and/or restrict such third-party content on any websites or blogs they maintain.

Failure to follow the above guidelines may result in disciplinary action, including possible termination. All blogs and other public Internet communications are subject to the other policies contained in the Lynn University policy manual, including but not limited to the computer systems policies, employee non-discrimination and anti-harassment policy, sexual harassment (Title IX) policy, and the university’s political activities policy.

To learn more about this policy or the supporting procedures, please contact Information Technology.