||Chief Information Officer
Responsible Executive Officer:
Vice President for Business & Finance
TBR IT Acceptable Uses 1.08.05.00
TBR Access to and Use of Campus Property and Facilities 1:03:02:50
TBR Records Retention and Disposal of Records 1.12.01.00
The objectives of this policy include: 1) to articulate the rights and responsibilities of persons using information technology resources owned, leased, or administered by Walters State Community College (WSCC); 2) to protect the interests of users and WSCC; and, 3) to facilitate the efficient operation of Institutional Information Technology systems.
For the purposes of this policy all definitions are defined in the Information Technology Definitions Policy
II. User Responsibilities
The following lists of user responsibilities are intended to be illustrative, not exhaustive.
- Users and guests of the Institution have minimal inherit access to the Institution’s network and wireless network when using personal devices. This access is restricted to public systems. It should not be implied that this access level provides access to printers, servers, computers, secured systems, or any other Institutional Information Technology system that is not intended for general authenticated user access.
- The use of publicly available technology kiosks, computers, and mobile devices that do not require user authorization are provided to access student resources to apply to the college, complete class registration activities, meet financial aid requirements, engage in using Institutional services (e.g., use of printing stations, library card catalog, etc.), or to meet classroom instruction requirements. The use of these devices are restricted from all other use. Users should also limit the time usage of these resources during peak times when usage is high.
- Institutional Information Technology Resources is to be used by authorized users.
- Users shall not disable or attempt to bypass any institutional security software. Examples include, but are not limited to, antivirus, end-point protection, Windows firewall, etc.
- Users shall not access Institutional Information Technology Resources for purposes beyond those for which they are authorized. Users shall not share access privileges (account numbers, usernames, passwords, etc.) or personal information that would assist in enabling unauthorized access.
- Users shall not use personal or Institutional Information Technology resources in an attempt to access or to actually connect to internal or external systems when access is not authorized by the Institution or the system’s owner.
- Respect for Others
- A user shall not attempt to obstruct usage or deny access to other users by physical or electronic means.
- Users shall not transmit or distribute material that would violate existing Institutional policies or guidelines or applicable laws using Institutional Information Technology resources.
- Users shall respect the privacy of other users, and specifically shall not read, delete, copy, or modify another user’s data, files, email, or programs (collectively, “electronic files”) without the owner’s permission.
- Users should not have expectation of privacy in electronic files stored on the resident memory of a computer available for general public access (e.g., kiosks, lab computers, etc.), and such files are subject to unannounced deletion.
- Users shall not intentionally introduce any program or data intended to disrupt normal operations (e.g., “malware”, “virus”, or “worm”) into the Institution’s information technology resources.
- Forgery or attempted forgery of email messages is prohibited.
- Sending or attempts to send unsolicited email or chain letters is prohibited.
- Respect for Institutionally-Owned Property
- A user shall not intentionally, recklessly, or negligently misuse, damage or vandalize Institutional Information Technology resources.
- A user shall not attempt to modify Institutional Information Technology resources without authorization.
- A user shall not circumvent or attempt to circumvent normal resource limits, logon procedures, or security regulations.
- A user shall not use Institutional Information Technology resources for purposes other than those for which they were intended or authorized.
- Users shall use Institutional Information Technology resources in an efficient and productive manner.
- Additional Responsibilities of Employees and Independent Contractors
- Users who are Employees or Independent Contractors shall not make use of Institutional Information Technology resources for purposes which do not conform to the values, purpose, goals, and mission of the Institution and to the user’s job duties and responsibilities.
- Users shall not use Institutional Information Technology resources for solicitation for religious or political causes.
III. Digital/Electronic Signatures and Transactions
- The Tennessee Board of Regents and its Institutions must comply with the Tennessee Uniform Electronic Transactions Act. (T.C.A. §47-10-101 et seq.) This Act permits the use of electronic signatures and electronic transactions under certain circumstances.
- The use of electronic signatures in compliance with Institutional policy, and/or state, federal laws is permitted.
IV. Unlawful Uses Prohibited
- Users shall not engage in unlawful use of Institutional Information Technology resources.
- Unlawful activities may subject violators to civil and/or criminal penalties.
- This list of unlawful activities is illustrative and not intended to be exhaustive.
- Obscene Materials
- The distribution and display of obscene materials, as defined under Tennessee law (see T.C.A.39-17-901(10)), is prohibited by the laws of Tennessee. (see T.C.A.39-17-902)
- Federal law (18U.S.C.2252) prohibits the distribution across state lines of child pornography.
- Defamation is a civil tort which occurs when one, without privilege, publishes a false and defamatory statement which damages the reputation of another.
- Violation of Copyright
- Federal law gives the holder of copyright exclusive rights, including the right to exclude others from reproducing the copyrighted work.
- Sanctions for violation of copyright can be very substantial. Beyond the threat of legally imposed sanctions, violation of copyright is an unethical appropriation of the fruits of another’s labor.
- Pursuant to the Digital Millennium Copyright Act of 1998, the Institution’s designated agent for receipt of complaints of copyright infringement occurring with the use of Institutional Information Technology resources is the Chief Information Officer or his/her designee.
- The agent shall develop and maintain a guideline regarding receipt and disposition of complaints of copyright infringement.
- While the Institution is authorized by Tennessee Board of Regents (TBR) to designate its own agent, the TBR Chief Information Officer shall be promptly informed of complaints received by the Institution’s agent.
- Gambling, including that performed with the aid of the Internet, is prohibited under Tennessee state law. (see T.C.A. § 39-17-502)
- Cyber bullying/harassment -TN TCA 39-17-308.
V. Monitoring and Inspection of Electronic Records
- Electronic records sent, received, or stored on servers and/or devices owned, leased, or administered by the Institution are the property of the Institution.
- As the property of the Institution, the content of such records, including electronic mail, is subject to inspection by Institutional personnel.
- While the Institution does not routinely monitor individual activity, the Institution has the capability and reserves the right to monitor and/or log all activity without notice, including all email and Internet use.
- Users should have no reasonable expectation of privacy in the use of Institutional Technology Resources regardless of use of a personal or institutional device.
VI. Disclosure of Electronic Records
- Pursuant to T.C.A. § 10-7-101 et sq., and subject to exemptions contained therein, electronic files (including email correspondence) may be subject to public inspection upon request by a citizen of the State of Tennessee, if they are:
- Generated or received by Institutional employees, and
- Either owned or controlled by the State, or
- Maintained using Institutional Technology resources
- Institution personnel receiving such a request for public inspection should refer the request to the President or his/her designee.
- While disclosure under T.C.A. § 10-7-101 et sq. applies to employees, disclosure of the electronic records of all users which are maintained using Institutional Information Technology resources may be made pursuant to a valid subpoena or court order, when otherwise required by federal, state or local law, or when authorized by the President or his/her designee.
VII. Retention of Electronic Records
- Electronic records needed to support Institutional functions must be retained, managed, and made accessible in record-keeping or filing systems in accordance with established records disposition authorizations approved by the Tennessee Public Records Commission (PRC) and in accordance with TBR Policy 1.12.01.00, “Record Retention and Disposal of Records” and WSCC Policy 08:25:00 Record Retention and Disposal Policy.
- Each employee of the Institution, with the assistance of his or her supervisor as needed, is responsible for ascertaining the disposition requirements for those electronic records in his or her custody.
- The information technology system administrators are not responsible for meeting the record retention requirements established under T.C.A. § 10-7-101 et sq., and the Institution, as owner of electronic records stored on Institutional computers, reserves the right to periodically purge electronic records, including email messages.
- Users who are either required to retain an electronic record, or who otherwise wish to maintain an electronic record, should either:
- Print and store a paper copy of the record in the relevant subject matter file; or
- Electronically store the record on a storage medium or in an electronic storage location that has been approved and not subject to unannounced deletion.
VIII. Violation of this Policy
- Reporting Allegation of Violations
- Persons who have reason to suspect a violation of this policy, or who have direct knowledge of behavior in violation of this guideline should report that allegation of violation to their immediate supervisor or the Chief Information Officer.
- Disciplinary Procedures
- Allegations of violation of this policy shall be referred to the appropriate person(s) for disciplinary action.
- If a student, the violation will be referred for appropriate review in accordance with student disciplinary policies and guidelines.
- If an employee, the violation will be referred to the immediate supervisor.
- If there is a violation, which the Chief Information Officer or designee believes rises to the level of a serious violation of this or any other Institutional policy/guideline, the Chief Information Officer or designee is authorized to temporarily revoke access privileges. In those cases, the revocation of access must be reviewed by the appropriate disciplinary authority for review and final determination of access privileges. In such cases the authorization of the Chief Information Officer or designee carries with it the authorization to make subjective judgments, such as whether content, actions, or statements violate Institutional policies/guidelines.
- Persons violating this policy are subject to revocation or suspension of access privileges to Institutional Information Technology resources.
- Other penalties may be imposed upon student users.
- Sanctions for violation of this policy by employees may extend to termination of employment.
- Violations of law may be referred for criminal or civil action.
- Sanctions imposed upon students may be appealed in accordance with Institutional policies and guidelines.
- Other sanctions may be appealed under established Institutional procedure.
11/15; 09/17; 03/23