Bates Acceptable Use Policy

Purpose

Information Technology resources (IT resources) are provided to members of the Bates College faculty, staff, and student body and to authorized guests to support the teaching, scholarship, research, and administrative functions of the college. Such resources include, but are not limited to, College-owned data, computer hardware, data networks, information systems and classroom audio-visual equipment and are available to authorized users. Users of Bates College IT resources are expected to conduct themselves in a manner consistent with the college’s Statement of Community Principles, this Acceptable Use Policy, all other college policies, and state and federal law.

The purpose of this policy is to provide members of our community guidelines for responsible and respectful use of these IT resources.

Responsibilities

Users are expected to exercise care to help safeguard the reliability and security of IT resources. Users assume personal responsibility for the use made of their college allocated computer accounts. This responsibility begins with selecting a unique and secure password, and involves maintaining the confidentiality of that password to ensure the continued security and privacy of the account. Users are not to use their Bates password for non-Bates accounts, share passwords with other users, utilize the password for any other account and no one has the right to ask for them.

The College also provides some access to files and documents residing on College-owned equipment and systems (and/or transmitted via the College’s data network) to outside vendors who have been contracted to provide services. The College contracts with such vendors contain firm provisions for the security of information and the privacy of members of the College community who may use those services. Vendors are required to comply with all the same laws and regulations that the College must follow (e.g. FERPA, HIPAA, PCI).

Resource Monitoring

The college takes great care to protect the privacy and confidentiality of individual users’ information but cannot guarantee confidentiality. All information owned by the college or in storage on College and College-contracted data networks are subject to monitoring. The College reserves the right to access, monitor, remove, copy, and disclose communications or other data stored on college owned hardware and systems. Access must be given to the college in instances where a user has added personal security protection (encryption, password, or pin) to hardware, files and folders, or to college data in any format or location. The college does not monitor contents of files as a matter of course but non-intrusive monitoring of campus network traffic occurs routinely, to assure acceptable performance and to identify and resolve problems. Under these circumstances, College ILS staff will hold this information and knowledge in strictest confidence.

Acceptable Uses

All users may…

  • Use IT resources to support educational, scholarship, research, and administrative functions of the college.
  • Use IT resources for reasonable personal computing if it does not entail an excessive cost to the college, impede network operations, or violate this or other College policies.
Unacceptable Uses

IT resources may not be used in any manner prohibited by state and federal law or disallowed by license, contracts, or college policy. This section, while not all-inclusive, lists examples of misuse that may constitute a violation of College policy.

  • Attempting to gain access to any IT resource to which you do not have proper authorization;
  • Intentionally distributing viruses, malware, malicious software, hoaxes or other items of a destructive or deceptive nature;
  • Sharing your passwords with the specific exception of shared accounts in which the password is common among a small number of individuals;
  • Using another person’s computer account, user ID or data without appropriate permission (e.g., using an account found “logged in” on a public lab machine or classroom computer);
  • Theft, including the illegal duplication, downloading or sharing of copyrighted material, or the propagation, use, or possession of illegally copied software or data;
  • Sending threatening messages or other material intended to harass, defame, intimidate or threaten;
  • Tampering with, willful destruction of, or the damaging of files, data networks, software, or equipment;
  • Use of any IT resource as a staging ground to hack (break into) any other system.
Investigations

The college and its contractors maintain certain system and data backups and logs of e-mail and network traffic. If the college is made aware of violations of the law and is presented with a valid subpoena or court order requiring that such information be produced or preserved, or directing that the college assure that its employees produce or preserve such information, the college may be bound by law to comply.

Similarly, the college also may be obligated to disclose the identity of an account-holder or identity of the person who owns a computer or other registered network device, is responsible for a college owned device, or holds a college assigned account used in some network transaction.

Policy Violations

If violations are discovered or suspected, college personnel may report the activity to appropriate college officials or external authorities where violations will be handled through standard disciplinary processes as outlined in the student handbook and the applicable staff and faculty handbooks. Information and Library Services staff may take immediate action to protect information security, privacy, system integrity, and operational continuity.

PDF Version

Bates Acceptable Use Policy, Version 1.0, Effective: February 18, 2019