Policy Statement
This Acceptable Use Policy (AUP) describes the special rights and responsibilities for use of the College's "electronic resources" as defined. The Policy also explains the roles of those charged with maintaining, operating, and overseeing College electronic resources.
Reason for Policy
The College makes electronic resources available to support its academic and administrative goals and community members have a shared responsibility to utilize those electronic resources appropriately and to protect the resources from unauthorized access or use.
Scope
This policy applies to all persons who access or use the College's electronic resources (referred to in this policy as "users"), including without limitation the students, faculty, staff, alumni, and third parties.
This policy applies to all information technology and other electronic resources ("electronic resources") of the College, including without limitation:
- All computers, systems, equipment, software, networks, and computer facilities owned, managed, or maintained by the College for the handling of data, voice, television, telephone, or related signals or information;
- Any access or use of the College's electronic resources from a computer or other system not controlled or maintained by the College; and,
- The creation, processing, communication, distribution, storage, and disposal of information that belongs to the College.
In addition, members of the Emerson College community may have access to third-party electronic resources (such as social media or online collaboration tools) through their affiliation with the College. Use of these resources by members of the Emerson College community is governed by this policy and any applicable policy or restriction of the third-party provider.
Authorized Uses
Electronic resources may be used only for the purposes authorized by the College. These purposes generally comprise work, study, research, scholarship and creative endeavors, service, or student activities consistent with the College's mission and priorities.
Emerson recognizes that many users participate in outside academic and professional activities that naturally complement the users' on-campus commitments and enhance their contributions to the College. The College also acknowledges that use of personal electronic resources is compatible with the type of community that the College fosters in support of its broader goals. Such personal use shall not cause the College to incur liabilities. Above all, use of electronic resources for outside or personal purposes is always a privilege, not a right, and may not interfere with use for College purposes.
All use of electronic resources must comply with:
- all College policies, procedures, and codes of conduct, including the College’s Conflict of Interest policy, terms of use, and privacy policies, as well as those found in the student, faculty, and employee handbooks;
- all laws and regulations applicable to the user or the College; and,
- all relevant licenses and other contractual commitments of the College, as modified from time to time.
The College has sole authority to determine what uses of electronic resources are proper and may prohibit or restrict use deemed inconsistent with this policy or other applicable standards of conduct. Activities that would jeopardize the College's tax-exempt status are prohibited.
Safeguards and Restrictions
User IDs (including, but not limited to, “Emerson Accounts”) and passwords are the primary method used to authenticate users of the College's electronic resources. Users may not share passwords with any other person and must protect them from disclosure, and contact the College's IT staff immediately if they suspect their passwords have been compromised. Users are responsible for all activity conducted using their Emerson Accounts. Users must comply with the password requirements of the account management system. No person, including any member of the IT staff, is authorized to request disclosure of a user's password.
All users must protect the College's electronic resources and classes from unauthorized access. Specifically, all users must:
- Take responsibility for the security and integrity of information stored on any College-owned or personal desktop, laptop, or handheld system
- Take care to access electronic resources only from secure environments and to either lock or log out of sessions before leaving any computer unattended
- Take all appropriate precautions when accessing confidential or restricted College data to protect the data from unauthorized disclosures and from threats to its integrity
- Comply with requests from the IT staff and other authorized personnel to cease use of electronic resources that compromise the security of the College
- Cooperate with College officials during investigations concerning electronic resources usage or requiring access to electronic information
- Keep Technology Assets within the care of the assigned individual. Technology Assets shall never be lent or given to individuals who are not Emerson College community members or formal affiliates without written authorization from IT.
And, without proper authorization, no user may:
- Extend the network by introducing a hub, switch, router, wireless access point, or any other service or device to any College network
- Send email mass mailings for purposes other than authorized College business
- Alter, remove, or forge email headers, addresses, or messages, or otherwise impersonate or attempt to pass oneself off as another
- Obtain electronic resources beyond those allocated to the user, seek or gain access to data or user accounts for which the user is not authorized, or eavesdrop or intercept transmissions not intended for the user
- Use the College's Internet service or other network access in a malicious manner or to alter or destroy any material which the user is not authorized to alter or destroy
- Subvert IT security controls (i.e., uninstall College antivirus, use personal email to subvert spam filters, etc.);
- Access restricted portions of the operating system or software unless authorized by the appropriate College administrator
- Tamper with, modify, damage, alter, or attempt to defeat restrictions, protections, or any management tools placed on accounts or any electronic resources
- Damage computer or network systems, create or intentionally introduce or propagate computer viruses, malware, remote administration tools, or other malicious code to any electronic resource, attempt to degrade the performance of the system or to deprive authorized users of electronic resources or access to electronic resources, or render electronic resources inaccessible by denial of service, encryption or other means.
The College may send official correspondence to members of its community via electronic mail. Students, faculty, and staff are expected to check their @emerson.edu email account regularly. College employees are expected to use their Emerson College email account for all College-related communications. IT does not support non-Emerson email services. The College reminds community members that using external email systems may violate privacy laws, including FERPA.
To ensure Emerson's email reputation, external email systems require IT security review prior to their procurement. Those found to not meet IT security's standards may be prohibited from sending to or on behalf of Emerson College.
Copyright and Other Intellectual Property
Users must abide by all applicable copyright laws, licenses, and College policies. The use of illegally obtained software on College systems is prohibited.
Respect for Others
Emerson reminds users that conduct engaged in electronically is treated the same as any other conduct. All applicable student and employee conduct policies apply.
Users may not do anything to interfere inappropriately with others' use of electronic resources, including by consuming electronic resources in excess.
Data Ownership and Privacy
While the College owns the data on its systems and may legally retrieve or review it, the College is committed to maintaining privacy and does not routinely monitor a current user's email, data, or other online activity.
Privileged IT administrators have access to Emerson’s mail delivery logs, access logs, databases, and other data. IT administrators are to use their access to the minimum extent required to perform their duties, with strict adherence to privacy laws and confidentiality obligations.
Designated IT personnel may access, review, search, retrieve, or provide College-owned data (together, such activities are “data retrieval”) to College officials or third parties in limited circumstances and under certain conditions. The data retrieval may occur only when it is previously expressly authorized in writing (email is acceptable) by the President; the General Counsel; the Emerson College Police Chief or Deputy Chief; or two Vice Presidents. The prior express approval may be verbal rather than in writing only when the College official(s) giving the prior express approval indicates that exigent circumstances require verbal approval only. Data retrieval will be appropriate for legal and compliance matters, or other business use such as in situations requiring information for business continuity purposes.
Oversight of Electronic Resources
Authorized employees of the College, including the IT staff charged with the daily administration of the College's electronic resources, may:
- Take all reasonable steps necessary to preserve the availability and integrity of electronic resources, including blocking access to electronic resources;
- Reject or destroy email messages, email attachments, and other files suspected of being spam or containing malicious code;
- Exercise administrative authority over networks, systems, or software in order to grant users access to read, write, edit, or delete information in files or databases, and to establish security controls and protection for information and electronic resources;
- Employ a variety of security monitoring devices and tools to identify misuse or unauthorized use of, or access to electronic resources;
- With the approval of the Senior Associate Vice President for IT or the Information Security Officer, temporarily shut off the College's Internet connection, servers, or services, without prior notice, in order to protect College systems, data, and users or to protect other important interests of the College;
- Temporarily or permanently terminate users' use of electronic resources to investigate or remedy any threat to electronic resources or violation of this policy; and,
- Exercise administrative rights over certain electronic resources, if those rights are delegated by the IT staff.
Disclaimers
The electronic resources and anything accessible on or through them are made available "as is" and "as available." The College makes no guarantee that any electronic resource will be free of objectionable matter, errors, defects, bugs, malware, or other destructive features. The College is not responsible for any harm arising from electronic resources or users' reliance on them, nor is it responsible for any third-party content accessed using College electronic resources, including content made available by another College user or any third party.
This policy is not a complete statement of the College's rights or remedies, and nothing in this policy waives any of those rights or remedies, including any rights in or to the electronic resources.
Violations
Violations of the above policies may lead to College disciplinary action and/or criminal prosecution. Individuals are required to report (to helpdesk [at] emerson.edu (helpdesk[at]emerson[dot]edu)) information concerning instances in which the above guidelines have been or are being violated. In accordance with the established College practices, policies, and procedures, confirmation of inappropriate use of Emerson College technology resources may result in termination of access, expulsion from the College, termination of employment, legal action or other disciplinary action.
Changes to this Policy
The College reserves the right to change this policy at any time. A user's continued use of any electronic resources after any changes are published binds the user to the revised policy.