Acceptable Use Policy (IT 400-011)

1.0 Purpose

The Acceptable Use Policy ensures the responsible and secure use of Baker College’s computing and communication resources while safeguarding privacy, confidentiality, and the overall integrity of IT systems. These resources, including computers, networks, data storage, mobile devices, software, email services, voicemail, and other technologies, are the property of Baker College and are provided to support education, services, community engagement, and administrative functions in alignment with the institution’s Guiding Principles.

This policy defines the accountability of all users, including faculty, staff, students, vendors, guests, and courtesy affiliates, and establishes the boundaries for acceptable use. By using Baker College’s IT resources, all users agree to uphold these guidelines to maintain a secure, efficient, and ethical technology environment that supports the College’s Mission.

2.0 Definitions

End Users / Individuals - Any person(s) authorized to utilize Baker College technology resources, including faculty, staff, students, vendors, guests, or courtesy affiliates.

3.0 Scope

This policy applies to everyone who uses Baker College resources, including: students, faculty, staff, guests, and courtesy affiliates. All purposes, inclusive of, but not limited to: business, education, and personal use; whether you’re on campus or accessing resources remotely, these rules must be adhered to.

By utilizing Baker College resources, all users agree to abide by the Acceptable Use Policy.

4.0 Policy Statement

When you use Baker College’s computers, software, email, and other technology tools, you’re agreeing to follow certain rules. These rules are meant to protect everyone’s privacy and keep our technology running smoothly. Whether you’re a student, faculty, staff, or part of our community, you’re expected to use these resources responsibly. They’re here to support our education, services, and administrative work.

Resource Overview: Baker College provides a range of IT resources, including computers, data storage, mobile devices, networks, software, email services, electronic information sources, voicemail, telephone services, learning management systems, and other products and services.

Additional Rules on Campus: Some resources on campus, like classrooms and business systems, may have extra rules in addition to this policy. These rules will always align with this policy and might add more requirements or responsibilities for you.

Changes to Access: Baker College can restrict or limit access to resources at any time, even without telling you beforehand or asking for your consent.

How to Access the Policy: You can find this policy on the Baker College website, in the Student and Employee handbooks, or in the catalog. It’s important to know and understand these rules to use Baker College resources responsibly. 

General Authorized Usage Overview

Responsibility for User Activity: Users are granted access to IT resources and are accountable for all actions taken with their user IDs. It is your responsibility to safeguard your passwords and prevent unauthorized access to your accounts.

Prohibition of Inappropriate Use: Any use of Baker College resources that inaccurately or inappropriately represents support or affiliation with products, services, or organizations without written approval is strictly prohibited.

Personal Use at User’s Risk: Supplementary personal use of Baker College resources is permitted but done so at the user’s own risk. The College does not guarantee the continued operation, support, or security of IT resources for personal use.

Awareness of Policies and Regulations: Users are expected to familiarize themselves with Baker College policies and regulations governing the use of resources before utilizing them.

Respect for Privacy: Users must respect the privacy of others, including their usage, content, and identities, while utilizing Baker College resources.

Compliance with Laws and Policies: Users are required to comply with state, federal, and local laws, as well as Baker College policies. Additionally, you must adhere to any rules and regulations set forth by third parties.

Engagement in Safe Computing Practices: Users are expected to engage in safe and responsible security and computing practices to uphold the integrity of Baker College resources.

These guidelines aim to ensure the appropriate and responsible use of Baker College resources while promoting a secure and productive computing environment for all users.

Inappropriate Usage

The use of Baker College resources is subject to the following prohibitions and regulations:

Never share your credentials (including username and password, ID card, MFA code, or any personal authentication method) with anyone. You are responsible for protecting your account and ensuring exclusive access.

Private Business, Commercial Activities, Fundraising, or Advertising: Unless approved in advance, using College resources for private business, commercial activities, fundraising, or advertising for non-College purposes is strictly prohibited.

Adherence to Intellectual Property Laws: Users must adhere to copyright, trade secret, patent, or other intellectual property laws and regulations when utilizing College resources.

Prohibition of Unlawful Communications: Engaging in unlawful communications, including threats of violence, obscenity, child pornography, or harassing communication, is strictly prohibited. Such behavior will be reported to the local police department and/or Campus Safety immediately.

Unauthorized Access or Modification: Unauthorized access, modification, copying, or deletion of users’ accounts or resources, including files, is not allowed.

Prohibition of Disruptive Behavior: Users cannot use IT resources in a manner that disrupts the usage or activities of other users. This includes the introduction of malicious software or malware.

Unauthorized Connectivity: Unauthorized connectivity or access to Baker College resources is prohibited.

Interference with Networking: Interfering with the networking, including scanning, monitoring, intercepting, and altering network packets, is expressly prohibited.

Restriction on Political Activities: Baker College resources cannot be used to engage in partisan politics or promote/oppose ballot measures unless approved by the President/CEO.

Proper Authority for Access: Users cannot access Baker College resources without proper authority. This includes attempting to evade or circumvent user authentication or misrepresenting one’s identity or affiliation.

These regulations are in place to ensure the appropriate use of Baker College resources and to maintain a secure and productive computing environment for all users. Violations of these regulations may result in disciplinary action.

E-Mail and Electronic Communications

Access to Email: Your access to Baker College email is a privilege, but it can be restricted, either partially or entirely, without warning and without your consent.

Responsible Use: Activities that strain the email or network facilities are against the rules. This includes sending chain letters or mass emails without permission.

No Modifications: You’re not allowed to modify or forge any email information, including the header.

Confidentiality Risk: While we do our best to keep your emails private, we can’t guarantee confidentiality. So, avoid sending confidential, personal, financial, or sensitive information through email.

Social Media

At Baker College, we understand the significance of social media in our community. If you’re interested in creating an official Baker College page or group, you need approval from the College. You can find the social media application on my.baker.edu.

When you run an official page or group, you’re representing Baker College. Therefore, you must follow the expectations and policies outlined below. Any violation of these policies, regardless of scale or visibility, will be addressed. Just like with offline violations of Baker College’s Code of Conduct, disciplinary action may be taken. Any deviation from the policies, even if unintended, could lead to disciplinary action.

Student Organizations

All registered student organizations and pages will be regularly monitored by campus and departmental staff to make sure they follow these policies and guidelines.

When creating a page or group, make sure the description includes the following statement: “This page/group is not operated by an official representative of Baker College and, as such, the posts and opinions expressed here do not represent the opinions or policies of Baker College. Baker College is not responsible for any content posted here.”

Expectations

These guidelines promote responsible and respectful online behavior:

Respectful Interaction: Treat others with respect, even if they don’t reciprocate. Avoid making personal comments, criticisms, or attacks.

Appropriate Language: Ensure that all postings are free of inappropriate language or content, including ethnic slurs, personal insults, or obscenity.

Avoid Controversial Topics: Refrain from participating in inflammatory or sensitive topics, such as religious beliefs or political opinions, to maintain a positive online environment.

Accuracy and Citations: Be mindful of accuracy when sharing information and always cite reliable sources. Include links to any resources cited and promptly correct any mistakes.

Stay Within Your Expertise: Refrain from speaking outside your area of expertise. Direct questions to individuals who can provide accurate information.

Long-term Impact: Be aware that anything published online can have a long-lasting impact and may be accessible for many years, even if deleted.

Respect Copyright Laws: Respect all copyright and fair use laws when you share information online, including images or other content.

Avoid Endorsements: Do not provide endorsements or referrals for products or services on behalf of Baker College.

Balance Academic and Personal Responsibilities: Ensure that your online activities do not interfere with academic or personal responsibilities and maintain a healthy balance between online and offline activities.

Safety and Privacy

Always prioritize your privacy and safety online. Make sure your privacy settings are configured to protect your personal information. Avoid sharing sensitive details online and never ask others for their personal information.

Keep all your passwords secure and unique; never share them with anyone or write them down. Avoid using the same password for multiple sites or accounts. Remember to log out of sites after use and avoid using auto-login features.

If you suspect that your password has been compromised, change it immediately. Contact the support department of the relevant site or service if you suspect your account has been compromised.

Notify the IT Solutions Center (via email at itsc@baker.edu) immediately if you believe your password or account has been compromised. Report any threatening or abusive posts made on student groups/pages to Campus Safety and the IT Solutions Center. Be sure to capture a screenshot of the post and username before deleting it.

Multi-Factor Authentication is required for accessing any Baker College information system. It is highly recommended to register multiple authentication methods to prevent losing access to your account.

Accounts deemed inactive with no login activity will be disabled.

HIPAA and Social Media in Healthcare Settings

Baker College recognizes the importance of protecting the privacy of patients and confidentiality of their healthcare records under Health Insurance Portability and Accountability Act (HIPAA) regulations, particularly for students in healthcare settings. HIPAA regulations are intended to protect patient privacy and confidentiality by defining individually identifiable information and establishing how this information may be used, by whom, and under what circumstances. Individually identifiable information includes any information that relates to the past, present, or future physical or mental health of a person that could be used to identify them. Students have the following responsibilities:

Safeguard Patient Information: Individuals in healthcare settings have specific responsibilities to safeguard patient information. They must protect the confidentiality of any information they encounter during treatments or interactions with patients.

Limited Disclosure: Patient information should only be disclosed to other members of the healthcare team when necessary for providing care, and with the patient’s informed consent (unless legally required, or when failure to disclose information could result in significant harm). 

Social Media Awareness: Individuals need to be aware of the potential consequences of disclosing patient-related information on social media platforms. Any violation of clinical affiliates’ policies or relevant state and federal laws regarding patient privacy can have serious repercussions.

Professional Standards: Adherence to professional standards regarding patient privacy and confidentiality is paramount. Individuals must understand and comply with these standards in all aspects of their interactions with patient information, including social and electronic media.

FERPA and Social Media in Educational Settings

The federal law that protects student privacy and records is called the Family Educational Rights and Privacy Act (FERPA). In the United States, educational records at public schools or schools that receive public funding fall under FERPA’s jurisdiction. FERPA ensures the privacy of these educational records. Student teachers have the following responsibilities:

Confidentiality: If you’re training to become a teacher, it’s crucial to understand the importance of maintaining the privacy of educational records. As a future educator, you’ll be entrusted with sensitive information about students and their families. It’s your responsibility to keep this information confidential and to only use it for professional purposes.

Professional Conduct: It’s essential to maintain professionalism both inside and outside of the school building. Avoid negative discussions about students, staff, or the school in any setting. Refrain from discussing students by name except when necessary for professional purposes. By respecting student privacy and maintaining professionalism, you contribute to a positive and supportive learning environment for everyone.

Privacy

At Baker College, we value your privacy, and it’s important for you to know the following:

Data Ownership: While privacy is valued, Baker College asserts its ownership of data created or stored on its resources. Users should understand that any data generated within the College’s systems belongs to the institution.

Respect for Privacy: Users are expected to uphold the privacy of others and refrain from disclosing personal data about faculty, staff, or fellow students without authorization.

Trustworthy Management: Authorized individuals within Baker College’s IT environments are tasked with managing resources in a manner that promotes user trust. This implies handling data responsibly and ensuring confidentiality.

Monitoring and Maintenance: While the College doesn’t routinely monitor individual usage, certain activities like data backup, logging, and monitoring are necessary for normal operations. Baker College reserves the right to access resources for maintenance purposes, including addressing security events, to maintain the integrity and functionality of its IT infrastructure.

Operational Security

Baker College is committed to maintaining the stability and security of its IT resources:

Proactive Measures: The College reserves the right to take any necessary action, including monitoring and scanning resources, without prior notice to users, to protect its interests and ensure IT resource stability and security.

Risk Mitigation: Baker College acknowledges that third-party intrusions, viruses, and physical access can pose security threats. The institution takes reasonable precautions to minimize these risks.

Incident Reporting: Users are required to promptly report any known or suspected incidents, such as security breaches or policy violations, to the designated email address: abuse@baker.edu. This reporting helps the College address and mitigate potential threats effectively.

Enforcement

At Baker College, using our IT resources is a privilege we extend to you. However, if you violate our policy, please know the following:

Privilege, not a Right: Access to Baker College IT resources is considered a privilege, and users must adhere to the policy guidelines. Violations can result in limitations, suspension, or termination of access.

Enforcement and Reporting: The IT Executive Team will address alleged policy violations, and incidents may be reported to law enforcement if necessary.

Disciplinary Action: Users who violate the policy, other College policies, or external laws may face disciplinary action and/or penalties.

Appeal Process: If a user’s access is limited or suspended due to a policy violation, they have the right to appeal the decision to the organization’s executive committee.

5.0 Procedures

None

6.0 Responsibilities

End User

Must adhere to the information contained within the Acceptable Use Policy.

IT Executive Team

Responsible for reviewing any instances related to the Acceptable Use Policy and collaboratively determining appropriate actions to foster a positive technology environment.

Expected to provide guidance and support to IT staff as needed to enhance understanding and compliance.

IT Staff

Responsible for maintaining an operational and secure environment for individuals who are utilizing Baker College technology resources.

Proactively monitor the end user environment for any attempts to misuse technology resources and to address concerns through constructive dialogue.

Responsible for ensuring that the end user is up-to-date and effectively meets the needs of the organization.

7.0 Citations & Related Information

None