Information Technology Policies

Use of electronic mail is a privilege and not a right

Users are expected to promote an atmosphere conducive to work and study. All users have a right to privacy and freedom from libel and harassment. Users are expected to act responsibly, ethically and lawfully. Unacceptable uses of email or other computing and networking resources and facilities shall include, but are not limited to, the following:

• Misrepresentation of identity or source in the use of email is unacceptable
• Using email or other computing or networking resources or facilities for any purpose that violates federal or state laws
• Using email or other computing or networking resources or facilities for commercial purposes
• Sending patently harassing, intimidating, abusive, or offensive material to or about others
• Intercepting, disrupting, or altering electronic communications
• Non-academic community messages (lost/found, for sale, etc.) should be posted to the Community Gmail group
• College of the Atlantic email accounts are hosted by Google and are also subject to Google’s Acceptable Use Policy

Respect copyrights and intellectual property rights

Users must respect all copyright issues regarding software, information, and attributions of authorship. Many programs, images, sounds, text, and related materials are owned by individual users or third parties, and are protected by copyright and other laws, by licenses and other contractual agreements. Failure to abide by these restrictions is a crime. Software made available by the college is licensed for use, and is protected by copyright law. Copyright infringement is illegal.

• Users may not make copies of or install college software on computers not owned by the college, or place copies of unauthorized software on college computers.
• Use of peer-to-peer file sharing of music, games, video, software, images, or other items in a manner that infringes copyright is prohibited. Users found to be engaged in these activities will have their computer removed from the network, and may be subject to further disciplinary or legal action.

Respect the security of the network

User accounts and network connections are for individual use and may only be used by the person to whom they have been issued. Users are responsible for all actions originating from their account or network connection and for protecting their password. Any attempt to circumvent computer, network or file security is prohibited.

• Users must not impersonate others or misrepresent/conceal their identity in electronic messages and actions.
• Users are responsible for all actions originating from their account or network connection and for protecting their password.
• The College network may not be used to gain unauthorized access, or attempt to gain unauthorized access to any computer system or account, whether college owned or not. Any attempt to circumvent computer, network or file security is prohibited.
• Capturing network traffic not destined for your computer is strictly prohibited.

Respect the shared nature of resources

Users may not do anything which may interfere with others’ use of the college’s computers, peripherals, or network. This includes but is not limited to:

• The inadvertent or deliberate spreading of computer viruses is not allowed. Users are responsible for maintaining up-to-date antivirus. Any infected computer will be immediately removed from the college network.
• Users may not alter software, hardware, or wiring.
• Excessive bandwidth results in poor network connectivity for all users and is not allowed. More than 4GB of bandwidth in 24 hours is considered excessive and will result in slower bandwidth rates for the next 24 hours. Examples of applications which result in high-bandwidth usage that can seriously disrupt the community’s network include file sharing (p2p), streaming media (streaming high-definition TV or movies), video messaging, and excessive gaming.

Access to computer accounts and networks

College of the Atlantic will make reasonable efforts to have its computer systems and networks available at all times. However, as part of regular maintenance and other planned and unplanned activities, systems & networks may be unavailable at any particular time. The college reserves the right to restrict or terminate access to its computer & network resources as necessary. College of the Atlantic computer systems and networks are for non-commercial individual use related to the educational mission of the college by its faculty, staff, and students, and for approved college business activities. Use of college technology to gather or transmit information for purposes such as theft is a crime.

Privacy

The electronic mail system and network resources are the property of the College of the Atlantic. Although privacy and security are important, there are some circumstances under which college administrators may access these resources. These include: 

• To comply with a request under federal or state public information laws
• To maintain, repair, and troubleshoot the computer network
• To investigate the misuse of the network, such as theft, gambling, pornography, institutional security, fraud, and harassment

IT responsibilities & recommendations

Information Technology & Services is responsible for preserving the integrity of the campus network, and will use the guidelines of this policy in their effort. College of the Atlantic disclaims any responsibility and/or guarantees for data, information, and materials residing on non-COA systems or obtained by way of the internet. Although Information Technology & Services tries to provide a stable and reliable computer network, you may at times experience a system crash, network outage, or power outage. This interruption may result in the loss of your data, files, and/or software. In an effort to minimize risk, users should frequently back up their work.

Violations

Failure to abide by this policy may result in disciplinary action, including the loss of access to information technology resources. If you believe that a violation of this policy has occurred, you should contact the Dean of Student Life at jluce@coa.edu.

Purpose
Electronic Mail is a tool provided by the college and serves as a primary means of communication and to improve education and administrative efficiency. Users have the responsibility to use this resource in an efficient, ethical and lawful manner. Use of college email accounts evidences the user’s agreement to be bound by this policy. In the event a college employee holds multiple college email accounts, the most stringent rules of this policy shall apply.

Account creation
College email accounts are created based on the official name of the staff or faculty member as reflected in the Business Office records. Student and alumni accounts are created based on user ID reflective of the name on file with the Registrar. Requests for name changes to correct a discrepancy between an email account name and official college records will be processed, in which case the email account name will be corrected. This could be due to error or a person legally changing their name. Requests for mail aliases based on name preference, middle name, etc., are evaluated on a case-by-case basis.

Faculty, staff, or departments can request temporary email privileges for users outside of the College. Full time Faculty or Staff requesting these types of accounts will be required to submit user information, rationale for account, expiration date, & sponsor information. Such requests shall be approved by the appropriate Director level manager.

Ownership of email data
The college owns all college email accounts. Subject to underlying copyright and other intellectual property rights under applicable laws and college policies, the college also owns data transmitted or stored using the college email accounts.

Privacy and right of college access
While the college will make every attempt to keep email messages secure, privacy is not guaranteed and users should have no general expectation of privacy in email messages sent through college email accounts. Under certain circumstances, it may be necessary for COA IT staff or other appropriate college officials to access college email accounts. These circumstances may include, but are not limited to, maintaining the system, investigating security or abuse incidents or investigating violations of this or other college policies and violations of Google’s Acceptable Use Policy.

COA IT staff or college officials may also require access to a college email account in order to continue college business where the college email account holder will not or can no longer access the college email account for any reason (such as death, disability, illness or separation from the college for a period of time or permanently). Such access will be on an as-needed basis and any email accessed will only be disclosed to individuals who have been properly authorized and have an appropriate need to know or as required by law.

All email users are bound by the appropriate acceptable use policy of both College of the Atlantic and Google. Google also retains the right to access Gmail accounts for violations of its Acceptable Use Policy.

Data purging
Email messages held under Gmail accounts will be subject to Google’s storage and retention policies, which may change from time to time, with or without notice. As of this writing, retention times are unlimited and storage limits are 30GB.

Record retention
It is the responsibility of employees to preserve college records, including emails or instant messages in particular circumstances:

• Those who have actual knowledge of matters in which it can be reasonably anticipated that a court action will be filed.
• A subpoena has been served or notice of same has been given.
• Records are sought pursuant to an audit or similar pending or possible investigation.

Expiration of accounts

Individuals may leave the college for a variety of reasons, which gives rise to differing situations regarding the length of email privileges or expiration of accounts. The policy governing those privileges are set forth below. Notwithstanding the guidelines below, the college reserves the right to revoke email privileges at any time.

• Faculty may keep their email account for 60 days from the end of the last term in which they taught. If such separation is for cause, email privileges may be immediately revoked without notice.
• Staff may keep their email account for 60 days from the end of their last work week. If such separation is for cause, email privileges may be immediately revoked without notice.
• Students who leave the college without completion of their degree or other program may keep their email privileges for one academic term from the last term when they were registered.
• Students who are expelled from the college will have their email privileges terminated immediately upon the directive of the Provost’s Office.
• Alumni who have graduated from the college will be permitted to retain their email privileges if their account remains active. All email accounts that are inactive for a period of one year will be removed. Alumni wishing to reconnect with the college can request an account and one may be provided to them.

Appropriate use and user responsibility

No data that is classified as protected shall be stored in or transmitted via email. This includes but is not limited to personally identifiable information, Social Security Number, bank account information, tax forms, background checks, sensitive research data, or other protected data.

Users who use email communications with persons in other countries should be aware that they may be subject to the laws of those other countries and the rules and policies on others systems and networks. Users are responsible for ascertaining, understanding and complying with the laws, rules, policies, contracts and licenses applicable to their particular uses.

Use of distribution lists or ‘reply all’ features of email should be carefully considered and only used for legitimate purposes.

In order to prevent the unauthorized use of email accounts, the sharing of passwords is strictly prohibited. Each individual is responsible for his/her account, including the safeguarding of access to the account. All email originating from an account is assumed to have been authored by the account holder, and it is the responsibility of that holder to ensure compliance with these guidelines.

Inappropriate use
With respect to college email accounts, the exchange of any inappropriate email content outlined below and described elsewhere in this policy, is prohibited. Users receiving such email should immediately contact COA IT, who in certain cases may also inform the Department of Public Safety, academic dean, administrative dean, provost, or COA general counsel.

The exchange of any email content outlined below is prohibited:

• Generates or facilitates unsolicited bulk email
• Infringes on another person’s copyright, trade or service mark, patent, or other property right or is intended to assist others in defeating those protections
• Violates, or encourages the violation of, the legal rights of others or federal and state laws
• Is for any malicious, unlawful, invasive, infringing, defamatory, or fraudulent purpose
• Intentionally distributes viruses, worms, Trojan horses, malware, corrupted files, hoaxes, or other items of a destructive or deceptive nature
• Constitutes, fosters, or promotes pornography
• Is excessively violent, incites violence, threatens violence, or contains harassing content
• Creates a risk to a person’s safety or health, creates a risk to public safety or health, compromises national security, or interferes with an investigation by law enforcement
• Misrepresents the identity of the sender of an email

Other improper uses of the email system include:

• Using or attempting to use the accounts of others without their permission
• Collecting or using email addresses, screen names information or other identifiers without the consent of the person identified (including without limitation, phishing, spidering, and harvesting)
• Use of the service to distribute software that covertly gathers or transmits information about an individual
• Conducting business for profit under the aegis of the college
• Political activities, specifically supporting the nomination of any person for political office or attempting to influence the vote in any election or referendum on behalf of or under the sponsorship of the college

This list is not intended to be exhaustive but rather to provide some illustrative examples.

Scope
This policy applies to all individuals who use or maintain a College of the Atlantic provisioned email account.

Spam and phishing
All incoming email is scanned for viruses, phishing attacks and spam. Suspected messages are blocked from the user’s inbox. Due to the complex nature of email, it is impossible to guarantee protection against all spam and virus infected messages. It is therefore incumbent on each individual to use proper care and consideration to prevent the spread of viruses. In many cases, viruses or phishing appear to be sent from a friend, coworker, or other legitimate source. Do not click links or open attachments unless the user is sure of the nature of the message. If any doubt exists, the user should contact the Helpdesk at helpdesk@coa.edu

Definitions
Spam is defined as unsolicited and undesired advertisements for products or services sent to a large distribution of users.

Phishing is defined as the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

This website domain, coa.edu (the “site”), is owned by and is the responsibility of College of the Atlantic. This privacy policy outlines the college’s data collection processes for coa.edu and any other college owned and operated web sites/pages, both when a visitor voluntarily enters and transmits information to the college and when data are collected automatically through use of the site.

What information does College of the Atlantic collect?

• Information you give us, such as your first and last name, email address, phone number, address, and more. This may be information you enter on the site or give to us in other ways, such as through email, online registration forms, or surveys
• Automatically collected information such as site/page traffic and usage statistics. COA uses Google Analytics which collects additional site usage data
• Information from some web visitors who communicate with the college via email or use the college’s application status portal, such as your email address, home server domain name, browser type and version, Internet Protocol (IP) address, and information regarding where, when, and how often you visit the college’s website/pages
• Information that you have provided to third-party vendors including, but not limited to, the College Board, ACT, and RaiseMe

How College of the Atlantic uses information we collect

• To inform our marketing strategy and approach
• For promotional and recruiting purposes, including contacting prospective students and providing information about the college or about services, programs, and events
• To analyze visitors’ online behavior for website development and content improvement
• To provide you with information you request and to answer your questions
• For educational and/or research purposes

Disclosure of personal data to third parties
College of the Atlantic occasionally retains the services of third parties to process information or financial transactions, analyze data, or for other purposes approved by members of the college’s senior management. Any such organizations which receive personal data for these purposes are required to keep the information confidential and only use it to provide the agreed-upon services for the college.

 We may also provide personal data to third parties:

• If you have given us explicit consent to do so
• If we are legally required to do so, for example in response to a subpoena or court order
• To protect against fraud or other illegal activity
• To protect the safety and security of visitors to the Site
• If it is necessary to protect or defend the rights or property of College of the Atlantic
• To protect against legal liability

Protecting personal information
Protecting your personal data is important to us. To prevent unauthorized access or disclosure of personal information, we have implemented physical, electronic, and administrative procedures intended to safeguard the information the college collects and/or stores online. In addition, we limit our employees’ and contractors’ access to personal information. However, the college cannot guarantee the absolute effectiveness of these security measures. 

Controlling your personal information & GDPR
If you are located within the European Economic Area you have certain data protection rights including the right to be informed of the college’s use of personal information, request access to personal information, correct inaccuracies, and request the erasure of personal information. These rights are subject to certain limitations. If you have questions or choose to exercise these rights, please contact webteam@coa.edu.

Payments
Where payment information is collected within the site, the college uses third-party services for payment processing. The college will not store or collect your payment information; that information is provided directly to the third-party payment processors whose use of your personal information is governed by their privacy policies.

Changes to this privacy policy
College of the Atlantic reserves the right to change this policy at any time. Changes to the college’s website privacy policy are effective upon posting to the site.

Questions about this policy
Please direct questions to webteam@coa.edu.

Policy updated August 1, 2019