/
8.1.3 Acceptable Use Policy

8.1.3 Acceptable Use Policy

Policy Tracking

Date

Policy Tracking

Date

Approved

 

Revised

April 7, 2025

Reviewed

 

PURPOSE

The College strives to provide information technology access in an environment in which access is shared equitably among users.  This access is intended to be used in support of the College’s research, educational and administrative purposes. College owned or operated computer resources are for the use of College employees, students and other authorized individuals.  This Policy's purpose is to protect the College’s technology users and computer resources and to ensure equitable access and proper management of these resources.

Acceptable Activity

The College's information technology resources are intended for the use of its students, employees and other authorized individuals for purposes related to instruction, learning, research and campus operations.  Users are expected to exercise responsible, ethical behavior when using all College computer resources.  This Policy makes no attempt to articulate all required or prohibited behavior by users of the College’s computer resources.

RESERVATIONS OF RIGHTS AND LIMITS OF LIABILITY

A.  The College reserves all rights in the use and operation of its computer resources, including the right to monitor and inspect computerized files or to terminate service at any time and for any reason without notice.

B.  The College makes no guarantees or representations, either explicit or implied, that user files and/or accounts are private and secure. No right of privacy exists in regard to electronic mail or Internet sessions on the College Network or College-owned hardware.

C.  The College is not responsible for the accuracy, content or quality of information obtained through or stored on the College Network.

D.  The College and its representatives are not liable for any damages and/or losses associated with the use of any of its computer resources or services.

E.  The College reserves the right to limit the allocation of computer resources.

F.  The College makes efforts to maintain computer resources in good working condition but is not liable for damages incurred by loss of service.

G.  College funds may not be used to purchase personal network access or products.

H.  The College shall not be liable legally, financially or otherwise for the actions of anyone using the Internet through the College’s network or College’s computers.

WIRELESS INTERNET ACCESS

The College provides free wireless Internet access.  Users of wireless access must abide by the Wireless Network Acceptable Use Policy (8.1.6) and this Policy.  Connection to the wireless network at any given time is not guaranteed.  The College does not accept liability for any personal equipment that is brought to the College and, therefore, may not assist with configuration, installation, trouble-shooting or support of any personal equipment.

ELECTRONIC MAIL

The College provides free electronic mail accounts to certain College employees based on job responsibilities, as determined by the employee’s appropriate Vice President, and to all students who are enrolled in a curriculum program.  The use of College-provided electronic mail accounts must be related to College business, including academic pursuits.  Incidental and occasional personal use of these accounts is acceptable when such use does not generate a direct cost to the College or otherwise violate the provisions within this Policy.

The College will make reasonable efforts to maintain the integrity and effective operation of its electronic mail systems, but users are advised that those systems should in no way be regarded as a secure medium for the communication of sensitive or confidential information.  Because of the nature and technology of electronic communication, the College cannot assure the privacy of an individual’s use of the College’s electronic mail resources or the confidentiality of particular messages that may be created, transmitted, received or stored.

The College does not monitor electronic mail routinely but may do so as the College deems necessary.  Students and employees should not have any expectation of privacy regarding their electronic mail addresses provided by the College.  Any user of the College’s computer resources who makes use of an encryption device shall provide access when requested to do so by the appropriate College authority.  The College reserves the right to access and disclose the contents of employees’, students’ and other users’ electronic mail without the consent of the user.  The College will do so when it believes it has a legitimate business or need including, but not limited to, the following:

A.  In the course of an investigation triggered by indications of misconduct or misuse;

B.  As needed to protect health and safety of students, employees or the community at large;

C.  As needed to prevent interference with the College’s academic mission;

D.  As needed to locate substantive information required for College business that is not more readily available;

E.  As needed to respond to legal actions; and

F.  As needed to fulfill the College’s obligations to third parties.

Electronic mail, including that of students, may constitute "educational records" as defined in the Family Educational Rights and Privacy Act (“FERPA”).  Electronic mail that meets the definition of educational records is subject to the provisions of FERPA.  The College may access, inspect and disclose such records under conditions set forth in FERPA.

North Carolina law provides that communications of College personnel that are sent by electronic mail may constitute “correspondence” and, therefore, may be considered public records subject to public inspection under the North Carolina Public Records Act. 

Electronic files, including electronic mail, which are considered public records are to be retained, archived and/or disposed of in accordance with current guidelines established by the North Carolina Department of Cultural Resources or otherwise required by College policy 3.23 College Records.

 

PRIVATE EMPLOYEE WEBSITES, SOCIAL MEDIA AND OTHER INTERNET USE

When creating or posting material to a webpage or other Internet site apart from the College's website or approved ancillary external site or page, employees should remember that the content may be viewed by anyone including community members, students and parents.  When posting or creating an external website, students, faculty and staff are not permitted to use the College’s name in an official capacity or use the College’s marks, logos or other intellectual property. 

Employees are to maintain an appropriate and professional relationship with students at all times.  Having a public personal website or social media profile, or allowing access to a private website or private social media profile is considered a form of direct communication with students.  Any employee found to have created and/or posted content on a website, social media site, or profile that has a negative impact on the employee's ability to perform his/her job as it relates to working with students and the community or that otherwise disrupts the efficient and effective operation of the College may be subject to disciplinary action up to and including dismissal.

 

Section 1. Application

This policy applies to any College employee, contractor or third party who uses any device, whether College-owned or personal, to connect to the College Network or access College controlled Information Technology resources.

Section 2. Requirements

  1. Information Technology Resources of the College are intended solely for use by authorized faculty, staff, students, contractors, or vendors for the purposes of instruction, education, research, or other public service activities performed on behalf of the College.

  2. Users may not connect personal devices to the College Network without express written permission from the College CIO. This requirement does not apply to users who connect to the College’s designated Public Wireless Networks.

  3. Personally owned “smart” devices may not be connected to the College Network. “Smart” devices, commonly referred to as the “Internet of Things,” include smart thermostats, smart appliances, or wearable technologies.

  4. All devices connected to the College Network must have updated malware/anti-virus protection.

  5. Users must not attempt to access any data, documents, email correspondence, and programs contained on systems for which they do not have authorization.

  6. Users must not share or divulge confidential or sensitive information to anyone without proper authorization.

  7. Users must not share their account(s), passwords, Personal Identification Numbers (PIN), Security Tokens (i.e. Smartcard), or other similar information or devices used for identification and authorization purposes.

  8. Users must not use College Information Technology resources for non-work related or personal tasks except as allowed in Section 3: Incidental Use below.

  9. Users must not make unauthorized copies of, store or transport copyrighted electronic media including software, video, or audio. It is the responsibility of each individual to ensure their actions do not violate copyright law. Any material found on College managed equipment or services that violates copyright is subject to immediate and permanent deletion.

  10. Users must not download, install, or distribute software to College-owned devices unless it has been authorized by the College’s Information Technology department.

  11. Users must ensure all files downloaded from an external source to the College Network or any device connected to the College Network, including a diskette, compact disc (CD), USB flash drive, or any other electronic medium, is scanned for malicious software such as viruses, Trojan horses, worms or other malicious code.

  12. Users must ensure data classified as sensitive or confidential or otherwise contains personally identifiable information (PII) is only stored on equipment or data services owned by and under the control of the College.

  13. Users must not download College data to personally owned devices

  14. Users must not purposely engage in activity that is illegal according to local, state or federal law, or that violates College policy, or activity that may harass, threaten or abuse others, or intentionally access, create, store or transmit material which may be deemed to be offensive, indecent or obscene such as racially or sexually explicit materials. Sexually explicit materials includes any material that meets the definition of pornography as defined in North Carolina State Law 2024-26 or superseding definition.

  15. Users must not engage in activity that may degrade the performance of information resources, deprive an authorized user access to resources, obtain extra resources beyond those allocated, or circumvent information security measures.

  16. Users must not download, install or run security programs or utilities such as password cracking programs, packet sniffers, or port scanners that reveal or exploit weaknesses in the security of information technology resources unless approved in writing by the CIO or College President.

  17. College Information technology resources must not be used for personal benefit, e.g., gambling, political activity, unsolicited advertising, unauthorized fund raising, personal business ventures, or for the solicitation of performance of any activity that is prohibited by any local, College, or federal law.

  18. Access to the Internet from College-owned, home based, devices must adhere to all acceptable use policies. Employees must not allow family members or other non-employees to access data classified as restricted or highly restricted.

  19. Users must report any suspicious activity or unexpected software or system behavior, which may indicate malicious software is active on the device or unauthorized disclosure of information or exposure to security threats.

  20. Users must report any incidents of possible misuse or violation of the Acceptable Use Policy.

  21. Users have a responsibility to promptly report the theft, loss or unauthorized disclosure of information.

  22. Users must not use any unauthorized Cloud Services including online storage or Artificial Intelligence tools or systems such as DropBox, ChatGPT, Google Bard, Otter.AI, Read.io for storing, sharing, or processing of actual or potentially sensitive, confidential, or protected College data. Data classified as sensitive or confidential must only be stored or processed on systems and services designated. A list of designated systems is available on the College's internal website, "The Insider".

  23. Users must not send College data to non-authorized individuals or accounts.

  24. Per NC General Statute § 15A-287 users may not record any communications, including online or in person meetings, using any means including Artificial Intelligence agents, without the express consent of at least one party to the communication or event.

  25. Abuse, damage, and theft: Any person who willfully abuses, damages, steals, or otherwise renders inoperable any College-owned item including computers, digital media, software or other technology item, or uses such items for illegal purposes, may be disciplined under the Policies and Procedures Sections 3.11 (employees) or 4.15.1 (students) and could be referred to law enforcement for prosecution as applicable. For the purposes of this section, computer software and digital media are also considered to be property.

Section 3.  Incidental Use

College systems are intended for primarily business purposes, but limited (incidental and occasional) personal use may be permissible when authorized by your management and it does not do the following:

  1. Interfere with the normal performance of an employee’s work duties.

  2. Result in direct costs to the College, cause legal action against, or cause embarrassment to the College.

  3. Involve interests in personal or outside business and/or other non-authorized organizations and activities such as selling or soliciting personal property/items, promoting commercial ventures, charitable, religious, or political activities.

Section 4. Violations

Violation of this policy could result in suspension of the users access to College Information Technology resources, or in disciplinary action.

Violations: Violations of any procedures set forth herein will result in action being taken by the College including: counseling on the proper use of technology resources, temporary or permanent restriction of such use, or formal disciplinary action pursuant to Policies and Procedures Section 3.11.2 and Section 4.15.1. Violations of North Carolina statutes dealing with unlawful access or use of a computer may be referred to the State Attorney General’s Office for investigation and/or prosecution. Similarly, violations of 18 U.S.C. Sec. 1030 (Federal laws dealing with unlawful access to or use of a computer) may be referred to the FBI.

Abuse, damage, and theft: Any employee or student who willfully abuses, damages, steals, or otherwise renders inoperable any Blue Ridge Community College computer, multimedia or related equipment, network or software, or uses such items for illegal purposes, will be disciplined under the Policies and Procedures Sections 3.11 (employees) or 4.15.1 (students) as applicable. For the purposes of this section, computer software and digital media are also considered to be property.

Section 5. Acknowledgement of Policy

College employees, contractors and any individual granted access to College Information Technology resources must acknowledge in writing that they have received a copy of this policy.

Section 6. Supplemental

  1. Library Staff: Only Library staff members, print shop staff or other designated College employees lab assistants shall have access to visitor print account user names and passwords.

  2. Teaching Labs: Teaching computer labs are not considered open access labs and are not intended to be used by students beyond the requirements set by the classroom instructor, who shall be responsible for securing the classroom when the class is over.