It is the policy of North Central Missouri College to maintain access to local, national, and international sources of information and provide an atmosphere that encourages free exchange of ideas and promote learning. Use of the College’s electronic information systems is a privilege and not a right. Users must respect the rights of other users, respect the integrity of the systems and related physical resources, and comply with all relevant laws, College policies and procedures, and contractual agreements.
The College network is defined to include any and all computer and electronic based communication facilities (voice, data, and video) and/or equipment which are owned or operated under the supervision of North Central Missouri College.
CRIMINAL OR ILLEGAL ACTS
Electronic information systems of the College, which include hardware, software, and network environment, shall not be used for illegal or criminal activities. Such activities may involve, but are not limited to, unauthorized access, intentional corruption or misuse of resources, theft, defamation, obscenity, pornography, child pornography, and harassment based upon ethnicity, disability, age, religion, or sex. The College will cooperate with all branches of law enforcement (local, state, federal, or international) in investigations of a criminal nature by making available transmissions and files within the College’s network.
North Central Missouri College treats copyright infringement very seriously. It is illegal to violate the copyright law, including downloading or sharing music and videos without permission from the copyright owner. Copyright owners have begun using software to aggressively search for people who are providing copyrighted materials to others over the Internet without the copyright owner’s permission.
Employees must understand and follow the information security policies. All data that is collected must be secure. Secure Data Elements, also known as personal identifiable information, must never be released to any entity outside of the college without written student consent or approval from the Registrar’s Office or Vice President of Student Affairs except to the extent that FERPA authorizes disclosure without consent. Employees that fail to follow the Information Security policies are subject to the sanctions of the North Central Missouri College’s Electronic Information System Use Policy.
SECURE DATA ELEMENTS
Although commonly stored, these data elements are protected and must not be made available except to the extent that FERPA authorizes disclosure without consent. This information should not be released verbally, and electronic or paper reports containing this data must be approved before release. This information includes first name (or first initial) and last name in combination with any other data element. Examples of additional data elements include but are not limited to:
- Social Security Number
- Driver’s License Number, passport number, or other unique identification number issued by the government
- Financial account, credit card, or debit card number
- Unique electronic identifier or routing code in combination with any required security code, access code, or password that would permit access to an individual’s financial account
- Health insurance information
- Address information
- Personal characteristics, including: photographic image, fingerprints, handwriting, or other biometric data
- Date or place of birth
- Mother’s maiden name
- PIN or passwords
- National or ethnic origin
- Religious affiliation(s)
- Employment information
- Financial information including account balances or histories
- Information contained in educational records that are not listed as directory information
Additionally, do not store the following data elements electronically or on paper:
- Full credit card numbers (the last four digits are acceptable)
- Credit card validation codes (three to four digit code on front or back of card used to verify card no present transactions)
- Credit card PIN numbers.
Employees of North Central Missouri College are expected to maintain the confidentiality of all educational records, as outlined in the Family Educational Right and Privacy Act (FERPA). FERPA is a federal act designed to protect the privacy of educational records, to establish the right of students to inspect and review their educational records, and to provide guidelines for the correction of inaccurate and misleading data through informal and formal hearings. The College Catalog and website state the policy regarding academic records at North Central Missouri College. Academic records are open to members of the faculty and staff who have a legitimate educational interest in seeing the records. Information should not be viewed unless it is required to fulfill job responsibilities at NCMC. Under the terms of FERPA, certain directory information may be released to third parties without the written consent of students, however students have the right to restrict release of directory information. All third-party requests for academic information should be cleared through the offices of the Dean of Student Services or the Registrar at North Central Missouri College.
SMART PHONE / MOBILE DEVICE
All portable devices that use the college network or resources to synchronize or store data must have an automated lock configured to prevent unauthorized access. All devices must be updated to insure the highest level of security. IT Services must be notified of missing or stolen devices no later than the next business day.
College employees must use an approved, password-protected encrypted flash drive. Lost or stolen storage devices must be reported to IT Services no later than the next business day.
MOBILE COMPUTING DEVICES
All mobile computing devices (for example: laptops and tablets) used for administrating College business must have the hard drive encrypted and be a member of the domain. It Services must be notified of missing or stolen computers no later than the next business day.
OFF CAMPUS IT SERVICES
Contracting with the use of services such as cloud or any type of remote service not provided by the IT services department is prohibited. The use of personal our cloud based (hosted) storage such as, but not limited to SkyDrive, Dropbox, and Google Documents is not permitted.
Secure data elements should not be sent via email. Instead of email, transmit information securely using NCMC-approved services (for example: Softdocs and Parchment). Users must comply with the CAN-SPAM Act that deals with sending bulk/commercial messages that are unsolicited. Contact the helpdesk before sending messages to recipients with which you do not have a prior working relationship.
ACCEPTABLE AND UNACCEPTABLE USES
Acceptable and unacceptable uses of College electronic information systems are outlined below. Note: this list is not all inclusive.
- A means for authorized users to have legitimate access to email, network resources, and/or Internet access.
- Any use necessary to complete research or coursework assigned to a College employee or student.
- Communication for professional development.
- Other administrative and/or academic communications or activities in direct support of College projects and missions.
- Limited personal use may be allowed when such use meets the following criteria: it does not interfere with College operations, it does not compromise the functioning of the College network and computing resources, it does not interfere with the user’s employment or other obligations to the College, and it does not violate any other laws, regulations, or College policy.
- Any commercial or for-profit use.
- Attempting to gain or gaining unauthorized access to the computer system or files of another.
- Including use of another individual’s identification, network, email or other College-based account and/or related passwords.
- Any use that causes unauthorized network disruption, system failure, or data corruption.
- Any use related to achieving, enabling, or hiding unauthorized access to network resources, College-owned software, or other information belonging to North Central Missouri College.
- Unauthorized or excessive personal use.
- Use of computing facilities or network resources to send obscene, harassing, abusive, or threatening messages.
- Use of computing or network resources to send malicious software or malicious content.
- Use of computing or network resources for social engineering, phishing, or other activities designed to fraudulently obtain information from College end users.
- Use of peer to peer file sharing sites such as uTorrent, Bittorrent, qBittorrent, Transmission, Bitport.io, FrostWire, Deluge, Flox, Webtorrient.io, Shareaza, eMule, and many more peer to peer file sharing sites.
USER RESPONSIBILITY AND ACCOUNT OWNERSHIP
Users may not allow other individuals to use their College-assigned network, email, or other College-based account. Employees and students are individually responsible and accountable for the proper use of their assigned accounts. Users should take proper security measures to ensure the integrity of their accounts and should also report any notice of unauthorized access. All College-managed network and cloud storage locations. must be properly password protected. The College uses email to communicate important information; therefore all users are encouraged to check their email on a regular basis. However, the college will not request end users to send password or sensitive information via email.
North Central Missouri College is required by contract with MOREnet to abide by and therefore enforce their policies and procedures. For more information about MOREnet’s policies, procedures, and security measures, visit them online. Visit More.net
USER CONDUCT AND SANCTIONS
Abuse of the College’s electronic information system or violation of any local, state, or federal telecommunication law or regulation, or College policy, is not allowed and may subject the individual to criminal, civil, and institutional penalties and liabilities.
Penalties for violation of college policies including unauthorized peer-to-peer file sharing, illegal downloading or unauthorized distribution of copyrighted material using the College’s information technology system can include, but not be limited to, loss of all College computer network privileges, probation, suspension from the College, and/or referral to law enforcement for prosecution, including criminal or civil action. Employees can also be subject to termination.
Penalties for violation of federal copyright laws and copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages affixed at not less than $750 and not more than $30,000 per work infringed. For “willful” infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys’ fees. For details, see Title 17, United States Code, Sections 504, 505. Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense. For more information, visit the US Copyright Office.
FERPA is enforced by the Family Compliance Office, which is part of the U.S. Department of Education. Violations may result in NCMC’s loss of ability to offer federal financial aid programs, institutional fines, personal law suits, termination of employment, and other sanctions. All employees shall read and become familiar with the “Guidelines for Release of Education Records” as posted on the NCMC website. More information is available online at ncmissouri.edu/registrar.
Email notifications will be made available as changes affect this policy.