Acceptable Use of Information Resources

Policy Status: Active

Subject Matter Expert: John Rollack, Human Resources Manager

Policy Steward: Evan Erdberg, President / CEO

‍

PREAMBLE:

Proximity Learning, Inc. (“PLI”) collects and retains data and information about students for designated periods of time for the express purpose of facilitating the student’s educational development. PLI recognizes the privacy rights of individuals in exerting control over what information about themselves may be disclosed and, at the same time, attempts to balance that right with the institution’s need for information relevant to the fulfillment of its educational missions. PLI further recognizes its obligation to inform the student of his/her rights under the Family Educational Rights and Privacy Act of 1974 (FERPA); to inform the student of the existence and location of records as well as to define the purposes for which such information is obtained; to provide security for such material; to permit student access to, disclosure of, and challenge to this information as herein described; and to discontinue such information when compelling reasons for its retention no longer exist.

STUDENT RECORD POLICY:

PLI will disclose information from a student’s educational record only with the prior written consent of the student / legal guardian, except that educational records may be disclosed without consent to PLI officials having a legitimate educational interest in the records and to third parties specifically authorized by FERPA, as referenced under Policies on Disclosure of Student Records.

PLI officials are PLI employees with general or specific responsibility for promoting the educational objectives of PLI or third parties under contract with PLI to provide professional, business and similar administrative services related to PLI’s educational mission. Individuals whose responsibilities place them within this category include teachers; faculty advisers; directors, and other administrative officials responsible for some part of the academic enterprise or one of the supporting activities; and persons or entities under contract to PLI to provide a specific task or service related to the PLI’s educational mission. Access by these officials is restricted where practical, and only to that portion of the student record necessary for the discharge of assigned duties.

“Legitimate educational interests” are defined as interests that are essential to the general process of education prescribed by the body of policy adopted by the governing board. Legitimate educational interests would include teaching, research, public service, and such directly supportive activities as academic advising, general counseling, therapeutic counseling, discipline, vocational counseling and job placement, financial assistance and advisement, medical services, safety, academic programs, and academic assistance activities. Records originating at another institution will be subject to these policies.

Policy

I. GENERAL CONSENT

Individuals with access to PLI’s information technology resources are responsible for their appropriate use, and by their use, agree to comply with all applicable policies, guidelines and standards, and applicable State and Federal laws and regulations.

For use and access to be acceptable, individuals must demonstrate respect for:

• the rights of others’ privacy;
• intellectual property rights (e.g. as reflected in licenses and copyrights);
• ownership of information;
• system mechanisms designed to limit access; and
• an individual’s right to be free of intimidation, harassment, and/or retaliation.

II. PRINCIPLES OF ACCEPTABLE USE:

All individuals’ granted access to PLI information technology resources must agree to and accept the following:

1. Using only the information technology resources for which they are authorized by PLI.
2. Utilizing appropriate authentication mechanisms to access information
   technology resources.
3. Not attempting to access information technology resources for which their
   authorization may be erroneous or inadvertent.
4. Only using accounts, passwords, and/or authentication credentials that have been authorized to use consistent with their role at PLI.
5. Protecting, and not sharing, their account, password, and/or authentication
   credentials.
6. Only sharing data with others as defined by applicable policies and procedures, and dependent on their assigned role.
7. Not using PLI information technology resources to represent the interests of any non-PLI group or organization unless authorized by an appropriate PLI department or office or that could be taken to represent PLI.
8. Not using any hardware or software designed to assess or weaken security strength, unless authorized by the President / CEO of PLI.
9. Not engaging in disruptive “spamming” (i.e., sending unsolicited electronic communication to groups of recipients at the same time), or acting in a way that will harm, damage, corrupt, or impede authorized access to information resources, systems, networks, equipment, and/or data.
10. Not forging identities or sending anonymous messages, unless the recipient has agreed to receive anonymous messages.
11. Not using PLI information technology resources to alter, disrupt, or damage information technology resources of another person or entity.
12. Not using PLI information technology resources to upload, download or distribute copyrighted or illegal material which results in violation of law.
13. Complying with all licenses and contracts related to information technology systems which are owned, leased, or subscribed to by PLI, and complying with applicable local, state or federal laws, and institutional policies, rules, and guidelines as they relate to information technology resources.

III. PROTECTING THE SECURITY AND INTEGRITY OF INFORMATION RESOURCES FROM UNAUTHORIZED USE:

In order to protect the security and integrity of Information Resources against unauthorized or improper use, and to protect authorized individuals from the effects of any potential abuse or negligence, PLI reserves the rights, at its sole discretion, to limit, restrict, or terminate any account or use of Information Resources, and to inspect, copy, remove or otherwise alter any data, file, or system resources that may undermine authorized use. PLI also reserves the right to inspect or check the configuration of Information Resources for compliance with this policy, and to take such other actions as in its sole discretion it deems necessary to protect PLI Information Resources. PLI also reserves the right to control and/or manage use of the frequency spectrum within the boundaries of all locations. Individuals of PLI are required to report transmitting devices and their characteristics to PLI officials, if so requested. PLI reserves the right to require those units or individuals found to have such devices that interfere or are suspected to interfere with operation of centrally managed PLI systems, to discontinue use of such devices, and, if necessary, to remove them.

PLI shall not be liable for, and the individual assumes the risk of, inadvertent loss of data or interference with files resulting from PLI’s efforts to maintain the privacy, integrity and security of PLI’s Information Resources.

PLI is not responsible for the content of individuals’ personal web spaces, nor the content of servers, programs or files that individuals maintain either in their personally

allocated file areas on PLI-owned computer resources or on personally-owned computers connected to PLI’s Information Resources.

PLI reserves the right to suspend network access or computer account(s), or to impose sanctions as defined in this policy if individually-maintained files, programs or services are believed to have been operating in violation of either law or policy. Additionally, PLI retains the right subject to applicable law and policy to search and/or seize, for investigative purposes, any personal hardware or systems connected to PLI Information Resources if there is cause to suspect that such hardware or systems were used either in violation of federal, state or local law, or in violation of the terms and conditions set forth in PLI policies governing computer and network usage. Restoration will be at the sole discretion of PLI. PLI shall, to the full extent required under law, cooperate with all legal requests for information, including, but not limited to, disclosure of system user account information when made by any law enforcement officer or legal representatives pursuant to court order, subpoena or other legal process.

PLI can enforce the provisions of this policy and the rights reserved to PLI without prior notice to the user.

EXCEPTIONS AND EXEMPTIONS:

Exceptions to, or exemptions from, any provision of this policy or supplemental IT Guidelines and Standards must be approved by the President / CEO in accordance with the Requests for Exception to Information Security Policy Standard.

Any questions about the contents of this policy or supplemental IT Guidelines and Standards should be referred directly to the President / CEO (eerdberg@proxlearn.com) who has the responsibility to interpret the Security Standards.

POLICY VIOLATIONS:

Any PLI department or unit found to operate in violation of this policy may be held accountable for remediation costs associated with a resulting information security incident or other regulatory non-compliance penalties, including but not limited to, financial penalties, legal fees, and other costs.

Faculty, staff, or students who violate this policy and supplemental IT Guidelines and Standards may be subject to appropriate disciplinary action, specifically including suspension or termination of access and/or network privileges.

FURTHER INFORMATION:

For questions, additional details, or to request change to this Policy, please contact the President / CEO (eerdberg@proxlearn.com)

‍