Information Technology Policies
SUPPORT LOCATION AND HOURS OF OPERATION
The Information Technology Office can be found just off the main lobby in the A.K. Christie Building.
Office support hours are Monday through Friday from 8:00AM to 4:00PM.
RELEASE OF INFORMATION
Due to the highly confidential information available to those with network access, it is the policy of the NMCC IT Office to verify a person’s identity before releasing secure information. Users will be asked to present a valid photo ID to receive information such as network or email login credentials. Information will not be given over the phone, by email or to parties requesting it on a user’s behalf.
In addition, this information can only be given to the user in one of three ways:
- In person at the NMCC Main Campus in the Information Technology office;
- By regular mail, to the address maintained on file in the Registration Office;
- Through an Off-Campus Center director who will be bound by the same conditions above.
Additional Policies
Technology resources may not be used in a manner that violates the law, for private commercial activities that are not approved by the school, for personal private gain, interference with the fulfillment of an employee’s job responsibilities or activities that are inconsistent with the college’s tax-exempt status. Additionally, the acceptable use policy must be adhered to at all times to ensure the network is being used appropriately.
Technology Support
College Owned Computers
The technology staff is responsible for supporting the college-owned computers, telecommunication equipment, controls, networks and network infrastructure. To report a problem, users will be responsible for submitting a work order via the information portal. The technology support staff will respond and take appropriate action once the work order has been submitted.
Non-College Owned Computers
The Information Technology Office may not provide support for personally owned computers and technology.
The technology support staff members are available for consultation and limited diagnostics if connecting to Northern Maine Community College technologies such as the wireless network and projectors. However, for issues other than those deemed minor by the IT staff, the owner will be directed to the original equipment provider or to local technical support vendors.
Wireless Access
Students, faculty and staff are provided wireless network access for the purpose of accessing network storage, the Internet and other technology resources provided by the College. The campus community will have access to the wireless network using their network ID and password.
The general public and guests of the College will also be afforded an opportunity to access the wireless network. Temporary network accounts will be provided and distributed at the library circulation desk. Users not enrolled at or employed by NMCC will need a driver’s license or two other forms of unique identification to obtain the temporary network ID. These accounts are disabled after seven days and removed from the system one month after issuance.
Minimum system requirements to access the NMCC wireless network:
* Windows XP Service Pack 2
* Mac OSX
* Wireless 54 G adapter
* The following must be installed, enabled and up to date:
o Professional Antivirus (Norton, McAfee, Trend-Micro)
o Personal Firewall (Windows XP, McAfee, Zone Alarm)
Waiver of Liability
The information technology staff ensures that all controllable situations are handled professionally, however, as a user of Northern Maine Community College’s network there are factors that are beyond the College’s control. These factors may include, but are not limited to: theft of unattended equipment, unsecured data transmission, natural disasters, electrical outages or other unforeseen circumstances that may hinder or affect the network, user’s equipment, and other College technology. As a network user, you agree to hold harmless the College, its staff and/or agents for any damages or adverse affects to your equipment resulting from the use of the network, accepting consultation or problem diagnosis by the College’s technology support staff or agents.
Violation of Usage and Support Policies
The use of NMCC network is a privilege, not a right. All students, faculty, staff and general public users are expected to adhere to the Usage and Support Policy along with the Acceptable Use Policy. Inappropriate use may result in a cancellation of those privileges and/or disciplinary action may be taken.
Primary Goal of Information Resources:
To support and enhance the educational activities of NMCC by providing access to additional resources, both within and external to NMCC and extending the opportunity for collaborative work.
The college encourages the use of college resources for these primary activities. These resources include, but are not limited to, hardware (including telephones, computers, and traditional media equipment) either owned or leased by the college, software, and consulting time (and expertise) of the computer staff.
The use of technology resources provided by the college for endeavors not directly related to enhancing and facilitating teaching, collaborative work, and applied research should be considered as secondary activities. Should such secondary activities in any way interfere with primary activities, they may be terminated or limited immediately.
Many of the technology resources of the college are shared among the entire college community. Everyone using those resources should be considerate of the needs of others and be certain that nothing is done to impede anyone else’s ability to use these resources.
Such impediments may include, but are not limited to:
- activities that obstruct usage or deny access to others
- activities that compromise privacy
- activities that harass
- activities that are libelous
- attempting to “hack” into any computer either at the College or elsewhere
- activities that violate copyright laws
- activities that violate college rules
- destruction or alteration of data or information belonging to others
- activities that violate local, state, or federal laws
- unauthorized use of computer accounts
- impersonating other individuals
- creating, using or distributing, virus programs or programs that attempt to explore or exploit network security and/or other vulnerabilities
- attempts to capture or crack passwords or break encryption protocols
- allowing anyone else to use any of your account(s)
- extensive use of resources for private or personal use
Questions or Problems:
The Information Technology Office, instructors, advisors, and supervisors can help clarify this policy or to help you resolve any other problem you encounter in using NMCC computing services and facilities.
Violation of Policy:
Any user who does not adhere to the Acceptable Use Policy(s) for the network(s) that the user is connected to may have his/her access to the NMCC network terminated. The use of NMCC network is a privilege, not a right, and inappropriate use may result in a cancellation of those privileges and/or disciplinary action taken under the MCCS policies and procedures and/or the NMCC Student Code of Conduct.
The NMCC policies recognize and amplify the MCCS Computer Network Acceptable Use Policy.
MAINE COMMUNITY COLLEGE SYSTEM
GENERAL ADMINISTRATION
Section 203
SUBJECT: COMPUTER AND NETWORK USE
PURPOSE: To promote the responsible use of college and System computers and networks
As with any college system, the MCCS seeks to enhance opportunities for individual and collaborative learning and research. As a public institution with limited resources and distinct policy and legal obligations, the MCCS also needs to ensure that such uses are consistent with those resources and obligations. The goal of this policy is to balance these interests and promote responsible and secure use for all.
A. Application
This policy applies to:
1. Each college and other entity of the MCCS;
2. All computing resources owned or operated by the MCCS including, but not limited to, all hardware, software, peripherals, networks, network components, accounts, physical and logical data, e-mail and all other data or information transmitted by such equipment (“computers”);
3. All employees, students and other persons who use such computers (“users”); and
4. In addition to any other computer use policy adopted by entities within the MCCS, and by entities outside the MCCS that operate resources accessed through or from the MCCS.
B. General Rules
1. Educational Priority
The priority use of MCCS computers is to provide direct support for learning, teaching and administration of MCCS programs. Such priority will govern access to MCCS computers.
2. Use is a Privilege, Not a Right
Use of MCCS computers and accounts thereon is a privilege, not a right. This privilege is limited by the provisions of this policy, any other pertinent policy or law, and may be withdrawn for violation thereof.
3. Limited Right of Privacy
Users may not have an expectation of privacy in their use of MCCS computers or networks. For example, the MCCS reserves the following rights:
a. Periodic Network Monitoring
The MCCS reserves the right to monitor periodically, randomly and without notice use rates, patterns, speed and system capacity to ensure the efficiency or integrity of the MCCS network and its computers. Such monitoring may proceed only by a person expressly authorized by the MCCS or college president;
b. Inspection of a Particular Account or Computer
The MCCS reserves the right to inspect those accounts, computers or files that the MCCS has reason to believe are misused, corrupt or damaged. Such inspection may proceed only by a person expressly authorized by the MCCS or college president and as advised by the MCCS general counsel; and
c. Access by Outside Agencies
User accounts, computers or files may also be subject to access in response to subpoenas, court orders, or other legal or regulatory requirements. Users will be notified as promptly as possible, unless notification is precluded by such subpoena or order.
4. Limited Designated Forum
The MCCS computer network constitutes a limited designated forum. This forum is designated for the limited purpose of helping students pursue, faculty to provide, and non-teaching staff to support the colleges’ education, training and related programs.
5. Time, Manner and Place Limitations
The MCCS reserves the right to limit certain uses on or through the MCCS computers at those times and locations that the MCCS determines are necessary to regulate system capacity and speed. These limitations apply, but are not limited to, the downloading of video, music, photographic and other large data files.
6. Website and Webpage Development and Management
Any website, web page or other portion of a website hosted by a server owned, operated or maintained by a college or the MCCS is the property and speech of the MCCS, and the MCCS reserves all rights to control the access to, content of, and all other aspects regarding such web pages or websites. The Presidents Council may adopt a procedure for controlling the development and management of such web pages and websites, including standards controlling links to web pages and/or websites that are not owned, operated or maintained by a college or the MCCS.
C. Specific Prohibitions
Conduct that violates this policy includes, but is not limited to, the following:
- Displaying, downloading, printing or distributing obscene, sexually explicit or sexually offensive images or text in a manner that constitutes sexual harassment or other violation of law;
- Violating copyright laws, including the unlawful reproduction or dissemination of copyrighted text, images, music, video and other protected materials;
- Using System computers for commercial activity, such as selling products or services;
- Unauthorized access to or use of a computer, computer account or network;
- Connecting unauthorized equipment to a college or MCCS network;
- Unauthorized attempts to circumvent data protection or security including, but not limited to, creating or running programs that identify security loopholes or decrypt secure data;
- Deliberately or negligently performing an act that will interfere with the regular operation of a computer;
- Deliberately or negligently running or installing a program that, by intent or effect, damages a computer, system or network. This includes, but is not limited to, programs known as computer “viruses,” “trojan horses” and “worms;”
- Deliberately or negligently wasting computing resources;
- Deliberately or negligently overloading computing resources, such as running excessive programs that use relatively substantial bandwidth and other resources. This includes, but is not limited to, peer-to-peer applications;
- Violating terms of applicable software licensing agreements;
- Using electronic mail to harass or threaten another person or organization;
- Initiating or perpetuating electronic chain letters or unauthorized mass mailings. This includes, but is not limited to: multiple mailings to news groups, mailing lists or individuals; “spamming;” “flooding;” and “bombing;”
- Misrepresenting or misappropriating the identity of a person or computer in an electronic communication;
- Transmitting or reproducing materials that are libelous or defamatory;
- Unauthorized monitoring of another user’s electronic communications; or reading, copying, changing or deleting another user’s files or software without authority;
- Communications that use public resources to promote partisan political activities;
- Communications that are not otherwise protected by law because they constitute, for example, defamation, incitement to unlawful conduct, an imminent threat of actual violence or harm, fighting words, terrorist threats, gross disobedience of legitimate rules, criminal or severe civil harassment or false advertising; and
- 19. Otherwise violating existing laws or System policies.
D. Enforcement
Violation of this policy may result in the loss of computing and/or network access; other disciplinary action; and/or appropriate civil or criminal legal action.
E. Security
Upon recommendations of the college and System directors of information technology, the Presidents Council shall adopt a procedure that provides adequate uniform security for all System and college computers and networks.
REFERENCES: 20-A M.R.S.A. §12706(1)
DATE ADOPTED: June 24, 2009
PROCEDURES MANUAL
GENERAL ADMINISTRATION
Section 203.1
SUBJECT: NOTICE OF RISK TO PERSONAL DATA
PURPOSE: To establish a procedure to provide notice of risk to personal data
I. Introduction
This Procedure complies with the provisions of the Notice of Risk to Personal Data Act.
II. Definitions
As used in this Procedure, the following terms have the following meanings:
A. Breach of System Security
“Breach of system security” means an:
1. Unauthorized acquisition of College or System computerized data that compromises the security, confidentiality or integrity of an individual’s personal information maintained on a College or MCCS computer; and/or
2. Authorized acquisition that is then used for an unauthorized disclosure of such personal information.
B. Personal Information
“Personal information” means the following information about an individual when such information is not encrypted or redacted:
1. First name or first initial; and
2. Last name; and
3. Any one or more of the following:
a. Social security number;
b. Driver’s license number or state identification card number;
c. Account number, credit card number or debit card number, if such a number could be used without additional identifying information, access codes or passwords;
d. Account passwords or personal identification numbers or other access codes; or
e. Any of the data elements contained in paragraphs a through d above when not in connection with the individual’s first name, or first initial, and last name, if the information if compromised would be sufficient to permit a person to fraudulently assume or attempt to assume the identity of the person whose information was compromised.
“Personal information” does not include information available to the general public from federal, state or local government records, widely distributed media, or other lawful source.
C. Unauthorized Person
“Unauthorized person” means a person who:
1. Does not have authority or permission to access such personal information; and/or
2. Obtains access to such personal information by fraud, misrepresentation or similar deceptive practice.
“Information broker” means any person who, on behalf of a College or the MCCS, maintains computerized data that includes personal information.
III. Duty to Investigate
If an information broker becomes aware of a breach of system security, the information broker shall promptly contact the College and/or MCCS Director of Information Technology. Such Director shall then promptly inform the College President and commence a reasonable and good faith investigation to determine the likelihood that personal information has been or will be misused.
IV. Duty to Notify
If a College and/or MCCS Director of Information Technology determines that it is likely that personal information has been or will be misused as result of a breach, the College or MCCS Director of Information Technology shall provide the following notice.
A. Content of Notice
The notice shall contain the date of the breach; the information believed to be accessed; a summary of the college’s efforts in response to the breach; and a College or MCCS contact who upon request can provide additional information.
B. Recipients of Notice
The above notice shall be provided to:
1. A person whose personal information has been, or is reasonably believed to have been, acquired by an unauthorized person; and
2. The MCCS Director of Information Technology, who in turn shall notify the MCCS President; and
3. The MCCS General Counsel, who in turn shall notify the Maine Attorney General’s Office; and
4. In breaches affecting more than 1,000 persons at a single time, the following consumer reporting agencies shall also be notified:
a. Experian
P.O. Box 2002
Allen, TX 75013-2002
1-888-397-3742
b. Trans Union
P.O. Box 1000
Chester, PA 19022
1-800-888-4213
c. Equifax
P.O. Box 740250
Atlanta, GA 30374-0250
1-800-685-1111
However, the notice to these agencies shall only include the following: date of the breach, an estimate of the number of persons affected by the breach, if known, and the actual or anticipated date that persons were or will be notified of the breach.
C. Timing of Notice
Notice shall be given as expediently as possible once a College and/or MCCS Director of Information Technology determines that it is likely that personal information has been or will be misused as result of a breach. However, such timing shall be determined consistent with any:
1. Known legitimate needs of law enforcement; and
2. Measures necessary to determine the scope of the security breach and restore the reasonable integrity, security and confidentiality of the data in the system.
D. Means of Notice
Notice shall be by U.S. Mail to last known address. If, however, the cost of providing such notice would exceed $5,000, or if the number of persons to receive notice exceeds 1,000, or if the College and System does not have such an address, the following notice may be given instead:
1. E-mail notice to those whose email addresses are known; and
2. Conspicuous posting of the notice on the College’s or System’s publicly accessible website; and
3. Notification to major statewide media.
V. Complete Copy of the Law
For a complete copy of the Maine law governing this subject, see 10 MRSA §§1346-50-A available at http://janus.state.me.us/legis/statutes/10/title10ch210-B.rtf.
REFERENCES: 10 M.R.S.A. §§1346-50-A
DATE ADOPTED: January 24, 2007
DATE(S) AMENDED: January 26, 2010