Information Technology Policies
Any violation of the following policies will result in appropriate University action. Such action may include, but is not limited to, restriction and/or removal of access to information technology resources, employee disciplinary action up to and including termination, student disciplinary proceedings or referral for legal prosecution.
The University reserves its right to modify and/or amend its policies at any time.
Computer System Access and Usage
To ensure the continued integrity of its information technology resources, facilities and controls, the University may audit, inspect and/or monitor network or resource usage, at any time, without notice. The University may limit or terminate the network access of any user who is in violation of any University or Information Technology (IT) policies.
Examples of improper use include, but are not limited to the following:
- Unauthorized access to network or electronic data in any form;
- The use of another’s password or account;
- The use of University data, networks or IT resources for commercial or political purposes;
- The unauthorized alteration of electronic files, including any disruption or interference (hacking / spam / viral programs);
- Software license or intellectual property violations;
- The violation of any University policy, local, state or federal law; harassment or defamation.
Users with access to confidential, privileged or financial data protected by law or University policy must adhere to the following security requirements:
Desktop security: All computers must be secured and non-approved software removed. Only approved software may be installed. Individual users on administrative systems may not add or remove software without Information Technology involvement. USB ports will be disabled to prevent the transportation or misuse of confidential information.
Internet: Internet browsing will be limited to approved, business websites by unit Directors. Personal webmail such as Yahoo, Google, etc. is not allowed.
Passwords: Frequent password changes will be required using unique combinations of alphanumeric and character sets such as “#, !” and so forth. Staff must not share passwords.
Remote Access: Remote access will be limited to LIU-owned computers utilizing virtual Citrix software that prevents the accidental transfer of information. All remote access must be authorized for business operation continuity purposes and approved by a University Officer.
Laptop security: Laptop use is not authorized for persons with access to extremely privileged information due to the risk of loss and associated threat of security breach. When laptop usage cannot be avoided, strong data encryption must be applied.
The University may also restrict unlimited electronic access. If an imposed limitation interferes with a user’s bona fide educational or research activities, the user may direct a written request for a waiver to his or her Department Chair, who, on approval, shall forward the request to the appropriate Dean for review. The University reserves the right to limit the use of information technology resources based on institutional priorities, technical capacity and fiscal considerations.
Article 156 of the New York State Penal Code and federal law (18 USC §§ 1030, 1302, 2252, 2501) impose criminal sanctions for certain offenses involving computers, software and computer data, including unauthorized use, fraud, computer trespass, computer tampering and unauthorized access to student records. Misuse of the University’s information technology resources is subject to disciplinary and/or legal action.
These policies apply to all users of any University information technology resource, including students, staff, faculty and other authorized users, whether operating on campus or from a remote location. The University’s information technology resources include, but are not limited to:
- Any network, communication system, computer equipment or media service provided by the University for educational, research, administrative, communication or related purposes;
- Information technology or data communications equipment owned, leased, or operated by the University;
- Any equipment connected to the University’s data network, regardless of ownership;
- All messages, data files and programs stored in or transmitted by any University information technology resource;
- All data and information assets created with or stored on systems operated by or for the University.
Information technology resources are provided by the University to support its educational and research mission. Use of University information technology resources is a privilege. Accordingly, all users of the University’s networks, systems and equipment are responsible for the proper use and protection of these resources, consistent with University policies and applicable law.
The Information Technology department supports the University’s educational mission by providing access to the following systems and services:
- Systems using the University network for communication;
- University networks, computer systems, equipment, storage and supporting resources;
- Electronic mail accounts, point-to-point messaging, list server postings;
- The World Wide Web;
- Special-purpose software on University network computers;
- Administrative information Systems;
- Learning Management Systems;
- Library Management Systems;
- The My LIU Student Portal.
Usage of the University's information technology systems and resources is a privilege granted to University students, faculty and staff, to support its educational mission. Passwords and account access may not be shared. Passwords are the frontline of protection for all user accounts. Persons using University information technology resources must safeguard their passwords. Select ‘secure’ passwords using letter, number and symbol combinations that cannot easily be ‘cracked’ by automated tools.
All users of the University’s computer network must maintain the integrity of the information technology systems. Any user who detects a possible security concern on any University system or network must report it immediately to the IT system administrators. The University reserves the right to audit, inspect, limit, revoke or refuse to extend IT privileges or access to its computer systems and electronic resources, at any time, in its sole discretion.
(i) Internet Content
The University does not control information available over the Internet and is not responsible for Internet content. Internet users should be aware that even sites accessed for legitimate educational or research purposes may contain offensive material. Workstations in open-access facilities, such as the University Computer Labs, shall be used in a fashion that is not offensive to the University community or violative of local, state or federal law.
(ii) Personal Use
The University is a non-profit, tax-exempt organization. As such, it is subject to federal and state laws that restrict the use of University property for matters unrelated to its Charter mission. As a recipient of state and federal funds, additional restrictions apply. To ensure compliance with applicable law and University policy, the use of the University’s information technology resources for political or commercial purposes, is prohibited.
(iii) Physical Security
All computers, data storage media and storage repositories that contain confidential information must be secured against loss or tampering. Portable computing devices such as laptops, hand-held equipment (PDAs) and data storage media pose a unique and significant risk for exposure of protected information and potential access to the University’s administrative systems. For these reasons, special care must be taken with these devices. The login should never be set for automated login, and all protected data stored on any portable device must be encrypted. Store all such devices in a secure location.
A University email address (i.e., email@example.com or firstname.lastname@example.org) will be assigned by the Information Technology department to registered students and University staff. Faculty members and administrative personnel must use their University email address when communicating with students and conducting other University business.
All LIU email account holders are expected to check their email regularly so that University communications will be timely received and read. The owner of an email account is responsible for its use and is presumed to have sent all communications actually sent from that account. Users may not view, copy, alter or destroy another’s email without permission unless authorized or required to do so by law or policy.
The University does not guarantee the confidentiality or privacy of its email services or data stored or sent through its network systems. Although every effort is made to preserve the integrity of the University’s communication systems, users should be aware that the interception of email messages on shared networks is possible. Redirecting email from an University email address to another address (e.g., @hotmail.com, @gmail.com), is also discouraged. The University is not responsible for the integrity of email directed to other service providers.
To protect the functionality and integrity of its IT systems, and protect users against unauthorized or improper use, the University reserves the right, without notice, to limit or restrict any individual’s use, and to inspect, remove, copy or otherwise address any data, file, or the like that may adversely affect authorized users. Email may be scanned automatically for malicious content (viruses, spam, phishing attacks) and deleted without warning. The University may also impose limitations or restrictions to address violations of University policies.
Email records resident on University-owned IT resources belong to the University and are subject to review and disclosure without notice when required by law, where a violation of law or University policy may exist, where there is a risk of spoliation, bodily harm, property loss or damage, where the University’s mission is jeopardized or during routine system administration.
Copyright infringement is the unauthorized copying, storing, displaying, or distributing of another’s intellectual property without the express permission of the copyright owner. In the file-sharing context (peer-to-peer or P2P shareware programs), downloading or uploading another’s work product without authority constitutes an infringement, and is prohibited by the federal Copyright Act of 1976 and Digital Millennium Copyright Act of 1998.
Penalties for copyright infringement are both civil and criminal in nature. For civil violations, individuals may be ordered to pay actual damages or statutory damages of not less than $750 and not more than $30,000 per infringement. For willful infringement, awards of up to $150,000 per incident may be granted; criminal penalties include imprisonment for up to five years and fines of $250,000 per offense. Attorney’s fees and costs may also be assessed. For more information, see www.copyright.gov, and www.copyright.gov/help/faq.
Users of University IT resources may use only legally obtained licensed data or software and must comply with all applicable licenses, copyright, trademark and other intellectual property laws. Much of what appears on the internet or is distributed via electronic communication is protected by copyright law, regardless of whether the copyright is expressly noted. Users of the University computer resources should assume that material is copyrighted unless they specifically know otherwise, and may not copy, download or distribute copyrighted material without permission. Protected material may include, among other things, music, movies, text, photographs, audio, video, graphic illustrations, and computer software.
The University continues to use appropriate technology to reduce and/or eliminate the practice of illegally sharing copyrighted materials. Known vectors used to share files are blocked from the campus. In addition, students are bound by existing University policy that specifically prohibits the use of copyrighted material without the permission of the copyright holder. Violators of the policy are subject to removal of network access and referral to the appropriate disciplinary body.
A list of legal downloading sites is available here: www.educause.edu/legalcontent. The University encourages all students and staff to take advantage of these resources.
It is the responsibility of every person who uses University IT resources to download or upload data to make sure that copyrighted work is not misappropriated, and that all necessary permissions are obtained from the copyright holder.
The University recognizes that the Internet provides unique opportunities to participate in interactive discussions, research and collaboration using a variety of social media and online venues, such as Facebook, Twitter, blogs, wikis, interactive websites, listeservs, newsgroups and so forth. However, the use of non-University hosted sites, systems or networks can pose risks to confidential and proprietary information, the University’s reputation and brand, and compliance with applicable laws.
Be aware that data mining programs used by off-site hosts may result in the sale of participant data (name, email address, etc) to third parties for commercial purposes. Those permissions are granted by your acceptance of the terms of the third party host site’s license.
The University uses encryption to ensure the integrity and security of information transferred on its networks and systems. Accordingly, University research involving the online solicitation of personal information and other data must use email, sites, service and software that have been designated as secure by the Information Technology department. Additional security measures may be required, based on the sensitivity of the research data obtained. Consult your campus IRB for additional information.
Users of social media must recognize that the manner in which they communicate, interact and share information online must follow the same rules and guidelines that govern activity in the University community at large.
- Protecting Confidential Information. Users must follow all applicable University confidentiality and privacy policies and related laws.
- Refraining from Harassing Comments. Members of the University community who use online social media are expected to conduct themselves in a manner consistent with the same expectations of dignity and respect that govern other modes of interaction.
- Respecting and Protecting Copyrights and Other Intellectual Property. All restrictions that apply in other contexts regarding copyrights and other intellectual property protections apply to social media postings as well.
- Respect all copyright and other intellectual property laws. For the University’s protection as well as your own, it is critical that you show proper respect for the laws governing copyright, fair use of copyrighted material owned by others, trademarks and other intellectual property, including the University’s own copyrights, trademarks and other brands.