ALERT: Information on Coronavirus (COVID-19)

Appropriate Use of Information Resources

The following policy is excerpted from the Information Resources Policy manual.

2.1.    Policy Statement

Lamar State College Port Arthur recognizes the importance of information resources and facilities to students, faculty, and staff. This policy establishes the appropriate use of information resources in order to:

  1. 2.1.1.    achieve College-wide compliance with applicable statutes, regulations, and mandates regarding the management of information resources;
  2. 2.1.2.    establish prudent and appropriate practices regarding the use of information resources; and
  3. 2.1.3.    educate individuals about the responsibilities they assume when using Lamar State College Port Arthur’s information resources.

2.2.    Applicability

  1. 2.2.1.    Applicable College policies and procedures include all LSCPA policies and procedures that address the usage of LSCPA information resources. Also applicable are College policies prohibiting harassment, plagiarism, or unethical conduct. 
  2. 2.2.2.    Laws that apply to the use of LSCPA’s information resources include laws pertaining to theft, copyright infringement, insertion of malicious software into computer systems, and other computer-related crimes. 
  3. 2.2.3.    This policy applies to all College information resources, regardless of where they reside.

2.3.    General

  1. 2.3.1.    LSCPA provides each of its authorized users with a computer account, known as an LSCPA User ID, which facilitates access to the LSCPA‘s information resources. In accepting an LSCPA User ID or any other access ID, the recipient agrees to abide by applicable LSCPA policies and federal, state, and local laws. LSCPA reserves the right at any time to limit, restrict, or deny access to its information resources and to take disciplinary or legal action against anyone in violation of these policies or statutes. 
  2. 2.3.2.    LSCPA provides information resources for the purpose of accomplishing tasks related to the College’s mission. LSCPA expects its faculty and staff to employ these resources as their first and preferred option for satisfying their business, research, or instructional needs. 
  3. 2.3.3.    The College may restrict the use of or access to its information resources. 
  4. 2.3.4.    LSCPA’s computer information resources are not a public forum.
  5. 2.3.5.    LSCPA considers email a significant information resource and an appropriate mechanism for official College communication. The College provides official College email addresses and services to its students, faculty, staff, and organizational units for this purpose and to enhance the efficiency of educational and administrative processes. In providing these services, the College anticipates that email recipients will access and read College communications in a timely fashion.
  6. 2.3.6.    Subject to applicable College policies and procedures, students are allowed to use the College‘s information resources for school-related purposes.
  7. 2.3.7.    Employees of LSCPA are allowed to use the College‘s information resources in the performance of their job duties and must adhere to all applicable College policies and federal, state, and local laws. State law and College policy permit incidental personal use of LSCPA information resources, subject to review and reasonable restrictions by the employee’s supervisor.
  8. 2.3.8.    Censorship is not compatible with LSCPA’s goals. The College will not limit access to any information due to its content, as long as it meets the standard of legality. The College reserves the right, however, to impose reasonable time, place, and manner restrictions on expressive activities that use its information resources. Furthermore, the College reserves the right to block or impose necessary safeguards against files and other information, such as malicious software and phishing emails, that are inherently malicious or pose a threat to the confidentially, integrity, or availability of information resources for the College and its stakeholders.
  9. 2.3.9.    LSCPA’s information resources are subject to monitoring, review, and disclosure as provided in Information Resources Policy 6.0 Information Security Control Standards, Section 6.16 System and Information Integrity. Consequently, users should not expect privacy in their use of LSCPA’s information resources, even in the case of users’ incidental, personal use.
  10. 2.3.10.    Intellectual property laws extend to the electronic environment. Users should assume that works communicated through LSCPA’s network infrastructure and other information resources are subject to copyright laws, unless specifically stated otherwise.
  11. 2.3.11.    The state of Texas and the College consider information resources as valuable assets. Further, computer software purchased or licensed by the College is the property of the College or the company from whom it is licensed. Any unauthorized access, use, alteration, duplication, destruction, or disclosure of any of these assets may constitute a computer-related crime, punishable under Texas and federal statutes.
  12. 2.3.12.    All policies that apply to College-owned computing devices (e.g., desktop computers, laptop computers, or mobile devices) used on campus also apply to those used off-campus (e.g., home-based computers, mobile devices, or laptop use while travelling), including restrictions on use as listed in Section 2.4 of this policy.

2.4.    Inappropriate Uses of Information Resources

  1. 2.4.1.    The following activities exemplify inappropriate use of the College’s information resources. These and similar activities are strictly prohibited for all users:
    1. 2.4.1.1.    Use of College information resources for illegal activities or purposes. The College will deal with such use appropriately and will report such use to law enforcement authorities. Examples of illegal activities or purposes include unauthorized access, intentional corruption or misuse of information resources, theft, and child pornography.
    2. 2.4.1.2.    Failure to comply with laws, policies, procedures, license agreements, and contracts that pertain to and limit the use of the College’s information resources.
    3. 2.4.1.3.    The abuse of information resources, including any willful act that:
      1. 2.4.1.3.1.    endangers or damages any specific computer software, hardware, program, network, data, or the system as a whole, whether located on campus or elsewhere on the global Internet;
      2. 2.4.1.3.2.    creates or allows a computer malfunction or interruption of operation;
      3. 2.4.1.3.3.    injects a malicious software into the computer system;
      4. 2.4.1.3.4.    sends a message with the intent to disrupt College operations or the operations of outside entities;
      5. 2.4.1.3.5.    produces output that occupies or monopolizes information resources for an unreasonable time period to the detriment of other authorized users;
      6. 2.4.1.3.6.    consumes an unreasonable amount of communications bandwidth, either on or off campus, to the detriment of other authorized users; or
      7. 2.4.1.3.7.    fails to adhere to time limitations that apply at computer facilities on campus.
    4. 2.4.1.4.    Use of College information resources for personal financial gain or commercial purpose.
    5. 2.4.1.5.    Failure to protect a password or LSCPA ID from unauthorized use.
    6. 2.4.1.6.    Falsely representing one’s identity through the use of another individual’s LSCPA User ID or permitting the use of an LSCPA User ID and password by someone other than their owner;  this restriction also applies to Personal Identification Numbers (PINs), Security Tokens (e.g., Smartcard), or similar information or devices used for identification and authorization purposes.
    7. 2.4.1.7.    Unauthorized attempts to use or access any electronic file system or data repository.
    8. 2.4.1.8.    Unauthorized use, access, duplication, disclosure, alteration, damage, or destruction of data contained on any electronic file, program, network, web page, or College hardware or software.
    9. 2.4.1.9.    Installing any software on College-owned information resources without Information Technology Services Department approval.
    10. 2.4.1.10.    Unauthorized duplication, use, or distribution of software and other copyrighted digital materials (including copyrighted music, graphics, videos, etc.). All software and many other digital materials are covered by some form of copyright, trademark, license, or agreement with potential civil and criminal liability penalties. The copyright or trademark holder must specifically authorize duplication, use or distribution, or a specific exception of the Copyright Act, such as the Fair Use exception, the Library exception, or exceptions under the TEACH Act, must apply.
    11. 2.4.1.11.    Participating or assisting in the deliberate circumvention of any security measure or administrative access control that pertains to College information resources.
    12. 2.4.1.12.    Using College information resources in a manner that violates other College policies or student code handbook, such as racial, ethnic, religious, sexual, or other forms of harassment.
    13. 2.4.1.13.    Using College information resources for the transmission of spam mail, chain letters, malicious software (e.g., viruses, worms, or spyware), phishing, or personal advertisements, solicitations, or promotions.
    14. 2.4.1.14.    Modifying any wiring or attempting to extend the network beyond the port (i.e., adding hubs, switches, wireless access points, or similar devices) in violation of Information Resources Policy 6.0 Information Security Control Standards, Section 6.14.
    15. 2.4.1.15.    Using LSCPA’s information resources to affect the result of a local, state, or national election or to achieve any other political purpose (consistent with Texas Government Code §556.004).
    16. 2.4.1.16.    Using LSCPA’s information resources to state, represent, infer, or imply an official College position without appropriate authorization.
    17. 2.4.1.17.    Unauthorized network scanning, foot printing, reconnaissance, or eavesdropping on information resources for available ports, file shares, or other vulnerabilities.
    18. 2.4.1.18.    Unauthorized alteration or relay of network traffic (e.g., man in the middle attacks).
  2. 2.4.2.    The following restrictions apply to incidental use of College information resources:
    1. 2.4.2.1.    Incidental personal use of information resources is restricted to College-approved users; it does not extend to family members or other acquaintances.
    2. 2.4.2.2.    Incidental use must not result in direct costs to the College.
    3. 2.4.2.3.    Incidental use must not interfere with the normal performance of an employee’s work duties.

2.5.    Responsibilities of Users

  1. 2.5.1.    Each user shall utilize College information resources responsibly and respect the needs of other users.
  2. 2.5.2.    In keeping with LSCPA’s core values, all uses of its information resources should reflect high ethical standards, mutual respect, and civility.
  3. 2.5.3.    Users are responsible for any activity that takes place using their account. 
  4. 2.5.4.    Users must report any suspected weaknesses in computer security, any incidents of possible abuse or misuse, or any violation of this agreement to the Information Technology Services department and/or the ISO immediately upon discovery.
  5. 2.5.5.    Administrative heads and supervisors must report ongoing or serious problems regarding the use of LSCPA information resources to the Information Technology Services department.
  6. 2.5.6.    Each user shall immediately notify the Information Technology Services department and/or the ISO of the loss of any fixed or portable storage device or media, regardless of ownership, that contains College data. (See Information Resources Policy 6.0 Information Security Control Standards, Section 6.11.)

2.6.    Access to College Information Resources by Auditors

  1. 2.6.1.    Consistent with Chapter III, paragraph 7.4 of The TSUS Rules and Regulations, the TSUS director of Audits and Analysis and auditors reporting to them, either directly or indirectly, while in the performance of their assigned duties, shall have full, free, and unrestricted access to all College information resources, with or without notification or consent of the assigned owner of the resources. This includes personal information stored on College information resources. The College shall afford this access consistent with Information Resources Policy 6.0 Information Security Control Standards, Section 6.8.
  2. 2.6.2.    The College shall provide state, federal, and other external auditors with access to College information resources with prior approval by the IRM.

2.7.    Consequences for Failure to Adhere to this Policy

  1. 2.7.1.    Failure to adhere to this policy may lead to the revocation of a user’s LSCPA User ID, suspension, dismissal, or other disciplinary action by the College, as well as referral to legal and law enforcement agencies.
  2. 2.7.2.    Statutes pertaining to the use of College information resources include the following:
    1. 2.7.2.1.    The Federal Family Educational Rights and Privacy Act (FERPA) – restricts access to personally identifiable information from students’ education records.
    2. 2.7.2.2.    1 Tex. Admin. Code §202.70-76  – establishes information security requirements for Texas state agencies and public higher education institutions.
    3. 2.7.2.3.    Texas Penal Code, Chapter 33: Computer Crimes – specifically prohibits unauthorized use of College computers, unauthorized access to stored data, or dissemination of passwords or other confidential information to facilitate unauthorized access to the College’s computer system or data.
    4. 2.7.2.4.    Texas Penal Code, §37.10: Tampering with Governmental Record – prohibits any alteration, destruction, or false entry of data that impairs the validity, legibility, or availability of any record maintained by the College.
    5. 2.7.2.5.    United States Code, Title 18, Chapter 47, §1030: Fraud and Related Activity in Connection with Computers – prohibits unauthorized and fraudulent access to information resources, accessing a computer to obtain restricted information without authorization; altering, damaging, or destroying information on a government computer without authorization; trafficking in passwords or similar information used to gain unauthorized access to a government computer; and transmitting viruses and other malicious software.
    6. 2.7.2.6.    Copyright Law, 17 U.S.C. §101-1332, 18 U.S.C. §2318-2323 – forms the primary basis of copyright law in the United States, as amended by subsequent legislation. The Law spells out the basic rights of copyright holders and codifies the doctrine of fair use.
    7. 2.7.2.7.    Digital Millennium Copyright Act (DMCA), 17 U.S.C. §512 as amended and 28 U.S.C. §4001 – criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works. The Act amended Title 17 of the United States Code to extend the reach of copyright, while limiting the liability of internet service providers (like LSCPA) for copyright infringement by their users, provided the service provider removes access to allegedly infringing materials in response to a properly formed complaint.
    8. 2.7.2.8.    Electronic Communications Privacy Act (U.S.C., Title 18) – prohibits the interception or disclosure of electronic communication and defines those situations in which disclosure is legal.
    9. 2.7.2.9.    Computer Software Rental Amendments Act of 1990 – deals with the unauthorized rental, lease, or lending of copyrighted software.
    10. 2.7.2.10.    Texas Government Code §556.004 – prohibits using state resources or programs to influence elections or to achieve any other political purpose.
    11. 2.7.2.11.    Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R 164 – sets security management requirements and broad management controls to protect the privacy of patient health information.
    12. 2.7.2.12.    Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. §3541 – requires every federal agency to develop, document, and implement an agency-wide information security program. The law was amended by FISMA 2010, which changed the focus from paperwork compliance to continuous monitoring and threat mitigation.

2.8.    Related Policies, Regulations, Standards, and Guidelines

  1. 2.8.1.    Computer Software Rental Amendments Act of 1990 
  2. 2.8.2.    Copyright Law, 17 U.S.C. §101-1332, 18 U.S.C. §2318-2323
  3. 2.8.3.    Digital Millennium Copyright Act (DMCA), 17 U.S.C. §512 as amended and 28 U.S.C. §4001
  4. 2.8.4.    Electronic Communications Privacy Act (U.S.C., Title 18
  5. 2.8.5.    Federal Family Educational Rights and Privacy Act (FERPA) 
  6. 2.8.6.    Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. §3541 
  7. 2.8.7.    Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R 164 
  8. 2.8.8.    United States Code, Title 18, Chapter 47, §1030: Fraud and Related Activity in Connection with Computers 
  9. 2.8.9.    1 Tex. Admin. Code §202.70-76 
  10. 2.8.10.    Texas Government Code §556.004 
  11. 2.8.11.    Texas Penal Code, Chapter 33: Computer Crimes 
  12. 2.8.12.    Texas Penal Code, §37.10: Tampering with Governmental Record 
  13. 2.8.13.    TSUS Sexual Misconduct Policy and Procedures
  14. 2.8.14.    LSCPA Policy 2.0 Nondiscrimination/Equal Employment Opportunity and Workforce Diversity
  15. 2.8.15.    LSCPA Policy 5.0 Ethics
  16. 2.8.16.    LSCPA Policy 5.1 Standards of Conduct
  17. 2.8.17.    LSCPA Policy 5.2 Conflicts of Interest
  18. 2.8.18.    LSCPA Policy 5.3 Fraud
  19. 2.8.19.    LSCPA Policy 5.10 Use of State Property
  20. 2.8.20.    LSCPA Policy 5.16 Social Media
  21. 2.8.21.    LSCPA Policy 7.8 Copyright Policy
  22. 2.8.22.    LSCPA Policy 9.17 Sexual Harassment
  23. 2.8.23.    LSCPA Policy 11.0 Family Education Rights and Privacy Act (FERPA)
  24. 2.8.24.    LSCPA Policy 11.5 Racial Harassment
  25. 2.8.25.    LSCPA Information Resources Policy 1.0 Information Resources Management
  26. 2.8.26.    LSCPA Information Resources Policy 6.0 Information Security Control Standards

Approved November 2020