Information Security Policy

Information Security Policy

Main Policy

The Information Security Policy is designed to protect Keuka College’s proprietary and sensitive information from theft and/or loss while retaining the free information needs of the academic culture within an educational institution. It ensures that the College will comply with all federal and state regulations regarding the collection and retention of any private/confidential data. It insures a secure and trusted environment.

This policy is designed to comply with or is based on the following:

  • FERPA
  • eDiscovery
  • NYS Personal Information Laws
  • Non-NYS Personal Information Laws
  • GDPR

Information covered by this policy is any information that:

  • Resides in datacenter databases
  • Is transmitted across both intranet and extranet
  • Resides on College-owned PCs
  • Is hand-written if it includes confidential or FERPA-related data
  • Stored on College-owned removable storage such as flash drives, CDs, and similar mediums
  • Is presented using slides and other audio/visual equipment
  • Resides in cloud applications used by the College

Security of our information is retained through many electronic and physical means. These include:

  • Policies
  • Physical protection such as controlled card-swipe and key access
  • Regular vulnerability assessments
  • Access Control Lists, Virtual Local Area Networks, and Firewalls
  • Encrypted wireless networks
  • Data Center environmental controls
  • User education
  • Vendor evaluation

Limitation of Access to Information Systems

Access to physical servers is limited to the network and systems administration personnel within IT, the division VP of which IT resides in, and the current IT department head. Entrance into the Data Center requires dual-factor digital access granted to those employees. All other persons are always required to be under supervision of the listed individuals while inside the Data Center. Video recording is always active within the Data Center.

Access to virtualized servers remotely is granted in a case-by-case basis to other users within the IT organization. This is granted only to users who maintain those systems on an application-update level. Their network credentials are utilized to authorize this access.

Access to databases is granted remotely to specific Administrators within IT of those systems. Their network credentials are utilized to authorize this access.

Access to data within those databases is granted to reporting/business analyst users through a Data Warehouse and reporting tools. Access is segregated based on duties so that only data authorized by the respective departments can be accessed.

Access to data within our Student Information System is limited to Employees of the College through an encrypted web interface that is only accessible off campus via Virtual Private Network. Duty segregation is approved through the different heads of the respective departments and are closely controlled through use of personas.

Policy Responsibility

While all Keuka College employees are responsible for following rules and policies, Keuka College Information Technology is the current “owner” of the College’s system and network infrastructure as well as computer assets and cloud contracts. IT is responsible for maintaining and providing a safe and secure environment to perform daily duties.

Data Encryption

  • Interface to critical College systems containing sensitive/confidential information is encrypted and, as a further step, limited to within the internal network or accessed from an encrypted VPN tunnel or two-factor authentication.

Keuka College prohibits the deliberate introduction of inaccuracies into, or loss of, our retained information. The College also prohibits using our information to breach privacy, compromising system performance or security, or damaging any hardware.

Keuka College will protect its assets from threats to its security whether deliberate or accidental. Alongside this, since no single department can provide for absolute security, all College employees, students, and other authorized users of Keuka College are responsible of minimizing risks and making sure to comply with policy as well as secure any assets within their control and capability.

College-wide awareness of threats as well as common and new attack methodologies is necessary to retain a secure environment. Keuka College will provide education about these, as well as our current policies and changes within them via handouts, emails, and newsletters.

Last Revised 9/15/2020 - TEF

Details surrounding the multiple policies that make this parent IS policy are below under “Related Policies.”

Related Policies

Purpose:

The computing resources at Keuka College support the educational, instructional, research, and administrative activities of the College and the use of these resources is a privilege that is extended to members of the Keuka College community. As a user of these services and facilities, you have access to valuable College resources, to sensitive data, and to internal and external networks. Consequently, it is important for you to behave in a responsible, ethical, and legal manner.

In general, acceptable use means respecting the rights of other computer users, the integrity of the physical facilities and all pertinent license and contractual agreements. If an individual is found to be in violation of the Acceptable Use Policy, the College will take disciplinary action, including the restriction and possible loss of network privileges. Any violations also breaching the College’s policies could result in further consequences, including suspension or termination from the College. Individuals are also subject to federal, state, and local laws governing many interactions that occur on the Internet. These policies and laws are subject to change as state and federal laws develop and change.

This document establishes specific requirements for the use of all computing and network resources at Keuka College.

Compliancy:

This policy is designed to comply with or is based on the following:

  • DMCA
  • Copyright Act
  • CAN-SPAM Act

Scope:

This policy applies to all users of computing resources owned or managed by Keuka College. Individuals covered by the policy include (but are not limited to) Keuka College faculty and visiting faculty, staff, students, alumni, guests or agents of the administration, external individuals and organizations accessing network services via Keuka College's computing facilities.

Computing resources include all College owned, licensed, or managed hardware and software, and use of the College network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.

These policies apply to technology administered in individual departments, the resources administered by central administrative departments (such as the College Libraries and Computing and Information Services), personally owned computers and devices connected by wire or wireless to the campus network, and to off-campus computers that connect remotely to the College's network services.

Procedure(s):

As a member of the Keuka College community, you are expected to uphold local ordinances and state and federal law. Some Keuka College guidelines related to use of technologies derive from that concern, including laws regarding license and copyright, and the protection of intellectual property.

As a user of Keuka College's computing and network resources you must:

  • Abide by all federal, state, and local laws
  • Abide by all applicable copyright laws and licenses. Keuka College has entered into legal agreements or contracts for many of our software and network resources which require everyone using them to comply with those agreements
  • Observe the copyright law as it applies to music, videos, games, images, texts, and other media in both personal use and in production of electronic information. The ease with which electronic materials can be copied, modified, and sent over the Internet makes electronic materials extremely vulnerable to unauthorized access, invasion of privacy and copyright infringement
  • Not use, copy, or distribute copyrighted works (including but not limited to Web page graphics, sound files, film clips, trademarks, software and logos) unless you have a legal right to use, copy, distribute, or otherwise exploit the copyrighted work. Doing so may provide the basis for disciplinary action, civil litigation, and criminal prosecution

Policy:

Your Rights and Responsibilities

As a member of the College community, the College provides you with the use of scholarly and/or work-related tools, including access to the Library, to certain computer systems, servers, software and databases, to the campus telephone and voice mail systems, and to the Internet. You have a reasonable expectation of unobstructed use of these tools, of certain degrees of privacy (which may vary depending on whether you are a College employee or a matriculated student), and of protection from abuse and intrusion by others sharing these resources. You can expect your right to access information and to express your opinion to be protected as it is for paper and other forms of non-electronic communication.

In turn, you are responsible for knowing the regulations and policies of the College that apply to appropriate use of the College's technologies and resources. You are responsible for exercising good judgment in the use of the College's technological and information resources. Just because an action is technically possible does not mean that it is appropriate to perform that action.

As a representative of the Keuka College community, you are expected to respect the College's good name in your electronic dealings with those outside the College.

You may use only the computers, computer accounts, and computer files for which you have authorization.

You may not use another individual's account or attempt to capture or guess other users' passwords.

You are individually responsible for appropriate use of all resources assigned to you, including the computer, the network address or port, software, and hardware. Therefore, you are accountable to the College for all use of such resources. As an authorized Keuka College user of resources, you may not enable unauthorized users to access the network by using a Keuka College computer or a personal computer that is connected to the Keuka College network.

The College is bound by its contractual and license agreements respecting certain third-party resources; you are expected to comply with all such agreements when using such resources.

You should make a reasonable effort to protect your passwords and to secure resources against unauthorized use or access. You must configure hardware and software in a way that reasonably prevents unauthorized users from accessing Keuka College's network and computing resources.

You must not attempt to access restricted portions of the network, an operating system, security software or other administrative applications without appropriate authorization by the system owner or administrator.

You must comply with the policies and guidelines for any specific set of resources to which you have been granted access. When other policies are more restrictive than this policy, the more restrictive policy takes precedence.

You must not use Keuka College computing and/or network resources in conjunction with the execution of programs, software, processes, or automated transaction-based commands that are intended to disrupt (or that could reasonably be expected to disrupt) other computer or network users, or damage or degrade performance, software or hardware components of a system.

On Keuka College network and/or computing systems, do not use tools that are normally used to assess security or to attack computer systems or networks (e.g., password 'crackers,' vulnerability scanners, network sniffers, etc.) unless you have been specifically authorized to do so by the KC Information Systems & Security Group.

Fair Share of Resources

Computing and Information Services, and other College departments which operate and maintain computers, network systems and servers, expect to maintain an acceptable level of performance and must assure that frivolous, excessive, or inappropriate use of the resources by one person or a few people does not degrade performance for others. The campus network, computer clusters, mail servers and other central computing resources are shared widely and are limited, requiring that resources be utilized with consideration for others who also use them. Therefore, the use of any automated processes to gain technical advantage over others in the Keuka College community is explicitly forbidden.

The College may choose to set limits on an individual's use of a resource through quotas, time limits, and other mechanisms to ensure that these resources can be used by anyone who needs them.

Other Inappropriate Activities

Use Keuka College’s computing facilities and services for those activities that are consistent with the educational, research and public service mission of the College. Other prohibited activities include:

  • Activities that would jeopardize the College's tax-exempt status
  • Use of Keuka College’s computing services and facilities for political purposes
  • Use of Keuka College's computing services and facilities for personal economic gain

User Compliance

When you use College computing services, and accept any College issued computing accounts, you agree to comply with this and all other computing related policies. You have the responsibility to keep up to date on changes in the computing environment, as published, using College electronic and print publication mechanisms, and to adapt to those changes, as necessary.

Last Revised 9/15/2020 - TEF

Purpose:

This Supporting Policy requires the use of robust passwords that must be changed at predetermined intervals.  Passwords are an essential aspect of the security of the Colleges’ Electronic Resources and they provide an important first line of protection for the Electronic Resources, Institutional Data, and intellectual property that resides at the College.  Having a strong password is one way that each User can contribute to the community’s overall security.  Strong passwords help the College prevent unauthorized or inappropriate access to various Electronic Resources like email accounts, online library resources, student information systems, financial records, file repositories, learning management systems, and administrative/transactional systems.

Compliancy:

This policy is designed to comply with or is based on the following:

  • NIST Digital Identity Guidelines

Scope:

This Supporting Policy applies to all Keuka College (or the “College”) community members and Users, as defined in the Colleges’ Acceptable Use Policy, that are provided with credentials (i.e. username and password) to access the Colleges network, technology infrastructure, or resources as defined in the Colleges’ Acceptable Use Policy. This Supporting Policy is intended to supplement the Acceptable Use Policy; consequently, any defined terms within this policy have the same meaning as their definition in the Acceptable Use Policy.

Procedure(s):

All Users are expected to adhere to the following guidelines regarding their password:

  • To help prevent identity theft, personal or fiscally useful information such as Social Security or credit card numbers should never be used as a user ID or a password
  • All passwords are to be treated as sensitive information and should therefore never be written down or stored on-line unless adequately secured
  • Passwords should not be inserted into email messages or other forms of electronic communication
  • Passwords that could be used to access sensitive information must be encrypted in transit
  • The same password should not be used for access needs external to Keuka College (e.g., online banking, benefits, etc.)

Individual passwords should not be shared with anyone, including administrative assistants or IT administrators. Necessary exceptions may be allowed with the consent of the IT Security Office and must have a primary responsible contact person. If a password is suspected to have been compromised, it should be changed immediately, and the incident reported to the IT Security Office.

If you are struggling to remember passwords, some common methods are to incorporate the application, with a phrase, and something memorable. Example password for Keuka College credentials. A birthday is January 3, 2011. A possible password could be “KeukaCollegeWasBornOn010311”. This password makes no logical sense, incorporates memorable numbers, and involves what the credentials are for.

Policy:

Password Specifications

All Users must maintain a password that meets three (3) of the following minimum requirements:

  • Must be a minimum of 8 characters
  • At least one upper case alphabetic character (A-Z)
  • At least one lower case alphabetic character (a-z)
  • At least one number
  • At least one symbol
  • No blank spaces
  • Cannot match your last four passwords
  • Should not contain your first name, last name, or username

Password Expiration

Passwords will automatically expire after 180 days and must be changed. Password reset instructions can be accessed at our account-assistance page.

Account Administration Standards

In addition to the general password guidelines listed above, the following apply to account passwords, except where technically and/or administratively infeasible:

  • Attempts to guess a password should be automatically limited to 3 incorrect guesses. Access should then be locked for a minimum of ten minutes, unless a local system administrator intercedes
  • Failed attempts will be logged unless such action results in the display of a failed password
  • Administrators will regularly inspect these logs for any irregularities or compromises and will be immediately reported to the Information Security Group

Non-Compliance

Failure to comply with this Supporting Policy may result in actions as specified in the Acceptable Use Policy.

Last Revised 9/15/2020 - TEF

Purpose:

Keuka College is committed to safeguarding all personally identifiable information we obtain about our customers and visitors, whether internal or external. This policy applies to anyone who accesses online services provided by Keuka College. Keuka College reserves the right to retain all incoming and outgoing communications through our website for the purposes of training staff and quality assurance.

Compliancy:

This policy is designed to comply with or is based on the following:

  • GDPR
  • US Privacy Act
  • New York Privacy Act

Scope:

This policy directly or indirectly impacts the following utilizing Keuka College applications resources:

  • External users on our websites
  • Alumni and external community
  • Students and prospective students
  • Faculty, staff, and contract employees

Procedure(s):

How We Use this Information

Keuka College does not sell, rent, or lease your personal information to others except as outlined in this policy. The College will share personally identifiable information about you with other companies or people when one or more of the following conditions apply:

  • We have your consent to share the information
  • We need to share your information to provide the product or service you have requested
  • We need to send the information to companies who work on behalf of the Colleges to provide a product or service to you
  • We are responding to subpoenas, court orders or legal process
  • We find it necessary to protect and defend the legal rights or property of Keuka College

Privacy in Email

While every effort is made to ensure the privacy of Keuka College email users, this may not always be possible. In addition, since employees are granted use of electronic information systems and network services to conduct College business, there may be instances when the College, based on approval from authorized officers, reserves and retains the right to access and inspect stored information without the consent of the user.

While the College does not generally monitor or limit content of information transmitted on the campus network, it reserves the right to access and review such information under certain conditions. These include:

  • Investigating performance deviations and system problems (with reasonable cause)
  • Determining if an individual is in violation of this policy
  • To ensure that Keuka College is not subject to claims of institutional misconduct

Policy:

Privacy Policy Changes

Keuka College may revise or update this Privacy Policy. Please contact us as described below or check back at this site periodically to obtain a current copy of this Privacy Policy.

Contacting Us

If you wish to access or update any of your personal information, or have any questions about our privacy practices, please contact information_security@keuka.edu. Keuka College Attn: Information Security Manager 141 Central Ave. Keuka Park, NY 14478 

External users on our websites

This policy can be found on our external website at https://drup8.keuka.edu/privacy

Alumni and External Community

How We Collect Personal Information

We may collect your personal data in several ways, for example:

  • From the information you provide to us when you interact with us, for example when you register with the alumni association, contact us by email, telephone, mail, social media, or in person, register for an event, make an enquiry, respond to a questionnaire, make a donation, or volunteer with the College
  • If you are a former student of Keuka College, we will usually hold a record of your previous contact details and the academic studies you completed with us. These will be obtained from your student record and a copy transferred to the alumni database. We may ask you to confirm these details when you get in touch with us to help us identify your record or to assist you with your inquiry
  • We may obtain personal data about you from third parties. You may have given other organizations permission to share your personal data. When appropriate we may combine third party data with existing data that we already hold about you to update, add to, or improve your contact details
  • We may hold information from the public domain, such as information about you from company websites, social media, national change of address service, public honors and rich lists, and press sources

The types of information we collect

We may collect the following types of personal data about you:

  • name, title, date of birth, and gender
  • contact details including mailing address, email, phone numbers, and links to social media accounts
  • your occupation and professional activities
  • your recreations and interests
  • records of communications from us to you, and vice-versa
  • media articles that provide information about your background and achievements
  • information on your engagement with Keuka College, including attendance at events, volunteering, responses to surveys or focus groups, records of meetings, engagement with communications (e.g. newsletters)
  • a summary of your academic record, including, student identification number, graduation date, and subject studied
  • family and spouse / partner details, and your relationship to other alumni, current or prospective students, staff, and supporters
  • additional details about your time at Keuka College and your achievements since graduation
  • If you owe Keuka College money, this may be recorded on your alumni record and you may not be able to access alumni services until the debt is settled.

Additional information we may collect in addition to the above, if for example, you donate or register for an event includes:

  • event attendance record
  • event payment details
  • a history of donations made to the College (we do not keep bank or credit card details)
  • information about your wealth where appropriate
  • information about your health, for example if you have any food allergies or special access requirements for a specific event

How we use this information

The purposes for which we may use personal data (including sensitive personal data) we collect during association with us include:

  • sending you publications from the College by mail or email
  • sending newsletters with College news, events, and alumni profiles
  • telling you about College events, alumni events and reunions and sending your invitations
  • giving you information about opportunities that we think may be of interest to you including job vacancies, mentoring, auditions, volunteering, and competitions
  • contacting you about opportunities to give donations to support our work and or other fundraising opportunities and programs
  • we may analyze, segment and profile personal data to help us identify individuals who may be able and willing to support Keuka College financially. This may include wealth screening. This will help us to use our resources effectively and personalize the services and communications we send to you about our fundraising activities
  • sending you communications from your school or faculty
  • giving you information about further study opportunities, including the availability of postgraduate fee discounts and scholarships
  • communications to meet statutory requirements such as the Graduate Outcomes Survey
  • for administration purposes to maintain a secure database of your details, including updating any preference changes received from you
  • to undertake analytics, analysis, and research so that we may improve the services offered by Keuka College
  • using information in aggregate (so that no individuals can be identified) for strategic development
  • we may use records of your interactions with Keuka College to help us to personalize our service to you and direct resources appropriately
  • we track email communications including views, opens, and clicks to help us improve our email communications and identify individuals engaging with our communications. We may add this data to your individual record and use it to personalize the communications we send to you

How long your information is kept

We will hold your personal information within a secure dedicated database for as long as is necessary to provide alumni and development services to you. Where you have indicated you no longer wish to receive any services your information will be retained and securely and permanently destroyed in accordance with the Keuka College retention and destruction policy.

Students and Prospective Students

How we collect your information

We may collect your personal data in several ways, for example:

  • from the information you provide to us when you interact with us before enrolling, for example when you express your interest in studying at Keuka College
  • when you apply to Keuka College and complete enrollment forms via our application system and when you complete other admissions processes and procedures
  • when you communicate with us by telephone, email, or website; for example, to make inquiries or raise concerns
  • in various other ways as you interact with us during your time as a student at Keuka College, for the various purposes set out below
  • from third parties, for example from your previous or current school

The types of information we collect

We may collect the following types of personal data about you:

  • your name, and contact information such as address, email address, and telephone number, as well as your date of birth, social security number (or other tax identification number) and your visa number, country of domicile, and your nationality. We will also allocate you a unique student number
  • information relating to your education and employment history, the school(s) and other colleges or universities you have attended and places where you have worked, the courses you have completed, dates of study and examination results. We will also keep records relating to assessments of your work, details of examinations taken, your predicted and actual examination grades, and other information in your student record
  • information about your family or personal circumstances, and both academic and extracurricular interests, for example where this is relevant to the assessment of your living arrangements
  • sensitive personal data and information about criminal convictions and offenses, including:
    • information concerning your health and medical conditions (e.g. disability and dietary needs)
    • certain criminal convictions
    • information about your racial or ethnic origin

How we use this information

The purposes for which we may use personal data (including sensitive personal data) we collect during a student's association with us include:

  • recruitment and admissions
  • academic matters, including:
    • the provision of our core teaching, learning, and research services (e.g. registration, assessment, attendance, managing progress, academic misconduct investigations, certification, graduation)
    • maintaining student records
    • assessing your eligibility for grants and scholarships, etc.
    • providing library, IT and information services
  • non-academic matters in support of our core services, including:
    • Monitoring equal opportunities
    • safeguarding and promoting the welfare of students
    • ensuring students' safety and security
    • managing student accommodation
    • managing the use of social media
    • managing car parking on campus
    • administering finance (e.g. fees, scholarships, and grants)
  • other administrative purposes, including:
    • carrying out research and statistical analysis
    • carrying out audits (e.g. to ensure compliance with our regulatory and legal obligations)
    • providing operational information (e.g. providing IT support, information about building closures or access restrictions on campus, or safety advice)
    • promoting our services (e.g. providing information about summer schools, student exchanges, or other events happening on and off campus)
    • preventing and detecting crime
    • dealing with grievances and disciplinary actions
    • dealing with complaints and inquiries

How long your information is kept

Subject to any other notices that we may provide to you, we may retain your personal data for a period of seven years after your association with us has come to an end. However, some information may be retained indefinitely by us to maintain your academic record for archiving purposes (or by Advancement & Alumni Relations for the purposes of supporting your lifelong relationship with Keuka College).

Faculty, staff, and contract employees

How we collect your information

We may collect your personal data in several ways, for example:

  • from the information you provide to us when you interact with us, for example when you apply online, contact us by email, telephone, mail, social media, or in person
  • forms submitted throughout employment for change in information, for example when you change your tax status, benefits choices, or request regarding your employment
  • through background checks issued for employment at the Institution

The types of information we collect

We may collect the following types of personal data about you:

  • Personal details such as name, date of birth, contact and next-of-kin details, and Social Security number
  • visa details
  • bank account details
  • salary and grade details
  • records concerning appraisal and training
  • time off details
  • proceedings relating to promotions
  • contracts or terms and conditions, of employment
  • records of grievances
  • investigations into breaches of terms and conditions of employment
  • records of disciplinary proceedings
  • health and safety records (including accident reports)
  • in some departments, workload, work allocation and financial information is maintained
  • where appropriate, audio and/or video recording data of staff giving lectures, presentations, and workshops

How we use this information

The purposes for which we may use personal data (including sensitive personal data) we collect during association with us include:

  • pay your salary into your bank account
  • review employee performance
  • assess suitability for promotion
  • monitor absence and sickness records in accordance with HR policy
  • enable employees to undertake their roles in teaching, research, and administration
  • publish the print and online employee directories of basic contact details (publicly available)

How long your information is kept

We will hold your personal information within a secure dedicated database for as long as is necessary to provide employment services to you. Where you have indicated you no longer wish to receive any services your information will be retained and securely and permanently destroyed in accordance with the Keuka College retention and destruction policy.

Last Revised 9/15/2020 - TEF

Purpose

This policy is in place to ensure that Student Identity can be verified safely and efficiently when in-person verification cannot be achieved effectively.

Compliancy

This policy is designed to comply with or is based on the following:

  • Higher Education Opportunity Act (HEOA)

Scope

This policy directly or indirectly impacts the following:

  • Any credit-bearing distance-learning courses or programs.
  • Any credit-bearing hybrid in-person and distance learning courses or programs.
  • Any credit-bearing in-person courses or programs where an online LMS is utilized to submit classwork, view course materials, or take quizzes/exams.

Procedure(s)

Linking Student Identity to Login Credentials

Verification of student identity begins when they apply for Keuka College. Identity information is confirmed by the admissions team within our enrollment management software. (EMS) Student biographic, demographic, admissions, and enrollment records are maintained here during this stage.

After acceptance, a student and their biographic, demographic, admissions, and enrollment records are imported into our Student Information System. (SIS)

After import of information into the SIS, or for our on-campus program, after completing deposit, this data is imported into Keuka College Information Technology’s (KCIT) Identity Management System. (IDM) A username is created based on this information in our local Directory Service (DS) and replicated to our cloud messaging and collaboration services. The username and password (in separate emails) are sent to the student’s personal email address.

Upon first login, a student is required to change their password. This allows the student the ability to log in with a personalized password from that moment on. It also ensures that if the original password is compromised, it will not allow successful login. Students are then requested to set up security questions for future access attempts and password self-resets. Further verification of identity is made under the circumstances of a forgotten password and inability to answer security questions to reset the password.

Verification Supporting Information

Messaging services, including email, utilize this username and password to affirm identity of sent information. Our Learning Management System, utilized by many courses and programs for coursework and materials, requires this username and password to use. This is linked to the user’s identity account.

As outlined in our Acceptable Use Policy, students are responsible for maintaining the security of their username and password. These may not be shared or given to anyone other than the person to whom they were assigned. Users are responsible for any use and activity of their account.

In many courses and programs, live interaction on video is also utilized for visual identification.

No fee is charged to a student for student identity verification. Should this be subject to change, students will be notified of additional fees, prior to the continuation of registration.

Policy

All credit-bearing courses and programs offering a portion or all of its course materials through online learning or distance education must verify that a student whom registers for said course or program is the same student that participates in and completes the course to receive academic credit.

Last Revised 9/15/2020 - TEF

Purpose

This policy is in place to explain the responsibility for all personal data residing within Keuka College-owned resources.

Compliancy

This policy is designed to comply with or is based on the following:

Scope

This policy directly or indirectly impacts the following:

  • Any information stored within Keuka College-owned resources unrelated to Keuka College business

Procedure(s)

It is important to utilize Keuka College resources only for Keuka College related needs.

As a Keuka College employee or contract employee, follow these recommendations to avoid losing any personal information or data:

  • Do not use your College email address for any personal websites, applications, or purchases.
  • Do not use your College mobile device to take personal or non-business photos.
  • Do not use your College computer to store any personal documents or photos.
  • Do not use your College personal share (F Drive), department share (G Drive), Google Drive, or Microsoft OneDrive to store any personal documents or photos.

As a Keuka College student, follow these recommendations to avoid losing any personal information or data:

  • Do not use your College email address for any personal websites, applications, or purchases unless it is only useful to you during your time as a student.
  • Use a professional looking personal email address for any tax or career service needs.
  • Leave a personal email address, or alumni email address if requested after graduation, with anyone whom you wish to retain contact with.
  • Do not use your College Google Drive or Microsoft OneDrive to store any personal documents or photos.
  • Make sure to retrieve all projects and course work that is desired post-graduation, prior to losing access to your account.

Policy

Keuka College does not explicitly deny or prevent its students/employees from utilizing its resources for any legitimate personal reasons that are not in direct conflict with the Acceptable Use Policy. However, the College is not responsible for the safety and security of any information unrelated to Keuka College business within any of its resources. Should any data of this nature become corrupt, lost, or removed, the College will not be responsible.

Should an employee become separated from the College at any point in time, account access will be disabled, and the College will not make any effort to provide any personal information or data to said employee.

Should a contract employee become separated from the College at any point in time, account access will be disabled, and the College will not make any effort to provide any personal information or data to said contract employee.

Should a student withdraw or graduate, account access will be disabled, and the College will not make any effort to provide any personal information or data to said student.

Last Revised 9/15/2020 - TEF