BP 8206 Digital Content and Privacy

Statement of Purpose

PCC provides many technology products and services to support the academic and administrative needs of the College. Individuals who use the College’s IT resources are expected to follow certain defined behaviors in order to minimize information security risk and protect the College and its constituents.

Protecting students, faculty and staff from the risk of identity theft or unauthorized disclosure of personal information is the primary goal of adopting the best practices described in this policy.

This policy enables PCC IT staff to perform key operational and maintenance tasks, manage information security, and respond to legal requests.

Most content has associated intellectual property ownership rights associated with it. These ownership rights may be legally registered (e.g.: copyrighted or trademarked materials), based on paid “work product,” or simply implied based on authorship or other agreed-upon standards. Owned content is referred to as “proprietary content.”

These policies do not seek to define content ownership rights, but rather to protect proprietary digital content created, transmitted, or stored using PCC IT resources.

Regardless of ownership, PCC has an obligation to comply with any legal request to access content stored in PCC IT resources. This includes emails transmitted using pcc.edu email addresses. As such, there should be no expectation of privacy regarding any such content.

Scope Statement

All Portland Community College (PCC) employees, students, and affiliates or other third parties that create, use, maintain, or handle PCC IT resources are subject to this policy. This policy applies to use of all PCC owned and managed IT resources, use of any computer or mobile device connected to a PCC network, all controlled sensitive data stored or transmitted using PCC IT resources and all users of such data.

Policy Summary

Users shall not use PCC IT resources to create, transmit, intentionally receive, or procure digital content that violates any published PCC content or communication policy.

Rights of ownership to digital content created, transmitted, or stored using PCC IT resources follow PCC’s general legal standard for intellectual property and content ownership.

Policy

1. Users shall respect the privacy of other individuals, including others’ digital content.

2. Employees shall have no expectation of privacy in anything they store, send, or receive using PCC IT resources (see Exemptions).

3. All data stored on PCC IT resources is public record under Oregon Law and subject to disclosure to third parties unless disclosure is expressly exempted or made confidential by law.

4. User-created digital content that includes PCC branding must conform to College content and communication policies and standards.

Exemptions

Monitoring of devices that are connected to the PCC network is for security and operational purposes only and is intended to protect the PCC network against potential threats that such devices may introduce to the network. PCC will not (and cannot) scan, or otherwise inspect, user data, user-installed programs, user activity, or any other personal/user information on personal devices connected to the PCC network.
a. Example: A faculty member connects to the PCC wireless network and sends an email using their personal email account. This is not discoverable by PCC IT.
b. Example: A student connects their smart phone to the PCC wireless network and does a banking transaction. This is not discoverable by PCC IT.
c. Example: PCC is required to perform eDiscovery for a legal case. Data stored on personal devices connected to the PCC wireless network (e.g. personal laptops, smart phones, etc.) or data stored in third party sites (e.g.: Dropbox) are not discoverable by PCC IT.

Exceptions

Exceptions to this policy must be pre-approved in writing by the Chief Information Officer (CIO)

Policy Violation

1. Violation of this policy may result in disciplinary action in accordance with PCC Human Resources and/or Student Conduct guidelines.
2. PCC reserves the right to report security violations or compromises to the appropriate authorities. This may include reporting violations of Federal, State, and local laws and regulations governing computer and network use, or required accreditation reporting.
3. Anyone who violates this policy may be held liable for damages to PCC assets, including but not limited to the loss of information, computer software and hardware, lost revenue due to disruption of normal business activities or system down time, and fines and judgments imposed as a direct result of the violation.
4. PCC reserves the right to deactivate any user’s access rights (whether or not the User is suspected of any violation of this policy) when necessary to preserve the integrity of IT resources.

Complaint Procedures

Report non-security-related violations (such as receipt of inappropriate content, other Human Resource policy violations, general college policy violations, or regulatory compliance violations) to a supervisor, HR, or EthicPoint.

Report information security and general technical policy violations to the IT Service Desk at 971-722-4400 or servicedesk@pcc.edu, or contact the CIO or CISO.

Governing Standards, Policies & Guidelines

None

Definitions

Chief Information Officer (CIO)
Senior manager of the Information Technology (IT) Department and a member of Cabinet.

At PCC, the CIO is responsible for all technology, with the exception of:
– Online Learning (Academic Affairs)
– Some specialized technology that supports CTE or other engineering programs (e.g. software that supports machine labs, specialized dental technology, etc.)
– Some technology that supports auxiliary services (e.g. Point of Sale systems in the cafeterias and bookstores)

Copyright
A legal right created by the law of a country that grants the creator of an original work exclusive rights for its use and distribution.

IT Resource
(At PCC) All Information Technology (IT) resources that are the property of PCC and include, but are not limited to, all network-related systems; business applications; network and application accounts; administrative, academic and library computing facilities; college-wide data, video and voice networks; electronic mail; video and web conferencing systems; access to the Internet; voicemail, fax machines and photocopiers; classroom audio/video; computer equipment; software and operating systems; storage media; Intranet, VPN, and FTP.

IT Resources include resources administered by IT, as well as those administered by individual departments, college laboratories, and other college-based entities.

Intellectual Property
IT: the legal right of ownership to digital content.

A work or invention that is the result of creativity, such as a manuscript or a design, to which one has rights and for which one may apply for a patent, copyright, trademark, etc.

Proprietary
Owned and/or produced by a specific entity. Relating to, or characteristic of, an owner or title holder proprietary rights.

User
Any person who makes any use of any PCC IT resource from any location (whether authorized or not).

Responsible Executive

Chief Information Officer

Responsible Officer

Chief Information Security Officer (CISO

Responsible Office

Information Technology Department

Last Revision Date

11-01-2019