BP 8208 Electronic Communication Services

Statement of Purpose

PCC provides many technology products and services to support the academic and administrative needs of the College. Individuals who use the College’s IT resources are expected to follow certain defined behaviors in order to minimize information security risk and protect the College and its constituents.

Protecting students, faculty and staff from the risk of identity theft or unauthorized disclosure of personal information is the primary goal of adopting the best practices described in this policy.

This policy enables PCC IT staff to perform key operational and maintenance tasks, manage information security, and respond to legal requests.

PCC provides students, faculty, and staff PCC email and other electronic communication services (ECS) at the discretion of the College.

This policy enforces appropriate use of PCC ECS. Specifically, that any content transmitted does not violate other PCC policies, or PCC’s ethical and legal responsibilities. Equally important is that these services are not be used to cause harm or distress to others.

PCC has an obligation to comply with any legal request to access content stored in PCC IT resources. This includes email transmitted using pcc.edu email addresses. As such, there should be no expectation of privacy regarding any such content.

Scope Statement

All Portland Community College (PCC) employees, students, and affiliates or other third parties that create, use, maintain, or handle PCC IT resources are subject to this policy. This policy applies to use of all PCC owned and managed IT resources, use of any computer or mobile device connected to a PCC network, all controlled sensitive data stored or transmitted using PCC IT resources and all users of such data.

Policy Summary

PCC provides email and other electronic communication services for academic and administrative purposes and use of these services shall conform to PCC expressive conduct standards and electronic communication best practices.

Policy

1. PCC provides electronic communication services (ECS) to support the academic and administrative activities of the College. PCC ECS includes pcc.edu email.

2. Users shall have no expectation of privacy when using PCC ECS. PCC ECS digital content is College record, which may be disclosed under the Oregon Public Records Law, by subpoena, or to conduct College business.

3. Electronic communication shall comply with all other communication-related policies, procedures, and standards set forth by the College.

4. Users are responsible for exercising good judgment regarding the reasonableness of incidental personal use of PCC ECS (see Exemptions).

5. Users shall not use PCC ECS to create or distribute inappropriate content.

6. Users shall not use PCC ECS to create or distribute content that restricts or inhibits other users from using, or degrades the performance of, IT resources.

7. Users shall not obtain, or attempt to obtain, access to electronic communications of other users (see Exemptions).

8. Third party email or ECS shall not be used for the transmission of controlled sensitive data.

9. Users shall not attempt to gain unauthorized access to, or forge, email header information.

10. Virus or other malware warnings shall only be sent from the Chief Information Security Officer (CISO), Associate CISO, IT Service Desk, or an authorized third party email service provider.

11. Mass mailings (a.k.a. broadcast messages, listserve messages, Google Group messages, etc.) using PCC ECS are generally discouraged.
a. Users are responsible for exercising good judgment in evaluating whether a mass mailing is appropriate.
b. Mass mailings shall only be used to broadcast information. Contact the IT Service Desk to move multi-user online discussions to Spaces.
c. Do not “Reply All” to mass mailings.
d. The list owner is responsible for any violations of this policy or other PCC content standards that result from a mass mailing.
e. Only the Office of the President can authorize the use of announce@pcc.edu.

Exemptions

1. Faculty and staff are permitted incidental personal use of IT resources as defined in PCC Ethics Guidelines, provided such use does not violate other policies.
2. Students may use IT resources for personal use, provided such use does not violate other policies.
3. Authorized staff may on occasion access electronic communications of other users (see: “Policy 2” above).

Exceptions

None

Policy Violation

1. Violation of this policy may result in disciplinary action in accordance with PCC Human Resources and/or Student Conduct guidelines.
2. PCC reserves the right to report security violations or compromises to the appropriate authorities. This may include reporting violations of Federal, State, and local laws and regulations governing computer and network use, or required accreditation reporting.
3. Anyone who violates this policy may be held liable for damages to PCC assets, including but not limited to the loss of information, computer software and hardware, lost revenue due to disruption of normal business activities or system down time, and fines and judgments imposed as a direct result of the violation.
4. PCC reserves the right to deactivate any user’s access rights (whether or not the user is suspected of any violation of this policy) when necessary to preserve the integrity of IT resources.

Complaint Procedures

Report non-security-related violations (such as receipt of inappropriate content, other Human Resource policy violations, general college policy violations, or regulatory compliance violations) to a supervisor, HR, or EthicPoint.

Report information security and general technical policy violations to the IT Service Desk at 971-722-4400 or servicedesk@pcc.edu, or contact the CIO or CISO.

Governing Standards, Policies & Guidelines

None

Definitions

Chief Information Officer (CIO)
Senior manager of the Information Technology (IT) Department and a member of Cabinet.

At PCC, the CIO is responsible for all technology, with the exception of:
– Online Learning (Academic Affairs)
– Some specialized technology that supports CTE or other engineering programs (e.g. software that supports machine labs, specialized dental technology, etc.)
– Some technology that supports auxiliary services (e.g. Point of Sale systems in the cafeterias and bookstores)

Chief Information Security Officer (CISO)
Senior manager responsible for information security compliance at PCC.

Controlled Sensitive Data (CSD)
A general categorization that is used in PCC’s Information Technology (IT) policies (primarily the Information Security Policy and the Acceptable Use Policy) to represent all confidential and private information governed by those policies.

CSD includes: PII, PHI, HIPAA, FERPA, regulated, private, personal, or sensitive information for which PCC is liable if publicly disclosed.

Electronic Communication Services (ECS)
Technology that allows one person to communicate directly with another (or a group) using computers.

Most commonly refers to email, but also includes instant messaging, texting, collaboration platforms (Google Groups, Spaces, etc.), video streaming, video and web conferencing, etc.

Email Header
In an email, the body (content text) is always preceded by a header section (not normally visible to the user) that identifies particular routing information of the message (including the sender, recipient, date, and subject).

IT Resource
(At PCC) All Information Technology (IT) resources that are the property of PCC and include, but are not limited to, all network-related systems; business applications; network and application accounts; administrative, academic and library computing facilities; college-wide data, video and voice networks; electronic mail; video and web conferencing systems; access to the Internet; voicemail, fax machines and photocopiers; classroom audio/video; computer equipment; software and operating systems; storage media; Intranet, VPN, and FTP.

IT Resources include resources administered by IT, as well as those administered by individual departments, college laboratories, and other college-based entities.

Malware
Short for “malicious software,” malware refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, Trojan horses, and spyware.

Mass Mailing
A form of communication in which the same message is broadcast to multiple recipients. Can be achieved by physical or digital methods (e.g. announce@pcc.edu).

Service Provider
(In IT) A company that provides its subscribers access to the Internet.

Third Party
(In Information Technology [IT]) A vendor. Can be applied to any vendor (“third party provider”), but mostly used regarding “vendor software” to distinguish it from software developed “in house.”

User
Any person who makes any use of any PCC IT resource from any location (whether authorized or not).

Virus
(In IT) A type of malicious software program (“malware”).

When executed, a virus replicates itself by modifying other computer programs and inserting its own code. Infected computer programs can include data files, memory resident code, or the “boot” sector of the hard drive.

Responsible Executive

Chief Information Officer

Responsible Officer

Chief Information Security Officer (CISO)

Responsible Office

Information Technology Department

Last Revision Date

11-01-2019