BP 8209 Blogging and Social Media

Statement of Purpose

PCC provides many technology products and services to support the academic and administrative needs of the College. Individuals who use the College’s IT resources are expected to follow certain defined behaviors in order to minimize information security risk and protect the College and its constituents.

Protecting students, faculty and staff from the risk of identity theft or unauthorized disclosure of personal information is the primary goal of adopting the best practices described in this policy.

This policy enables PCC IT staff to perform key operational and maintenance tasks, manage information security, and respond to legal requests.

Many people today engage in social media regarding all aspects of their lives – including College. However, when posting to social media using PCC IT resources, there is a possibility that such content could be viewed as representing the official position of PCC.

PCC has a Community Engagement Department that carefully vets all official public communications to ensure they clearly articulate PCC’s official position and present no legal or regulatory risk.

This policy seeks to minimize the risk associated with personal social media communications.

Scope Statement

All Portland Community College (PCC) employees, students, and affiliates or other third parties that create, use, maintain, or handle PCC IT resources are subject to this policy. This policy applies to use of all PCC owned and managed IT resources, use of any computer or mobile device connected to a PCC network, all controlled sensitive data stored or transmitted using PCC IT resources and all users of such data.

Policy Summary

Users of PCC IT resources may engage in limited and occasional personal blogging and posting to social media. These activities shall be conducted in a professional and responsible manner and comply with the law and other College policies.

Policy

1. Blogging or social media activity that references PCC shall comply with College policy and PCC expressive conduct standards.

2. Blogging and social media activity using IT resources is subject to monitoring.

3. Users shall not publish controlled sensitive data or other PCC confidential or proprietary information.

4. Where PCC trademarks, logos, etc. are used, users shall use approved graphics provided by the PCC Marketing Department (“do it yourself kit” on the marketing website).

Exemptions

None

Exceptions

None

Policy Violation

1. Violation of this policy may result in disciplinary action in accordance with PCC Human Resources and/or Student Conduct guidelines.
2. PCC reserves the right to report security violations or compromises to the appropriate authorities. This may include reporting violations of Federal, State, and local laws and regulations governing computer and network use, or required accreditation reporting.
3. Anyone who violates this policy may be held liable for damages to PCC assets, including but not limited to the loss of information, computer software and hardware, lost revenue due to disruption of normal business activities or system down time, and fines and judgments imposed as a direct result of the violation.
4. PCC reserves the right to deactivate any user’s access rights (whether or not the user is suspected of any violation of this policy) when necessary to preserve the integrity of IT resources.

Complaint Procedures

Report non-security-related violations (such as receipt of inappropriate content, other Human Resource policy violations, general college policy violations, or regulatory compliance violations) to a supervisor, HR, or EthicPoint.

Report information security and general technical policy violations to the IT Service Desk at 971-722-4400 or servicedesk@pcc.edu, or contact the CIO or CISO.

Governing Standards, Policies & Guidelines

None

Definitions

Blogging
A means of expressing personal opinions on the Internet.

Blogging is performed by Bloggers, who use a discussion or informational website published on the World Wide Web to publish informal, diary-style text entries (“posts”).

Chief Information Officer (CIO)
Senior manager of the Information Technology (IT) Department and a member of Cabinet.

At PCC, the CIO is responsible for all technology, with the exception of:
– Online Learning (Academic Affairs)
– Some specialized technology that supports CTE or other engineering programs (e.g. software that supports machine labs, specialized dental technology, etc.)
– Some technology that supports auxiliary services (e.g. Point of Sale systems in the cafeterias and bookstores)

Chief Information Security Officer (CISO)
Senior manager responsible for information security compliance at PCC.

Controlled Sensitive Data (CSD)
A general categorization that is used in PCC’s Information Technology (IT) policies (primarily the Information Security Policy and the Acceptable Use Policy) to represent all confidential and private information governed by those policies.

CSD includes: PII, PHI, HIPAA, FERPA, regulated, private, personal, or sensitive information for which PCC is liable if publicly disclosed.

IT Resource
(At PCC) All Information Technology (IT) resources that are the property of PCC and include, but are not limited to, all network-related systems; business applications; network and application accounts; administrative, academic and library computing facilities; college-wide data, video and voice networks; electronic mail; video and web conferencing systems; access to the Internet; voicemail, fax machines and photocopiers; classroom audio/video; computer equipment; software and operating systems; storage media; Intranet, VPN, and FTP.

IT Resources include resources administered by IT, as well as those administered by individual departments, college laboratories, and other college-based entities.

Proprietary
Owned and/or produced by a specific entity. Relating to, or characteristic of, an owner or title holder proprietary rights.

Social Media
A form of digital communication that forms social networks between users, facilitated by centralized software platforms (FaceBook, Instagram, etc.)

Computer-mediated technologies that allow the creation and sharing of information, ideas, career profiles, and other forms of expression via virtual communities and networks.

User
Any person who makes any use of any PCC IT resource from any location (whether authorized or not).

Responsible Executive

Chief Information Officer

Responsible Officer

Chief Information Security Officer (CISO)

Responsible Office

Information Technology Department

Last Revision Date

11-01-2019