Aerial view of campus with Williamsport, the Susquehanna River and Bald Eagle Mountain as a backdrop

Acceptable Use Policy

Purpose

This Acceptable Use Policy, (AUP), defines the appropriate and responsible use of Lycoming College information technology resources to ensure a secure, dependable, and productive environment for learning and work. Violations of this policy will result in sanctions as outlined in the Student Handbook, Administrative Handbook, and Faculty Handbook, in compliance with state, federal, or international laws, (e.g. General Data Protection Regulation - GDPR).

Maintaining information security and operational integrity requires the participation of all users of Lycoming College information technology resources, including both digital and physical assets. Each community member is responsible for supporting these requirements to safeguard and ensure the availability of all College information assets.

Applies To

This policy applies to all members of the Lycoming College community, which includes, but is not limited to, full and part-time employees, temporary employees, students, visitors, volunteers, third party contractors, and consultants (collectively known as “users”) who have access to, support, administer, manage, or maintain Lycoming College information technology assets.

Policy Statement

The mission of Lycoming College is to provide a distinguished baccalaureate education in the liberal arts and sciences within a coeducational, supportive, residential setting. Lycoming College provides users access to information technology resources in support of this mission. Access to these information technology assets is a privilege granted to the members of the Lycoming College community intended to support educational, research, and administrative activities. Proper use and protection of College technology assets are essential.

Each user is responsible and obligated to ensure that all computing and communication resources are used only for their intended purpose in compliance with this policy and that information contained or transmitted via these resources are protected from unauthorized use, appropriation, or corruption. State and federal laws relating to copyright, security, and intellectual property bind all members of this community. The College reserves the right to limit or restrict computing privileges and access to its information assets.

User Responsibility

Those who use Lycoming College information technology assets are responsible for the integrity of those resources. All users must respect the rights and privacy of other users, take reasonable precautions to secure their own devices and accounts, and report any misuse or violations of this policy to IT Services.

Lycoming College information technology assets and AI resources are to be used for the College-related activities for which they are designed. Users must comply with applicable laws and regulations, including copyright, intellectual property, and data protection laws. The use of the College information technology resources to offer goods or services of a commercial nature, that are not related to a faculty or staff member’s job or a student’s role at the College, is forbidden. The College reserves the right to suspend or terminate access to any system suspected of presenting a security vulnerability.

Any equipment (e.g., laptops, tablets, peripherals) issued to users is the property of Lycoming College and must be handled with care. Users are responsible for maintaining devices in good working condition and returning them in the same condition in which they were received, excluding normal wear. Any loss, damage, or theft must be reported immediately to IT Services. Failure to return devices in proper condition may result in financial responsibility for repairs or replacement. Costs will be determined based on the extent of damage, repair, or replacement value.

Prohibited Activities

Users are strictly forbidden from attempting to gain unauthorized access to any IT resources or engaging in activities that disrupt the normal operation of Lycoming College's information technology systems. This includes, but is not limited to, actions such as spreading malware, phishing, or hacking.

Email

All email accounts using the lycoming.edu domain name and all data transferred or stored using our email system are property of the College. Users should understand that by using College email or other information resources they waive their right to privacy. However, specific to scholarly work, the creator maintains intellectual property rights to works exchanged through the College email system. As outlined in the Use Policy section below, email messages are part of the College record and upon internal investigation, subpoena or other legal process or termination of employment, are subject to review, audit, and disclosure. Users are required to avoid sharing sensitive information via email without appropriate security measures.

Inappropriate Use of Email

Inappropriate use of email is prohibited. Users receiving such email should immediately contact IT Services at 570-321-4150 or it.servicecenter@lycoming.edu. In case of serious risk or harm, contact Public Safety at 570-321-4064. Examples of inappropriate use of email include:

  • Messages which are harassing, obscene, or threatening;
  • Unauthorized exchange of sensitive or confidential information (Refer to Data Classification Policy);
  • Creation and exchange of advertisements, solicitations, chain letters and other unofficial, unsolicited email;
  • Violation of any laws, including copyright laws, or Lycoming College policies;
  • Knowing transmission of a message containing a computer virus or malware;
  • Misrepresentation of the identity of the sender or authenticity of the email message;
  • Use or attempted use of another’s account.

Confidentiality of Records

Lycoming College maintains strict confidentiality requirements and regulations in compliance with the Gramm-Leach-Bliley Act (GLBA), Family Educational Rights and Privacy Act of 1974 as amended (FERPA), and the Health Insurance Portability and Accountability Act (HIPAA) in addition to other state, federal, and international laws. These laws pertain to the security and privacy of all non-public information

including student, employee, alumni, parent, donor, volunteer, and general College information whether in hard copy or electronic form.

The policy of Lycoming College is that a user who has access to protected information must protect against unauthorized access or use of such information, ensure the security and privacy of such information and maintain the confidentiality of all protected information, which includes College restricted (confidential) and private (sensitive) information. This obligation will continue after separation from the College. Such users are prohibited from destroying, deleting, or otherwise tampering with any data that belongs to the College. Any questions regarding release of such information to another person will be directed to the supervisor and/or the Data Owner or Data Steward as outlined in the College’s Data Classification Policy.

Users must disclose any anticipated threats or hazards that may compromise the confidentiality of such information.

Lycoming College defines UNAUTHORIZED ACCESS to be:

  1. Access to student, employee, or College information not necessary to carry out job responsibilities.
  2. Access to the records of a student or employee for which the user does not have signed authorization from a data owner or data steward.
  3. Release of student or employee information to unauthorized internal or external users.
  4. Release of more student or employee information to an authorized individual/agency than is essential for meeting the stated purpose of an approved request.
  5. Disclosure of system username, password, or access codes to an unauthorized individual to gain unauthorized access to confidential information.

Furthermore, it is the policy of Lycoming College that information may not be divulged, copied, released, sold, loaned, reviewed, altered or destroyed except as properly authorized within the scope of applicable state, federal, or international laws. Users will be held responsible for the misuse or wrongful disclosure of confidential information and/or for failure to safeguard the system username, password or access codes to confidential information and further acknowledge responsibility for all activities undertaken using the system username, password or access codes.

Use Policy

The College’s systems are primarily for educational purposes. The College reserves the right to review, audit and disclose all matters disseminated or stored on its systems. This includes e-mail, voice mail and computer files stored on both the College’s on-premise and cloud based systems. Other relevant policies include Data Classification and Information Technology Access – User Separation which can be found at https://www.lycoming.edu/its/policies-procedures/.

The College only reviews stored material when necessary, upon receiving a complaint either internal or external of a violation of College policy, state, federal, or international laws. Prior to an investigation and review of stored materials, approval of the President along with the appropriate member of their Administrative Cabinet is required. If the President is unavailable, two Administrative Cabinet members are required to review and approve the investigation request. In the event that the request involves the President, review and approval of the request must be completed by two officers of the Board of Trustees. If an internal investigation has occurred, the person whose files have been reviewed will be informed in a timely manner. An investigation may also occur in response to a subpoena or other valid legal process.

All users are urged to be sensitive to the public nature of shared computing facilities, including e-mail services, and refrain from transmitting to others within or outside the system inappropriate images, sounds or messages which might reasonably create an atmosphere of discomfort and harassment.

Lycoming College requires a user to abide by the rules, regulations, policies, and procedures of Lycoming College as well as state, federal, and international laws applicable to individual positions at the College. Lycoming College may at any time revoke access to protected information.

Failure to comply with the terms of this policy and corresponding procedures may result in legal and/or disciplinary actions. Disciplinary actions include possible separation of relationship with the College, regardless of whether criminal or civil penalties are imposed, depending upon the nature and severity of the breach of confidentiality.

User Agreement

Your signature below indicates your agreement to the obligations described above and agree not to use Lycoming’s information and technology assets in any way that diminishes the effectiveness of those assets. I understand that upon violation of the terms of this agreement, the College retains the right to deny future information technology privilege. I, also, understand that I may be subject to further disciplinary action by the College and/or legal action arising from the violation of any state, federal, or international laws.

 

Signature, Date

Printed name

Supervisor Signature, Date

Supervisor – Printed name

Approved by the Information Technology Committee on 2/21/2017, 10/17/2017, and 1/23/2025
Approved by the President’s Administrative Cabinet on 12/19/2017 and 2/10/2025
Last Reviewed: 2/20/2025