Acceptable Use Policy

Purpose 

This policy sets forth the acceptable uses regarding the access and use of SANY's electronic information and information systems.

Accountability

Under the direction of the District Superintendent or his/her designee shall ensure compliance with this policy. The Operations Managers, Deans, and other members of management will implement this policy in their respective areas.

Applicability

This policy applies to all members of the SANY who access and use the SANY's electronic information and information systems.

Definitions

Refer to the Technology Terms and Definitions for terms and definitions that are used in this policy.

Policy

1. The SANY expects users will access and use the SANY's electronic information and information systems in a manner that:
   1. Does not compromise the confidentiality, integrity, or availability of those assets; and
   2. Reflects the SANY 's standards as defined in the Code of Conduct/Statement of Principles and its body of policies, and in accordance with all applicable federal, state, and local laws governing the use of computers and the Internet.
2. These obligations apply regardless of where access and use originate: SANY office, classroom, public space, lab, at home, or elsewhere outside the SANY.
3. The rules stated in this policy also govern the use of information assets provided by the State of New York, other state and federal agencies, and other entities that have contracted with SANY to provide services to their constituents and/or clients.
4. This policy and SANY's Code of Conduct also govern access and use of the SANY's electronic information and information systems originating from non-SANY computers, including personal computers and other electronic devices. The access and use of electronic information provided by funding partners to SANY are also governed by this policy.
5. The use of information systems acquired or created through the use of SANY funds, including grant funds from contracts between the SANY and external funding sources (public and private), are covered by this policy. This includes SANY information systems that are leased or licensed for use by members of the SANY Community. Users are given access to SANY's electronic information and information systems specifically to assist them in the performance of their jobs and education. They are not provided for personal use. They are responsible for all activity conducted using their computer accounts. Access and use of the SANY's electronic information and information systems is a revocable privilege.
6. SANY recognizes that all members of the SANY Community have an expectation of privacy for information in which they have a substantial personal interest. However, this expectation is limited by SANY's need to comply with applicable laws, protect the integrity of its resources, and protect the rights of all users and the property and operations of SANY. As such, SANY reserves the right to access, quarantine, or hold for further review any files or computing devices on SANY's network or its information technology resources if there is just cause to believe that SANY policies or laws are being violated or if such access is necessary to comply with applicable law or conduct SANY business operations.
7. Information created, stored, or accessed using SANY information systems may be accessed and reviewed by SANY personnel for legitimate systems purposes, including but not limited to the following:
   1. Emergency Problem Resolution
   2. To measure, monitor, and address the use, performance, or health of the SANY's information systems, or to respond to information security issues. Internet usage may also be monitored when using the SANY's network.
   3. To create data backups of electronic information stored on SANY's information systems.
   4. To respond to User Requests approved by the district office.
8. Information may be accessed, reviewed, and provided to an external party at the SANY's discretion without prior notification with adequate cause and subject to review of the district office to comply with applicable law and to conduct normal SANY operations. Examples include, but are not limited to the following:
   1. Compliance with the New York Freedom of Information Law ("FOIL") which requires disclosure of electronic records and other data on the SANY system subject to exemptions under FOIL. Requests will be reviewed by the Operations Managers in conjunction with the district office.
   2. Compliance with a valid subpoena, court order, or discovery request. Requests will be reviewed by the district office.
   3. Audits, investigations, or inquiries undertaken by governmental entities or appropriate internal investigators or units. Requests will be reviewed by the district office.
   4. To conduct necessary business operations.
9. All electronic information created, stored, or transmitted by use of SANY's information systems is the property of the SANY, unless otherwise explicitly noted.
10. IT Managers and IT Technicians have greater ability to access information stored on and transmitted through SANY's information systems. As such, IT Managers, IT Technicians, and others with privileged access shall not access such information unless such access is necessary for the purposes outlined above, for systems purposes, or unless such access is supported by adequate cause and reviewed by the district office.
11. Prohibited Actions
    1. The list of prohibited actions is not intended to be comprehensive. The evolution of technology precludes the SANY from anticipating all potential means of capturing and transmitting information. Therefore, users must take care when handling sensitive information. 
    2. Users, at minimum, will ensure that they do not:
       1. Distribute information classified as Confidential or Private, or otherwise considered or treated as privileged or sensitive information, unless they are an authoritative SANY source for, and an authorized SANY distributor of that information and the recipient is authorized to receive that information.
       2. Share their passwords with other individuals or institutions (regardless if they are affiliated with SANY or not) or otherwise leave them unprotected.
       3. Attempt to uninstall, bypass, or disable security settings or software protecting the SANY's electronic information, information systems, or computer hardware.
       4. Engage in unauthorized attempts to gain access or use the SANY's electronic information, information systems, or another user's account. Users with privileged access, such as IT Managers and Technicians, shall not engage in unauthorized access, use, or review of information or data, without appropriate approvals.
       5. Use third-party email services to conduct sensitive SANY business or to send or receive SANY information classified as Confidential, Private or Internal or otherwise considered privileged or sensitive information.
       6. Use email auto-forwarding to send SANY information (regardless of classification) to non-SANY email accounts (see #12 Restricted Services).
       7. Distribute or collect copyrighted material without the expressed and written consent of the copyright owner or without lawful right to do so, such as in the case of fair use.
       8. User understands the FERPA Privacy Security rules, especially with regard to Sensitive Electronic Information (SEI), Private Health Information (PHI), and Personally Identifiable Information (PII) and will abide by these rules, including understanding that they will be held accountable for the use of personal devices for conducting SANY business.
12. Restricted Services
    1. This list of restricted services is not intended to be comprehensive. The evolution of technology precludes the SANY from anticipating all potential means of storing, capturing and transmitting information. Therefore, when using third-party technology services not explicitly restricted in this policy, users must exercise care to not compromise sensitive SANY information, particularly when confirmation of receipt or the identity of the recipient is required for business or legal purposes. 
    2. Restricted services include the following:
       1. Social Media
          1. Social media tools or web content platforms cannot be used to communicate or store SANY information classified as Confidential or Private or otherwise considered privileged or sensitive by SANY. Social media tools include, but are not limited to: Facebook, Twitter, LinkedIn, Instagram, Medium, Reddit, YouTube and Flickr.
          2. For additional requirements on the use of social media, see the Social Media Policy.
       2. Professional Social Media
          1. Professional social media cannot be used to communicate or store SANY information classified as Confidential or Private or otherwise considered privileged or sensitive by SANY.
       3. Cloud Services, Collaboration and Storage
          1. Third-party cloud storage services cannot be used to store SANY information classified as Confidential.
          2. Google Drive is approved for Private, Internal and Public data.
          3. The use of non-approved third-party cloud storage services cannot be used to store SANY information classified as Confidential or Private or otherwise considered privileged or sensitive by SANY. Cloud storage tools include, but are not limited to: iCloud, Carbonite, OneDrive, Box, Dropbox, Evernote, OpenDrive and SugarSync.
       4. Third Party Email Services
          1. Third party email services cannot be used to communicate or store SANY information classified as Confidential or Private or otherwise considered privileged or sensitive.
       5. Email Auto-Forwarding
          1. Faculty, staff and medical students are not permitted to automatically forward or redirect messages from their primary email address to a non-SANY email address.
       6. Texting
          1. Texting cannot be used to communicate or store SANY information classified as Confidential.
       7. Video Conferencing
          1. Video conferencing services are limited to SANY business-use only and must be conducted using SANY equipment. They are to be used strictly for business collaboration between members of the SANY Community or outside entities, or for educational purposes. Users must ensure that video communications are done in a setting or configured to restrict the possibility of non-authorized individuals from viewing or listening to sensitive information.
       8. Chat
          1. The use of non-approved chat services cannot be used to communicate or store SANY information classified as Confidential or Private or otherwise considered privileged or sensitive by SANY. Chat tools include, but are not limited to: Slack and HipChat.
       9. BitTorrent Software
          1. BitTorrent software (or other file sharing software) used to download and share movies, music, and other copyrighted media is strictly forbidden unless it is used for SANY business or academic purposes. The use of this software must be approved by the Director of Information and Instructional Technologies.

Policy Compliance

IT resources, computer accounts, and network access is provided to students, faculty and staff of SANY as a privilege. The SANY, including district office and schools, reserves the right to terminate any user’s access to SANY IT resources, computer accounts, and network access at any time.

Suspected violations of this policy by a student must be immediately reported to the school Dean or his/her designee. The school Dean or his/her designee, will, in turn, notify the student’s parent(s) and review the facts of the incident with them. After giving the student an opportunity to be heard and reviewing the details of the case, consistent with the school Code of Conduct, the school Dean will determine an appropriate penalty.  If inappropriate student conduct has occurred, the student’s account may be closed for a designated period of time, and disciplinary action ranging from loss of Internet access privileges to suspension from school may be taken. Based upon all the facts and in the discretion of the school Dean or his/her designee, the school Dean will determine the final action to be taken. School will notify appropriate governmental or law enforcement agencies of any violation of this Policy, as required by law.

Suspected violations of the policy by a staff member should also be reported to the school Dean, who will review the facts of the incident and after giving all parties an opportunity to be heard, shall determine whether disciplinary action is required. If such action is appropriate, the user’s account may be closed for a designated period of time, as determined by the school Dean, and disciplinary action may be taken in accordance with the applicable Board Policies and school regulations and the terms of the employee’s employment agreement. Based on all the facts and the school Dean’s discretion, the school Dean will determine the final action to be taken. School will notify appropriate governmental or law enforcement agencies of any violation of this Policy, as required by law. 

Access to the internet, email or a computer account may also be revoked by the school for any established violation of a policy, rule or regulation of school. 

All users must promptly disclose to their teacher, supervisor, dean of school or operations manager any information they receive that is inappropriate or makes them feel uncomfortable.

Limitation of Liability

The SANY makes no guarantees about the quality of the services provided and is not responsible for any claims, losses, damages, costs, or other obligations arising from use of the network or accounts. Any additional charges a user accrues due to the use of the SANY’s network are to be borne by the user. The SANY also denies any responsibility for the accuracy or quality of the information obtained through user access. Any statement, accessible on the computer network or the Internet, is understood to be the author's individual point of view and not that of the SANY, its affiliates, or employees.