Chapter 16 Security and Management of District Information - Board of Trustees Regulations

Important Notice

Ohlone is in the process of updating and revisingĀ its Administrative Procedures (APs) to incorporate relevant parts of outdated Board Regulations. Board Regulations will be deleted once incorporated into Administrative Procedures. Please see the notice posted on the Board Policies and Administrative Procedures web page for additional information.

16.1 Information and Intellectual Property Protection and Responsibility Policy

1. Purpose

To develop Districtwide an appreciation for the value, and often vulnerable nature, of information, and to reduce the danger of misuse, destruction, or loss of information especially that of a critical or confidential nature, without restricting academic freedom or complicating access to information to which the District has a legitimate and specific need.

2. Policy

It is the policy of Fremont/Newark Community College District that all information be used in a manner that maintains an appropriate and relevant level of confidentiality and that provides sufficient assurance of its integrity in compliance with existing laws. While the elimination of all risk is impossible, the goal of the policy is to minimize the possibility of information misuse, corruption, and loss through the adoption of reasonable procedures for the District to follow. While this policy is especially pertinent to information stored electronically, it is also intended to guide users of all information, including information stored in other formats such as paper, microform, and video, as well as the content of confidential meetings and conversations.

3. Definitions

  1. District community - All full and part-time District faculty, management and staff, as well as students and members of affiliated organizations of the District.

  2. Information - Data, in all its forms, collected, maintained, accessed, modified, or synthesized by and for members of the District community. The various forms of data include but are not limited to computer files, paper files, books, microfilm and fiche, video, conversations and oral presentations, and pictures or images.

  3. Public Information - Information to which the District community has unrestricted access and for which there are no requirements of confidentiality.

  4. Restricted Information - Information which is sensitive and confidential in nature, and requires access only by that part of the District community with the specific need to do so. Restricted District information includes, for example, individual student class schedules, grades, bills, financial aid applications, health records, and most personnel actions, whether the information is in paper, electronic, micrographic, or conversational form.

4. Responsibilities

  1. Access

    1. The vast majority of information at the District is of a public nature, for example: College phone directories, calendars, schedules, budgets, library books in general circulation, most conversations and meetings, and information bulletins. The use of public information is limited only by such restrictions as circulation policies, copyright restrictions, license and contractual agreements, District policies, and procedures for use.

    2. Other information is of a restricted or legally constrained nature, such as that protected by the Family Educational Rights and Privacy Act of 1974, and should only be accessed by those authorized members of the District community with a specific and legitimate need. Legitimate access does not include the freedom to "fish" for information which is restricted out of curiosity or other motives, if it is not specifically required to perform a job-related task or legitimate research.

  2. Use

    1. Responsibility will vary from member to member of the District community, and each user will be accountable for appropriate use.

    2. Each member of the District community is responsible for using information appropriately. Appropriate use is wise and prudent use of information so that information resources are not wasted, damaged, or misused. Inappropriate use includes erasing or modifying information without proper authorization, defacing or removing pages from books, using information to embarrass, intimidate, or harass, or attempting to subvert the flow of information, such as purposefully attempting to crash or slow down computer systems, modifying or removing posted information without authority, and other such actions.

  3. Maintenance

    1. Each office responsible for District information shall identify the information it maintains, determine whether it is of a restricted nature, and implement reasonable and clear procedures for granting access only to employees with a legal, specific, and legitimate need. Specific offices with responsibility for the District's electronic data are listed on-line. Information on accessing this list may be obtained from the Director of Information Systems.

    2. Each member of the District community with access to restricted information is responsible for maintaining the confidentiality of that information whether it has been obtained or created through electronic, paper, micrographic, or conversational means. Each such person shall take appropriate action to maximize the likelihood that the information is being used properly and appropriately. For example, confidential files should be locked when not in use. Sensitive or confidential information should be destroyed when discarded. It is particularly important that passwords to computer accounts with access to restricted information not be shared. Persons with responsibility for granting access to restricted information must have employees with access, prior to granting access, sign a statement that they are aware of this policy and that they are expected to act appropriately in maintaining the confidentiality and integrity of the information to which they have access.

    3. Members of the District community charged with maintaining restricted information are responsible for maintaining the accuracy and integrity of that information and for determining who requires access to it. Critical information on the District's network is automatically backed up on a regular basis to maintain its integrity and retrievability should it be accidentally or otherwise destroyed or lost. Individual users with critical information maintained locally, i.e., on a personal computer, on paper, or in other media, shall also take appropriate steps to ensure that valuable and confidential information not be lost, damaged, or otherwise compromised.

5. Procedures

  1. Questions regarding the applicability or violation of the policy, or appropriate access to information should be referred to the Director of Information Systems.

  2. Interpretations of the policy that cannot be resolved informally may be appealed to the President/Superintendent.