Board Policy - Computer and Information Security

PURPOSE

1. To establish the basic policy of the College for the use, protection, and preservation of electronic information generated by, owned by, or otherwise in the possession of the College, including all academic, administrative, and research data ("College Information").
2. To ensure compliance with all applicable federal, state, and local laws, including but not limited to, the Family Rights to Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act, the Federal Privacy Act of 1974, confidentiality and privacy of library users as protected by New York state law, and the New York State Personal Privacy Protection Law. Exposure of confidential data to improper disclosure or security risk is a violation of these laws, and can result in the institution's incurring legal liability, financial liability, reputational loss, and loss of trust. New York State has enacted an Information Security Breach Notification Act which requires all state agencies to notify individuals if there is a security breach involving their restricted confidential data.
3. Protect the Computer and Network resources of the College

APPLICABILITY

This policy applies to all users of Tompkins Cortland Community College computer facilities and to all College Information.

POLICY

College information and computing resources are vital assets of the College and as such requires protection from unauthorized access, modification, disclosure, or destruction.

RESPONSIBILITIES

Each department of the College is responsible for identifying and protecting all College Information within its area of control.

Management of each Department of the College is responsible for ensuring that all employees in the Department understand and satisfy their obligation to protect College Information. Management is also responsible for developing and implementing such additional policies and procedures as are necessary to implement fully this Policy.

Please see the Tompkins Cortland Community College Computer and Information Security Protocol.

All users of Tompkins Cortland Community College computer facilities are responsible for complying with this Policy and with any other applicable policies and procedures pertaining to the protection of College Information, including the Tompkins Cortland Community College Computer and Information Security Protocol.

Campus Technology will be responsible for developing and implementing The Tompkins Cortland Community College Computer and Information Security Protocol. The President of the College will be responsible for approving these guidelines and future updates as needed.

COMPLIANCE

Non-compliance with this policy may lead to disciplinary action by the College, including revocation of computer use privileges and, in the case of employees, dismissal from the College. Under certain circumstances, unauthorized access to or modification, disclosure, or destruction of College Information and computing resources may give rise to civil and/or criminal liability. Any computer system which fails to comply with security procedures described in the Tompkins Cortland Community College Information Security Management Guidelines or for which no specific procedures are published by the College may be refused access to the Campus Network and may be deemed inappropriate for storing or accessing College Information.

4/21/88 – Resolution #1987-88-70 – Computer Policy 
5/10/2007 
11/10/2016