Policy on the Use of Electronic Resources

From the Vice President for Finance and Management

Introduction
Buffalo State electronic resources (including such services as e-mail, Internet access, and file and print services) are made available to employees to facilitate the official work of the college. These electronic resources are provided for employees and persons legitimately affiliated with the college for the efficient exchange of information and the completion of assigned responsibilities consistent with the mission of the college.

The use of campus electronic resources by any employee or other person authorized by the college must be consistent with this electronic resources policy and other applicable policies.

Principles of Acceptable Use
Buffalo State users of campus electronic resources are required:

  • To respect the privacy of other users: for example, users shall not intentionally seek information on, obtain copies of, or modify files or data belonging to other users unless explicit permission to do so has been obtained.
  • To respect the legal protection provided to programs and data by copyright and license.
  • To protect data from unauthorized use or disclosure as required by state and federal laws, and SUNY and college regulations.
  • To respect the integrity of computing systems: for example, users shall not use or develop programs that harass other users or infiltrate a computer or computing system or damage or alter the software components of a computer or computing system.
  • To safeguard their accounts and passwords. Accounts and passwords are normally assigned to single users and are not to be shared with any other person without authorization. Users are expected to report any observations of attempted security violations.

Unacceptable Use
It is not acceptable to use Buffalo State electronic resources:

  • For activities unrelated to the college mission.
  • For activities unrelated to official assignments or job responsibilities.
  • For any illegal purpose.
  • To transmit threatening, obscene, or harassing materials or correspondence.
  • For unauthorized distribution of NYS data and information.
  • To interfere with or disrupt network users, services, or equipment.
  • For private purposes such as marketing or business transactions.
  • For solicitation for religious or political causes.
  • For unauthorized not-for-profit business activities.
  • For private advertising of products or services.
  • For any activity meant to foster personal gain.

E-mail Privacy and Access
E-mail messages are not personal or private. E-mail system administrators will not routinely monitor individual staff members' e-mail and will take reasonable precautions to protect the privacy of e-mail; however, program managers and technical staff may access an employee's e-mail:

  • For a legitimate business purpose (e.g., the need to access information when an employee is absent for an extended period of time).
  • To diagnose and resolve technical problems involving system hardware, software, or communications.
  • To investigate possible misuse of e-mail when a reasonable suspicion of abuse exists, or in conjunction with an approved investigation.

Staff members are prohibited from accessing another user's e-mail without his or her permission.

E-mail messages sent or received in conjunction with college business may:

  • Be releasable to the public under the Freedom of Information Law.
  • Require special measures to comply with the Personal Privacy Protection Law.

All e-mail messages including personal communications may be subject to discovery proceedings in legal actions.

Management and Retention of E-mail Communications
Applicable to all e-mail messages and attachments:
Since e-mail is a communication system, messages should not be retained for extended periods of time. If a user needs to retain information in an e-mail message for an extended period, the message should be transferred from the e-mail system to an appropriate electronic or other filing system.

Applicable to records communicated via e-mail:
E-mail created in the normal course of official business and retained as evidence of official policies, actions, decisions, or transactions are records subject to records management requirements under the New York State Arts and Cultural Affairs Law (Article 57-A) and specific program requirements.

The college has developed electronic letterhead to be used for the electronic distribution of official college documents (records). The letterhead is available at www.buffalostate.edu/collegerelations/x550.xml and should be used in Word or e-mail documents that are to be distributed in electronic format only. Questions regarding electronic letterhead usage should be directed to the College Relations Office: Cleveland Hall 307, 878-4201, or collrel@buffalostate.edu.

Examples of messages sent by e-mail that typically are records include:

  • Policies and directives.
  • Correspondence or memoranda related to official business.
  • Work schedules and assignments.
  • Agendas and minutes of meetings.
  • Drafts of documents that are circulated for comment or approval.
  • Any document that initiates, authorizes, or completes a business transaction.
  • Final reports or recommendations.

Some examples of messages that typically do not constitute records are:

  • Personal messages and announcements.
  • Copies or extracts of documents distributed for convenience or reference.
  • Phone message slips.
  • Announcements of social events.

Record Retention
Records communicated using e-mail need to be identified, managed, protected, and retained as long as they are needed to meet operational, legal, audit, research, or other requirements. Records needed to support program functions should be retained, managed, and accessible in existing filing system outside the e-mail system in accordance with the appropriate program unit's standard practices.

Users should:

  • Dispose of copies of records in e-mail after they have been filed in a record-keeping system.
  • Delete records of transitory or little value that are not normally retained in record-keeping systems as evidence of college activity.

Agency Rights
Pursuant to the Electronic Communications Privacy Act of 1986 (18 USC 2510 et seq.), notice is hereby given that there are NO facilities provided by this system for sending or receiving private or confidential electronic communications.

The college reserves the right to log network use and monitor file server space utilization by users and assumes no responsibility or liability for files lost due to violation of file server space allotments.

The college reserves the right to remove a user account or device from the network.

The college will not be responsible for any damages that result from the use of campus electronic resources. This includes the loss of data resulting from delays, non-deliveries, or service interruptions caused by negligence, errors, or omissions. Use of any information obtained is at the user's risk.

Enforcement and Violations
This policy is intended to be illustrative of the range of acceptable and unacceptable uses of the electronic facilities and is not necessarily exhaustive. Questions about specific uses related to security issues not enumerated in this policy statement and reports of specific unacceptable uses should be directed to the associate vice president for computing and technology services. Other questions about appropriate use should be directed to your supervisor.

The college will review alleged violations of the Policy on the Use of Electronic Resources on a case-by-case basis. Clear violations of the policy that are not promptly remedied may result in termination of network access for the person(s) at fault and referral for disciplinary actions as appropriate.