Acceptable Use Policy
- Individual Use
- Commercial Use
- Permission to Record
- P2P File Sharing Applications and Copyrights Laws
- Social Media
- Inappropriate Use of Information Technology
- Policy Violations
Members of the university community make use of information technology on a daily basis – for example, personal computers, mobile devices, applications, the university’s network and server infrastructure, and the Internet – in pursuing their primary academic and administrative endeavors. Using the university's information technology resources for incidental purposes is permitted, but all usage use must comply with state and federal laws, as well as with the university’s own policies governing appropriate use of technology.
Bentley University requires that all information technology resources be utilized in an appropriate and legal manner. These resources must not be abused or used for illegal or inappropriate activities. These may include, but are not limited to the following.
- Distribution or storage of illegal pornography;
- Excessive use of network bandwidth. Excessive use is defined as individual consumption of bandwidth that is greater than 10 times the average;
- Deployed in a way that interferes with damages, harasses, or harms a person;
- Deployed in a way that intentionally interferes with the business operations of the university or any other company;
- Used for commercial gain;
- Used for dishonest or personal advantage;
- Used to publicly convey what would reasonably be considered a confidential matter concerning another employee or student of the university;
- Used to violate academic integrity (these may include, but are not limited to, selling papers or other course work);
- Violate copyright laws. Including the distribution and reception of copyright protected music, movies and games which are obtained illegally;
Please be aware that Bentley will cooperate with internal and external authorities in the investigation of illegal activities. The university is also obligated to report any instances of illegal activity to the appropriate authorities.
Bentley has a legitimate interest in protecting its investment in technology. Toward this end, the university reserves the right to require the registration of all technology-related devices used on campus, regardless of whether the device is owned by the institution or an individual; to prevent or restrict the use of technology brought on campus by faculty, staff and students; to identify and quarantine devices suspected of adversely affecting the network; to employ tools to monitor network-related activity, including bandwidth consumption and illegal peer-to-peer file sharing activity; restrict or eliminate bandwidth allocation to specific devices; to monitor the transmission and storage of confidential information; and to terminate without notice individual network and Internet access upon detecting activities that violate the law or university policies.
Violations of this policy may result in temporary or permanent loss of technology-related privileges including Internet, network and email access, fines, assignment of financial responsibility, discipline up to and including immediate termination of employment, expulsion as a student, and legal action.
- For contractors and other third party vendors, sanctions may also include immediate dismissal, termination of contract, and legal action.
- Employee violations will be handled by the employee's supervisor, in conjunction with the divisional vice president and the Department of Human Resources.
- Student violations will be referred to the Student Affair’s judicial process or the university’s academic integrity process, or both.
- In cases where individuals are uncertain about whether or not a violation has occurred, students should consult the dean of student affairs; faculty should consult their respective dean; and administrative staff should consult their divisional vice president.
Certain kinds of computer abuse and computer-related fraud are not only prohibited by this policy, but are illegal and punishable by any or all of the following: civil sanctions, criminal fines or imprisonment. Copies of Fraud and Related Activity in Connection with Computers (18 U.S.C. ÂÂ§ 1030) and the Wiretap and Electronic Communications Privacy Acts (18 U.S.C. ÂÂ§ÂÂ§ 2510-2520, 2701, 2710) are available from Bentley's Human Resources Department or the Computing Services Desk.
2.1 Individual Access
All members of the community are obliged to act responsibly in the use of technology. Faculty, staff and students are expected to provide and maintain accurate personal information about themselves (i.e. date of birth, address, Social Security number, etc.) when adding or updating personal information on any of the university’s administrative or academic systems.
An individual may access only those accounts, files, software, and other computing resources authorized under his or her particular username and password and for which a legal license exists. Individuals must take reasonable precautions to protect his or her account(s) information, including passwords, usernames and PINs. Sharing individual IDs and passwords is expressly prohibited. All members of the Bentley community are expected to exercise care in logging out of network resources and applications, in regularly changing their individual password(s), and in maintaining the confidentiality of their password. It is also a violation of Massachusetts law to access a password protected file without proper authorization.
An individual who intentionally shares their user ID and password with another person, where the primary intent is to provide access where it would otherwise be unavailable, may be subject to disciplinary action up to and including expulsion and immediate termination.
2.2 Commercial Use
Commercial activities may be conducted on the university network only under the auspices of officially recognized and sanctioned campus organizations or academic and administrative programs (i.e., service-learning, scholarship fundraising, etc.). Independent businesses may not be developed or cultivated using university technology resources. Bentley reserves the right to remove, without warning, unapproved commercial sites. To seek approval for officially recognized and sanctioned programs, students should consult the dean of student affairs; faculty should consult their respective dean; and employees should consult their divisional vice president.
2.3 Permission to Record
Faculty, staff and students may not use any recording devices on campus to record conversations, lectures, or classroom interactions without the express consent of those individuals being recorded. Such actions may also violate state and federal law. Faculty, at their sole discretion, may elect to make their lectures available for recording. Members of the Bentley community who intentionally record other students, faculty and staff without their prior written consent may form the basis of a civil libel action and may be subject to disciplinary action up to and including immediate termination and expulsion.
2.4 File Sharing Applications and Copyright Law
Peer-to-peer (P2P) file sharing applications allow individuals to electronically exchange music, movies, videos, software, games and other kinds of copyright-protected and non-copyright-protected information. While some owners of music, movies and software explicitly allow their products to be copied, many do not. It is best to assume that these materials are copyright protected, unless explicitly stated otherwise. Downloading and making available to other individuals copyrighted material, such as music, movies, videos, text and software, without permission of the rightful owner, violates the United States Copyright Act (Title 17, United States Code), which has significant potential liability for damages. Moreover, using P2P file sharing applications may contribute to an excessive consumption of bandwidth and create a potential risk to the university, which is a violation of university policy.
As part of Bentley’s efforts to comply with copyright law, the university developed the Digital Millennium Copyright Act (DMCA) Policy. This policy outlines the specific procedures that the university will take if it receives any copyright infringement notices. Violations of copyright law may result in temporary or permanent loss of access rights, fines, assignment of financial responsibility, disciplinary action up to and including immediate termination of employment, expulsion as a student, and legal action.
2.5 Social Media
Bentley University is committed to maintaining an environment in which opposing views on issues of the day may be fully and freely aired. Such an environment requires all community members to tolerate expressions of opinion that differ from their own and that, in some instances, some people may find unpalatable. Activities that violate the university’s policy against harassment, or that constitute an invasion of individual’s privacy, and do not promote free expression undermine the environment that the university seeks to maintain. These actions may result in the imposition of sanctions for violation of university policy. Additionally, untrue statements of fact that harm another’s reputation may be defamatory and may subject the individual making such statements to civil action by the person harmed by such statements.
Employees and students who choose to engage in blogs, chat rooms, discussion groups, bulletin boards or other forms of social media should do so with the understanding that they may inadvertently pose a threat to their own or others personal safety and privacy. Publishing personally identifiable content (i.e., identification numbers, photos, addresses, phone numbers, banking information, health information, etc.) can lead to identity theft, stalking and other potentially harmful outcomes. Employees and students, who engage in activities that compromise the privacy of others, or disclose or discuss confidential or proprietary information, are violating university policy and will be subject to appropriate sanctions.
Bentley reminds students and employees who are acting in their individual capacity of their obligation to clearly state that opinions expressed are their own and not those of Bentley University.
2.6 Inappropriate Use of Information Technology Resources
The university will not tolerate the illegal use or misuse of information technology resources by students, employees, contractors, consultants, volunteers, visitors, or any other person or device. Any illegal, intentional misuse or unauthorized access to university information technology resources is strictly prohibited.
All students, employees, volunteers, consultants and contractors caught engaging in the illegal use or intentional misuse of university information technology resources must cooperate fully with the university and legal authorities in the investigation of such incidents. In investigating complaints of possible violation of university policy, Bentley reserves the right to examine the contents of personal computers used by faculty, staff and students or other devices attached to our network, without prior consent or knowledge of the individual being investigated. Bentley also reserves the right to confiscate computers used by faculty, staff and students. Cooperation may include, but is not limited to, providing transaction logs, copies of electronic mail messages, data files, usage records, hardware, account and password information, or other information as required by those authorities. Those who are financially responsible for the perpetrators, such as parents or guardians, may also be held accountable.
2.7 Policy Violations
Those who violate policies on individual access, commercial use, permission to record, file sharing or social media or engage in illegal activities may incur temporary or permanent loss of technology-related privileges, fines, assignment of financial responsibility, discipline up to and including immediate termination of employment, expulsion as a student, and legal action. For contractors and other external vendors, sanctions may include immediate dismissal, termination of contract and legal action.
Keeping information secure and private are top properties for the university. To this end, Bentley attaches a formal privacy statement to the bottom of its web site. Please see the Bentley University Information Privacy Statement for full details on the data that are collected through the university's official web sites.
Web sites created by individuals using Bentley University resources may not collect personal information from visitors without abiding by and linking to Bentley's information privacy statement. In addition, individuals may not post images of any member(s) of the Bentley community, or provide personal information about them, without their prior written permission. Web sites that violate the policy may be removed without advance warning. Federal, state and local laws, regulations, and judicial decisions may also apply in cases where a person's privacy is violated.
Email is the communication medium of choice for the university community and the official vehicle by which the members of the university communicate with each other. Students, faculty and staff are all expected to read e-mail regularly to glean the critical information that is routinely conveyed.
The university provides electronic mail services to the campus community, at the university's expense, in support of academic and administrative pursuits. Incidental personal use is permitted, so long as the use does not violate federal or state laws, or university policy. These guidelines apply to electronic mail sent or stored on servers, on personal computers, on personal devices such smartphones, tablets, and to all archived and backup e-mail files and folders created using university technology resources, regardless of where they reside. The university reserves the right to change these policies at any time as may be reasonable under the circumstance. For full details please visit Bentley University’s Electronic Mail Policy.
Information technology and data constitute as valuable university assets. In order to protect the security, confidentiality and integrity of university data from unauthorized access, modification, disclosure, transmission or destruction, as well as to comply with applicable state and federal laws and regulations, all university data are now classified within security levels, with requirements on the usage of data at different levels. For full details please visit Bentley University’s Data Classification and Usage Policy. In addition, any employee, student (working on behalf of the University) or contractor that handles credit card information is subject to Bentley’s PCI-DSS Policy; employees or contractors that process certain types of financial information are also bound by the university’s Gramm-Leach-Bliley Policy.
In an effort to keep sensitive data secure, while also understanding that our changing culture requires work to be performed remotely, Bentley employs Virtual Private Network (VPN) technology to enable faculty, staff and a limited number of contractors to access certain technology resources remotely with appropriate approval. Faculty and staff are responsible for protecting confidential data and therefore should not store confidential data on laptop computers, smartphones, tablets or portable storage devices (USB drives). VPN allows faculty and staff members to remotely work with confidential data in a secure manner. For full details on the policy please visit the university’s Remote Access Policy.
Increasingly, employees are using mobile technology as a means of sending and receiving university email, synchronizing calendars and contacts, transmitting text messages and connecting to the Internet. Bentley uses standardized mobile device management softwarte to manage employee mobile devices. However, we recognize that some employees, although not required to use a mobile as part of their position responsibilities, would still like to connect personal devices to Bentley’s services. Bentley employs technology to allow this, but also requires university members to comply with all applicable policies and procedures regarding moile devices.
Any exceptions to this policy are to be reviewed and approved by the Information Security and Privacy Administrator in consultation with the Information Privacy Committee as needed.
- Information Security and Privacy Administrator
This policy is approved by the Information Privacy Committee. The policy is reviewed on an annual basis and updated as needed.
- Revision v1: Approved by the Information Privacy Committee on 8/17/2010
- Revision v2: Approved by the Information Privacy Committee on 9/30/2013
This policy is supported by the following policies, procedures, and/or guidelines: