This policy applies to all current and future students, staff, faculty and third parties with a CCA account.

The California College of the Arts provides media, computing and network resources for the use of students, faculty and staff. These resources are for use by the CCA community in a manner consistent with the academic mission of the College and the applicable regulations that govern security and privacy of data. This policy is intended to protect the users of CCA information technology resources by ensuring a reliable and secure technology environment. This policy provides guidelines for the appropriate use of information technology resources at CCA and articulates sanctions for violations of this policy. This policy is not intended to inhibit the culture of intellectual inquiry, discourse and academic freedom.

All CCA users must be aware of their obligations to others and of what constitutes proper use and behavior and to familiarize themselves with all CCA technology policies and guidelines.

Network and Email Access

Access to the computing network and Internet is limited to members of the CCA community and their guests. The privilege of using the campus and network computing resources is not transferable to others, e.g., sharing passwords or giving someone else access to your account. You are responsible for any misuse of your account by others. Make sure you set a passphrase or password that will protect your account from unauthorized use and will not be guessed or trolled easily.

Prohibited Activities

• Sending intimidating or harassing messages, i.e. personal attacks, threats, discriminatory, abusive language, or repeated unsolicited mail.
• Circumventing login procedures on any computer system or otherwise attempting to gain access where you are not allowed. Never deliberately scan or probe any information resource without prior authorization. Such activities are not acceptable under any circumstances and can result in serious consequences, including disciplinary action.
• Copying or streaming software and other copyrighted materials; accessing any other computer system or network without authorization.
• Uses which are illegal or in violation of CCA's code of conduct.
• Using another person's password, and/or preventing someone from using his/her account by unauthorized access of the account and changing the password.
• Engaging in commercial activities, e.g., advertising or selling commercial products.
• Distributing chain letters.
• Deleting, sharing or copying files from another person's computer account for which you have not been granted permission to do so.

Data Confidentiality and Privacy Protection

As covered in CCA’s Information Security policy, never use or disclose Confidential data, or data that is otherwise confidential or restricted, without appropriate authorization. Should you believe that you need access to confidential data, please submit a request in writing to your supervisor and the appropriate data steward. Technology Services will only provide access to this data with an approval from your supervisor and the appropriate data steward (see Institutional Data Policy).

Guidelines are as follows:

1. Do NOT store confidential information on your computer or mobile device. In some instances, it may be necessary to copy confidential data for a short-term activity, but this data and file should not reside on your device.
2. Make sure any individual with whom you share Confidential data is authorized to receive the information.
3. Do not share Confidential data with friends or family members.
4. Do not share College business data that may be classified as Confidential data, such as the status of negotiations, terms of contracts, and new research or products or relationships under development.
5. If you receive a non-routine request for Confidential data from a third party outside of the College, check with your supervisor and the appropriate data steward within the College to make sure the release of the data is permitted.
6. Confidential or essential College Data stored on a local hard drive or a portable device such as a laptop computer, tablet computer, or, smart phone, must be encrypted.
7. Users who store College Data using commercial cloud services must use services provided or sanctioned by the College, rather than personally obtained cloud services.
8. Users must not try to circumvent login procedures on any College Information Resource or otherwise attempt to gain access where they are not allowed. Users may not deliberately scan or probe any College Information Resource without prior authorization. Such activities are not acceptable under any circumstances and can result in serious consequences.
9. All computers connecting to a College’s network must run anti-virus software prescribed by Tech Services to properly secure College Information Resources.
10. All users of CCA Systems are required to use multi-factor authentication.
11. In accordance with California Penal Code 632, users may not make recordings of confidential meetings without obtaining consent from all parties.

Requirements for Mobile and Remote Computing

1. All electronic devices including personal computers, smartphones or other devices used to access, create or store College Information Resources, including e-mail, must be password protected, and passwords must be changed if there is any suspicion that the password has been compromised.
2. College related confidential data may not be stored on personally owned computing devices. This includes student data such as class rosters, names and grades. The College supports Google Drive for all faculty, staff, and students such that these do not need to be stored on personal devices.
3. College Data that is created and/or stored on personal computers or other mobile devices and/or non-College databases should be transferred to College supported systems as soon as feasible or deleted.
4. Unattended portable computers, smartphones and other computing devices must be physically secured or stored out of site in a locked cabinet.

Copyright Compliance

Never infringe upon someone else's copyright. It is a violation of university policy and federal law to participate in copyright infringement. The College complies with all legal requests (e.g., subpoenas and DMCA notices) for information and is required to report your use in response to a lawful request. Copyrighted materials include, but are not limited to, computer software, audio and video recordings, photographs, electronic books, and written material. If you share movies or music that you did not create, you may be infringing on another's copyright. Consequences of copyright infringement can include disciplinary actions by the College. In addition, copyright owners or their representatives may sue persons who infringe on another's copyright in federal courts.

Reasonable Expectation of Privacy

All users should realize that e-mail and electronic storage are inherently insecure. In general, e-mail or material whose privacy must be guaranteed should not be stored on shared computers. However, the College reserves the right to examine such electronic materials at its sole discretion in certain cases. When the College believes that there is a potential violation of a law, or of College policy, or if there is reasonable suspicion of misuse, they may access these electronic materials for investigative purposes. The College will remove materials not in compliance with the Acceptable Use Policy.

Failure to Comply

CCA may suspend or revoke the computing privileges of anyone who violates this Acceptable Use Policy. If the terms of this agreement are violated, CCA may take disciplinary action up to and including termination of employment, academic probation or expulsion, depending on the nature of the violation.

Devices determined by College to lack required security software or to otherwise pose a threat to College Information Resources may be immediately disconnected by the College from a College network without notice.