| LINKS
|
 |
Academic
Computing Steering Committee
(AcCSC) Minutes of Meetings: Present: Cossey, Davis, Feck, Keller, Klein, Sener Review of last meeting's minutes 1. Announcements (recent items of interest):
2. Update from ITS on recent activities. Dave Cossey reported on ITS activites since our last meeting. Topics included:
Wireless
Network Expansion 3. DRAFT College-owned computer policy. Our last meeting, at the end of last term, was devoted to a discussion of the security and privacy of college-owned computers. At the conclusion of that meeting, the Committee asked Dave, Diane and me to review policies at other schools, and bring forth some ideas for discussion. This DRAFT document can be a starting-point for discussion of a College policy for college-owned computers and computer privacy. ITS had gone beyond just the privacy issue, and has written up a policy for providing college-owned computers in general. This is a policy that has been in practice for some time, but was not fully documented in any one place. In discussion, the following points were made: There is overlap between the proposed college-owned computer policy and the existing acceptable use policy. The acceptable use policy applies to both users of college-owned computers and any other users of the college network and computing facilities. (Note that the SUNY-A policy explicitly addresses all users.) There are some references, such as "criminal investigation" that might require clarification from the College attorney. ITS indicated that if authorities showed up with a subpoena, they would first contact the College lawyers; a warrant would require immediate compliance. ITS noted that "privacy" extends beyond simply policies related to computer hardware and networks. For example, FERPA, HIPPA (see http://privacy.med.miami.edu/glossary/xd_education_records.htm , and the “Gramm-Leach-Bliley Act” (see http://www.ftc.gov/privacy/glbact/ ) cover privacy of education, health, and financial records respectively. There was consensus that there was a need for all users of Union IT to be aware of the requirements and responsibilities of using the system, users ranging from users of college-owned computers (faculty, staff, and users of public computers) to those (e.g. students) attaching their own computers to the campus network, to those accessing the college website. All of these users should be made fully aware of the inherent liabilities and vulnerabilities of networked computing, including browsing habits, email content, and files stored. The Steering Committee should devise methods by which it can help educate the Union IT-using community, which is essentially everyone. If community members are dissatisfied with the level of privacy, they need to consult with the college attorney, the administration, and ultimately the courts and state and federal legislatures. Many of these privacy issues are well beyond the scope of this steering committee (e.g. document retention policy). Therefore, the Steering Committee recommends that Union College create a unified privacy policy. FERPA is covered in the student handbook . Computing privacy is covered in the Acceptable Use policy . Action Item 1: The college should assemble other aspects of privacy policy as a unified resource, and should make that information readily available. Doug will make this recommendation to Dean Sorum. Faculty should be reminded to change all passwords from their initial defaults. Action Item 2: The Steering Committee should take steps to promote privacy education, to faculty, students, and staff. All should be reminded of the contents of the Acceptable Use Policy, and the essentially public nature of information stored on and transmitted through college-owned IT infrastructure. Several steps mentioned to achieve this end include making a link to the Acceptable Use Policy (AUP) from the ITS home page, from the ITS newsletter, on posters in public labs, on the login page to the wireless network. RAs and new faculty should be explicitly told about the AUP. There was discussion about specific language in the Draft document, concerning phrases such as "just cause or due process" and "reserves the right to inspect, copy, remove ...". Dave noted that this language was common to other colleges, and was there to comply with the law, and/or to prevent one user from compromising the integrity of many users' security and privacy. Action Item 3: Consensus was that the DRAFT policy is appropriate to present to new faculty, regarding receiving a faculty-owned machine. Committee members not in attendance have until May 25 to make comments. Minor comments will be dealt with by email. Major comments will require another meeting to resolve. ITS will also add a section on security tips for laptop users. 4. Future agenda Items a. We should review the membership and pprocedures for the committee. Meanwhile, Doug will undertake to recruit one or two student members for next year. b. Fuat asked that the Steering Committee address the issue that secretarial computers also be accessible to Department Chairs. 5. Comparison Privacy Policies. Here is a list of other schools' computer policies (including privacy policies):
Next meeting: TBD |
© 2003 Union College, Schenectady, New York |
||
