Acceptable Use Policy

Contents

4526 COMPUTER USE IN INSTRUCTION (or ACCEPTABLE USE POLICY)

4526-R COMPUTER USE IN INSTRUCTION REGULATION

4526.1 INTERNET SAFETY

4526.1-R INTERNET SAFETY REGULATION

5695 STUDENTS AND PERSONAL ELECTRONIC DEVICES

8630 COMPUTER RESOURCES AND DATA MANAGEMENT

8630-R COMPUTER RESOURCES AND DATA MANAGEMENT REGULATION

8635 INFORMATION SECURITY BREACH AND NOTIFICATION

8635-R INFORMATION SECURITY BREACH AND NOTIFICATION REGULATION

9800 SOCIAL MEDIA

9180 STAFF USE OF PERSONAL ELECTRONIC DEVICES FOR WORK-RELATED DUTIES

 

4526 COMPUTER USE IN INSTRUCTION (or ACCEPTABLE USE POLICY)

The Board of Education is committed to optimizing student learning and teaching. The Board considers student access to a computer network, including the Internet, to be a powerful and valuable educational and research tool, and encourages the use of computers and computer-related technology in district classrooms for the purpose of advancing and promoting learning and teaching.

The computer network can provide a forum for learning various software applications and through online databases, bulletin boards and electronic mail, can significantly enhance educational experiences and provide statewide, national and global communication opportunities for staff and students.

All users of the district’s computer network and the Internet must understand that use is a privilege, not a right, and that use entails responsibility. The district reserves the right to control access to the Internet for all users of its computers and network. The district may either allow or prohibit certain kinds of online activity, or access to specific websites.

Regulations and handbooks, to be developed by the Superintendent, in consultation with the technology steering committee and other appropriate staff will provide specific guidance on this, as well as rules governing the use and security of the district’s computer network. All users of the district’s computer network and equipment shall comply with this policy and regulation. Failure to comply may result in disciplinary action as well as suspension and/or revocation of computer access privileges.

The Superintendent shall be responsible for designating an Executive Director of Technology to oversee the use of district computer resources. The Executive Director of Technology will prepare in-service programs for the training and development of district staff in computer skills, and for the incorporation of computer use in appropriate subject areas.

With increased concern about identity theft, unwarranted invasion of privacy and the need to protect personally identifiable information, prior to students being directed by staff to use any cloud-based educational software/application, staff must get approval from the Executive Director of Technology. The Executive Director of Technology will determine if a formal contract is required or if the terms of service are sufficient to address privacy and security requirements, and if parental permission is needed.

The Superintendent, working in conjunction with the designated purchasing agent for the district, the Executive Director of Technology and the technology steering committee, will be responsible for the purchase and distribution of computer software and hardware throughout district schools. They shall prepare and submit for the Board’s approval a comprehensive multi-year technology plan which shall be revised as necessary to reflect changing technology and/or district needs.

Cross-ref:

5300, Code of Conduct

5695, Student Use of Personal Electronic Devices

Adoption date: September 18, 2014

Revised: June 4, 2015

Monticello Central School District

Back to top

 

4526-R COMPUTER USE IN INSTRUCTION REGULATION

The following rules and regulations govern the use of the district’s computer network system and access to the Internet.

I. Administration

  • The Superintendent of Schools shall designate a Executive Director of Technology to oversee the district’s computer network.
  • The Executive Director of Technology shall monitor and examine all network activities, as appropriate, to ensure proper use of the system.
  • The Executive Director of Technology shall be responsible for disseminating and interpreting district policy and regulations governing use of the district’s network at the building level with all network users.
  • The Executive Director of Technology shall provide employee training for proper use of the network and will ensure that staff supervising students using the district’s network provide similar training to their students, including providing copies of district policy and regulations governing use of the district’s network.
  • The Executive Director of Technology shall ensure that the district deploys anti-virus measures across the network resources.
  • The Executive Director of Technology will review staff requests to use ‘cloud-based’ educational software/applications to ensure that personally identifiable information (PII) is protected in accordance with district standards prior to student use.
  • All student agreements to abide by district policy and regulations and parental consent forms shall be kept on file in the district office.

II. Internet Access

  • Students will be provided Internet access: during instructional time; during the school day when the students are not in class; and before or after school hours.
  • Students will be provided with individual access accounts.
  • Students may have Internet access: for educational purposes only.
  • Student Internet access may be restricted depending on the grade level.
  • All users will be prohibited from: purchasing or selling anything online (unless authorized for district purposes).
  • Students may participate in educationally appropriate chat rooms.
  • Students may construct their own web pages using district computer resources for educational purposes.
  • Students may have individual e-mail address for educational purposes.

A staff member will be required to monitor all of these activities.

III. Acceptable Use and Conduct

  • Access to the district’s computer network is provided for educational purposes and research consistent with the district’s mission and goals.
  • Use of the district’s computer network is a privilege, not a right. Inappropriate use may result in the suspension or revocation of that privilege.
  • Each individual in whose name an access account is issued is responsible at all times for its proper use.
  • All network users will be issued a login name and password. Passwords must be changed periodically.
  • Only those network users with written permission from the Executive Director of Technology may access the district’s system from off-site (e.g., from home).
  • All network users are expected to abide by the generally accepted rules of network etiquette. This includes being polite and using only appropriate language. Abusive or sexual language or images, vulgarities and swear words are all inappropriate.
  • Network users identifying a security problem on the district’s network must notify the appropriate teacher, administrator or Executive Director of Technology. Under no circumstance should the user demonstrate the problem to anyone other than to the district official or employee being notified.
  • Any network user identified as a security risk or having a history of violations of district computer use guidelines may be denied access to the district’s network.

IV. Prohibited Activity and Uses

The following is a list of prohibited activity concerning use of the district’s computer network. Violation of any of these prohibitions may result in discipline or other appropriate penalty, including suspension or revocation of a user’s access to the network.

  • Using the network for commercial activity, including advertising.
  • Infringing on any copyrights or other intellectual property rights, including copying, installing, receiving, transmitting or making available any copyrighted software on the district computer network.
  • Using the network to receive, transmit or make available to others obscene, offensive, or sexually explicit material.
  • Using the network to receive, transmit or make available to others messages that are racist, sexist, abusive or harassing to others.
  • Using another user’s account or password.
  • Attempting to read, delete, copy or modify the electronic mail (e-mail) of other system users and deliberately interfering with the ability of other system users to send and/or receive e-mail.
  • Forging or attempting to forge e-mail messages.
  • Engaging in vandalism. Vandalism is defined as any malicious attempt to harm or destroy district equipment, assets, or materials, data of a user or another user of the district’s network or of any of the entities or other networks that are connected to the Internet. This includes, but is not limited to, creating and/or placing a computer virus on the network.
  • Using the network to send anonymous messages or files.
  • Using the network to receive, transmit or make available to others a message that is inconsistent with the district’s Code of Conduct.
  • Revealing the personal address, telephone number or other personal information of oneself or another person.
  • Intentionally disrupting network traffic or crashing the network and connected systems.
  • Installing personal software or using personal disks on the district’s computers and/or network without the permission of the appropriate district official or employee.
  • Using district computing resources for commercial or financial gain or fraud.
  • Stealing data, equipment or intellectual property.
  • Gaining or seeking to gain unauthorized access to any files, resources, or computer or phone systems, or vandalize the data of another user.
  • Wastefully using finite district resources.
  • Changing or exceeding resource quotas as set by the district without the permission of the appropriate district official or employee.
  • Using the network while access privileges are suspended or revoked.
  • Using the network in a fashion inconsistent with directions from teachers and other staff and generally accepted network etiquette.

V. No Privacy Guarantee

All users of the district’s computer network should not expect, nor does the district guarantee privacy for electronic mail (e-mail) or any use of the district’s computer network. The district reserves the right to access and view any material stored on district equipment or any material used in conjunction with the district’s computer network.

VI. Sanctions

All users of the district’s computer network and equipment are required to comply with the district’s policy and regulations governing the district’s computer network. Failure to comply with the policy or regulation may result in disciplinary action as well as suspension and/or revocation of computer access privileges.

In addition, illegal activities are strictly prohibited. Any information pertaining to or implicating illegal activity will be reported to the proper authorities. Transmission of any material in violation of any federal, state and/or local law or regulation is prohibited. This includes, but is not limited to materials protected by copyright, threatening or obscene material or material protected by trade secret. Users must respect all intellectual and property rights and laws.

VII. District Responsibilities

The district makes no warranties of any kind, either expressed or implied, for the access being provided. Further, the district assumes no responsibility for the quality, availability, accuracy, nature or reliability of the service and/or information provided. Users of the district’s computer network and the Internet use information at their own risk. Each user is responsible for verifying the integrity and authenticity of the information that is used and provided.

The district will not be responsible for any damages suffered by any user, including, but not limited to, loss of data resulting from delays, non-deliveries, mis deliveries, or service interruptions caused by its own negligence or the errors or omissions of any user. The district also will not be responsible for unauthorized financial obligations resulting from the use of or access to the district’s computer network or the Internet.

Further, even though the district may use technical or manual means to regulate access and information, these methods do not provide a foolproof means of enforcing the provisions of the district policy and regulation.

First Reading: May 19, 2015

Second Reading and Adoption: June 4, 2015

Monticello Central School District

Back to top

4526.1 INTERNET SAFETY

The Board of Education is committed to undertaking efforts that serve to make safe for children the use of district computers for access to the Internet and World Wide Web. To this end, although unable to guarantee that any selected filtering and blocking technology will work perfectly, the Board directs the Superintendent of Schools to procure and implement the use of technology protection measures that block or filter Internet access by:

  • adults to visual depictions that are obscene or child pornography, and
  • minors to visual depictions that are obscene, child pornography, or harmful to minors, as defined in the Children’s Internet Protection Act.

Subject to staff supervision, however, any such measures may be disabled or relaxed for adults conducting bona fide research or other lawful purposes, in accordance with criteria established by the Superintendent or his or her designee.

The Superintendent or his or her designee also shall develop and implement procedures that provide for the safety and security of students using electronic mail, chat rooms, and other forms of direct electronic communications; monitoring the online activities of students using district computers; and restricting student access to materials that are harmful to minors.

In addition, the Board prohibits the unauthorized disclosure, use and dissemination of personal information regarding students; unauthorized online access by students, including hacking and other unlawful activities; and access by students to inappropriate matter on the Internet and World Wide Web. The Superintendent or his or her designee shall establish and implement procedures that enforce these restrictions.

The Executive Director of Technology designated under the district’s policy on the acceptable use of district computers (policy 4526) shall monitor and examine all district computer network activities to ensure compliance with this policy and accompanying regulation. He or she also shall be responsible for ensuring that staff and students receive training on their requirements.

All users of the district’s computer network, including access to the Internet and World Wide Web, must understand that use is a privilege, not a right, and that any such use entails responsibility. They must comply with the requirements of this policy and accompanying regulation, in addition to generally accepted rules of network etiquette, and the district’s policy on the acceptable use of computers and the internet (policy 4526). Failure to comply may result in disciplinary action including, but not limited to, the revocation of computer access privileges.

As part of this policy, and the district’s policy on acceptable use of district computers (policy 4526), the district shall also provide age-appropriate instruction regarding appropriate online behavior, including:

  1. interacting with other individuals on social networking sites and in chat rooms, and
  2. cyberbullying awareness and response.

Instruction will be provided even if the district prohibits students from accessing social networking sites or chat rooms on district computers.

Cross-ref:

4526, Computer Use in Instruction

Ref:

Children’s Internet Protection Act, Public Law No. 106-554

Broadband Data Services Improvement Act/ Protecting Children in the 21st Century Act, Public Law No. 110-385

47 USC §254

20 USC §6777

Adoption date: May 3, 2007

Revised: June 4, 2015

Monticello Central School District

Back to top

4526.1-R INTERNET SAFETY REGULATION

The following rules and regulations implement the Internet Safety Policy adopted by the Board of Education to make safe for children the use of district computers for access to the Internet and World Wide Web.

I. Definitions

In accordance with the Children’s Internet Protection Act,

  • Child pornography refers to any visual depiction, including any photograph, film, video, picture or computer or computer generated image or picture, whether made or produced by electronic, mechanical, or other means, of sexually explicit conduct, where the production of such visual depiction involves the use of a minor engaging in sexually explicit conduct. It also includes any such visual depiction that (a) is, or appears to be, of a minor engaging in sexually explicit conduct; or (b) has been created, adapted or modified to appear that an identifiable minor is engaging in sexually explicit conduct; or (c) is advertised, promoted, presented, described, or distributed in such a manner than conveys the impression that the material is or contains a visual depiction of a minor engaging in sexually explicit conduct.
  • Harmful to minors means any picture, image, graphic image file, or other visual depiction that (a) taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion; (b) depicts, describes or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and (c) taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors.

II. Blocking and Filtering Measures

  • The Superintendent or his or her designee shall secure information about, and ensure the purchase or provision of, a technology protection measure that blocks access from all district computers to visual depictions on the Internet and World Wide Web that are obscene, child pornography or harmful to minors.
  • The district’s Executive Director of Technology shall be responsible for ensuring the installation and proper use of any Internet blocking and filtering technology protection measure obtained by the district.
  • The Executive Director of Technology or his or her designee may disable or relax the district’s Internet blocking and filtering technology measure only for adult staff members conducting research related to the discharge of their official responsibilities.
  • The Executive Director of Technology shall monitor the online activities of adult staff members for whom the blocking and filtering technology measure has been disabled or relaxed to ensure there is not access to visual depictions that are obscene or child pornography.

III. Monitoring of Online Activities

  • The district’s Executive Director of Technology shall be responsible for monitoring to ensure that the online activities of staff and students are consistent with the district’s Internet Safety Policy and this regulation. He or she may inspect, copy, review, and store at any time, and without prior notice, any and all usage of the district’s computer network for accessing the Internet and World Wide Web and direct electronic communications, as well as any and all information transmitted or received during such use. All users of the district’s computer network shall have no expectation of privacy regarding any such materials.
  • Except as otherwise authorized under the district’s Computer Network or Acceptable Use Policy, students may use the district’s computer network to access the Internet and World Wide Web only during supervised class time, study periods or at the school library, and exclusively for research related to their course work.
  • Staff supervising students using district computers shall help to monitor student online activities to ensure students access the Internet and World Wide Web, and/or participate in authorized forms of direct electronic communications in accordance with the district’s Internet Safety Policy and this regulation.
  • The district’s Executive Director of Technology shall monitor student online activities to ensure students are not engaging in hacking (gaining or attempting to gain unauthorized access to other computers or computer systems), and other unlawful activities.

IV. Training

  • The district’s Executive Director of Technology shall provide training to staff and students on the requirements of the Internet Safety Policy and this regulation at the beginning of each school year.
  • The training of staff and students shall highlight the various activities prohibited by the Internet Safety Policy, and the responsibility of staff to monitor student online activities to ensure compliance therewith.
  • The district shall provide age-appropriate instruction to students regarding appropriate online behavior. Such instruction shall include, but not be limited to: positive interactions with others online, including on social networking sites and in chat rooms; proper online social etiquette; protection from online predators and personal safety; and how to recognize and respond to cyberbullying and other threats.
  • Students shall be directed to consult with their classroom teacher if they are unsure whether their contemplated activities when accessing the Internet or Worldwide Web are directly related to their course work.
  • Staff and students will be advised to not disclose, use and disseminate personal information about students when accessing the Internet or engaging in authorized forms of direct electronic communications.
  • Staff and students will also be informed of the range of possible consequences attendant to a violation of the Internet Safety Policy and this regulation.

V. Reporting of Violations

  • Violations of the Internet Safety Policy and this regulation by students and staff shall be reported to the Building Principal.
  • The Principal shall take appropriate corrective action in accordance with authorized disciplinary procedures.
  • Penalties may include, but are not limited to, the revocation of computer access privileges, as well as school suspension in the case of students and disciplinary charges in the case of teachers.

First Reading: May 19, 2015

Second Reading and Adoption: June 4, 2015

Monticello Central School District

Back to top

5695 STUDENTS AND PERSONAL ELECTRONIC DEVICES

    The Board of Education recognizes that there are personal electronic devices that have educational applications such as tablets, e-readers, calculators, voice recorders, digital cameras and music listening devices. In some instances a “smart phone” may include applications that permit these functions. These devices shall be allowed to be used in classrooms if the following criteria are met:

    • The student has successfully registered the device with the district, in accordance with district procedures.
    • The teacher has authorized use of personal devices either in their classroom generally or for a particular exercise.
    • The student uses the personal device to access the Internet or authorized applications through the district’s network, under the terms of policy 4526, Computer Use in Instruction.

    The Board acknowledges that cellular phones, pagers, and 2-way communication systems can be a positive means to facilitate communication; however, the display and/or use of such devices can cause disruption to the educational process.

    Therefore, to prevent such disruption, the display and/or use by students of cellular phones (including “smart phones”), pagers, and 2-way communication systems and/or other electronic devices shall be prohibited from the time students arrive at school until the end of the regular school day, unless specifically permitted to be used by a teacher or administrator or in-line with the “Red, Yellow, Green” procedures outlined for the high school level. At the high school level “Red” areas are areas where cellular phones must be put away and may not be used. Yellow” areas are areas where students must receive permission from a faculty or staff member in order to use their device. “Green” areas allow students to utilize their devices without permission, in line with the Acceptable Use Policy. The district is not responsible for stolen, lost or damaged personal electronic devices.

    In emergency situations, exceptions to the prohibition of the use of cellular phones, pagers, and 2-way communication systems may be granted by teachers or administrators.

    Misuse of any of these electronic devices will result in its confiscation as outlined in the Code of Conduct at each level. Some uses of personal electronic devices may constitute a violation of the school district code of conduct and in some instances, the law. The school district will cooperate with law enforcement officials as appropriate.

    Cellular Telephones and Testing

    In order to ensure the integrity of testing, in accordance with state guidelines, students are not allowed to bring cell phones or other electronic devices into classrooms or other exam locations during state assessments.

    Test proctors, monitors and school officials shall have the right to collect cell phones and other prohibited electronic devices prior to the start of the test and to hold them for the duration of the test taking time. Admission to the test will be prohibited to any student who has a cell phone or other electronic device in their possession and does not relinquish it.

    Students with individualized education plans (IEPs), 504 Plans, or documentation from a medical practitioner that specifically requires the use of an electronic device may do so as specified.

    Cross-ref:

    4526, Computer Use in Instruction

    5300, Code of Conduct

    Ref:

    Price v. New York City Board of Education, 16 Misc.3d 543 (2007)

    First Reading: October 23, 2014

    Second Reading and Adoption: November 6, 2014

    Monticello Central School District

    Back to top

    8630 COMPUTER RESOURCES AND DATA MANAGEMENT

    The Board of Education recognizes that computers are a powerful and valuable education and research tool and as such are an important part of the instructional program. In addition, the district depends upon computers as an integral part of administering and managing the schools’ resources, including the compilation of data and recordkeeping for personnel, students, finances, supplies and materials. This policy outlines the Boards expectations in regard to these different aspects of the district’s computer resources.

    General Provisions

    The Superintendent shall be responsible for designating an Executive Director of Technology who will oversee the use of district computer resources. The Executive Director of Technology will prepare in-service programs for the training and development of district staff in computer skills, appropriate use of computers and for the incorporation of computer use in subject areas.

    The Superintendent, working in conjunction with the designated purchasing agent for the district, and the Executive Director of Technology will be responsible for the purchase and distribution of computer software and hardware throughout the schools. They shall prepare and submit for the Board’s approval a comprehensive multi-year technology plan which shall be revised as necessary to reflect changing technology and/or district needs.

    The Superintendent, working with the Executive Director of Technology, shall establish regulations governing the use and security of the district’s computer resources (computer resources include all devices that process data, including but not limited to, laptops, fax machines, copiers and scanners). The security and integrity of the district computer network and data is a serious concern to the Board and the district will make every reasonable effort to maintain the security of the system. All users of the district’s computer resources shall comply with this policy and regulation, as well as the district’s Computer Use in Instruction Policy and Regulation (4526 and 4526-R). Failure to comply may result in disciplinary action, as well as suspension and/or revocation of computer access privileges.

    All users of the district’s computer resources must understand that use is a privilege, not a right, and that use entails responsibility. Users of the district’s computer network must not expect, nor does the district guarantee, privacy for electronic mail (e-mail) or any use of the district’s computer network. The district reserves the right to access and view any material stored on district equipment or any material used in conjunction with the district’s computer network.

    Management of Computer Records

    The Board recognizes that since district data is managed by computer, it is critical to exercise appropriate control over computer records, including financial, personnel and student information. The Superintendent, working with the Executive Director of Technology and the district’s business official, shall establish procedures governing management of computer records taking into account whether the records are stored onsite on district servers or on remote servers in the “cloud”.

    The procedures will address:

    • passwords,
    • system administration,
    • separation of duties,
    • remote access,
    • encryption,
    • user access and permissions appropriate to job titles and duties,
    • disposal of computer equipment and resources (including deleting district data or destroying the equipment),
    • inventory of computer resources (including hardware and software),
    • data back-up (including archiving of e-mail),
    • record retention, and
    • disaster recovery plans and notification plans.

    If the district contracts with a third-party vendor for computing services, the Superintendent, in consultation with the Executive Director of Technology, will ensure that all agreements address the procedures listed above, as applicable.

    Review and Dissemination

    Since computer technology is a rapidly changing area, it is important that this policy be reviewed periodically by the Board and the district’s internal and external auditors. The regulation governing appropriate computer use will be distributed annually to staff and students and will be included in both employee and student handbooks.

    Cross-ref:

    1120, School District Records 

    4526, Computer Use in Instruction

    4526-R, Computer Use in Instruction Regulation

    4526.1, Internet Safety

    5500, Student Records

    6600, Fiscal Accounting and Reporting

    6700, Purchasing

    6900, Disposal of District Property

    8635, Information Security Breach and Notification

    First Reading: October 18, 2017

    Second Reading and Adoption: November 2, 2017

    Monticello Central School District

    Back to top

    8630-R COMPUTER RESOURCES AND DATA MANAGEMENT REGULATION

    The following rules and regulations govern the use of the district’s computer network system, employee access to the Internet, and management of computerized records.

    I. Administration

    • The Superintendent of Schools shall designate an Executive Director of Technology to oversee the district’s computer network.
    • The Executive Director of Technology shall monitor and examine all network activities, as appropriate, to ensure proper use of the system. The Executive Director of Technology shall maintain inventory of all computer hardware and software resources.
    • The Executive Director of Technology shall develop and implement procedures for data back-up and storage. These procedures will facilitate the disaster recovery and notification plan and will comply with the requirements for records retention in compliance with the district’s policy on School District Records (1120) taking into account the use of onsite storage or storage in the cloud.
    • The Executive Director of Technology shall be responsible for disseminating and interpreting district policy and regulations governing use of the district’s network at the building level with all network users.
    • The Executive Director of Technology shall provide employee training for proper use of the network and will ensure that staff supervising students using the district’s network provide similar training to their students, including providing copies of district policy and regulations (including policy 4526, Computer Use in Instruction and regulation 4526-R, Computer Use in Instruction Regulation) governing use of the district’s network.
    • The Executive Director of Technology shall take reasonable steps to protect the network from viruses, other software, and network security risks that would compromise the network or district information.
    • All student and employee agreements to abide by district policy and regulations and parental consent forms shall be kept on file in the district office.
    • Consistent with applicable internal controls, the Superintendent in conjunction with the school business official, Assistant Superintendent for School Administration and the Executive Director of Technology, will ensure the proper segregation of duties in assigning responsibilities for computer resources and data management.

    II. Internet Access

    Student Internet access is addressed in policy and regulation 4526 and 4526-R, Computer Use for Instruction. District employees and third party users are governed by the following regulations:

    • Employees will be issued an e-mail account through the district’s computer network.
    • Employees are expected to review their e-mail daily.
    • Communications with parents and/or students should be saved as appropriate and the district will archive the e-mail records according to procedures developed by the Executive Director of Technology.
    • Employees may access the internet for education-related and/or work-related activities.
    • Employees shall refrain from using computer resources for personal use.
    • Employees are advised that they must not have an expectation of privacy in the use of the district’s computers.
    • Use of computer resources in ways that violate the acceptable use and conduct regulation, outlined below, will be subject to discipline.

    III. Acceptable Use and Conduct

    The following regulations apply to all staff and third party users of the district’s computer system:

    • Access to the district’s computer network is provided solely for educational and/or research purposes and management of district operations consistent with the district’s mission and goals.
    • Use of the district’s computer network is a privilege, not a right. Inappropriate use may result in the suspension or revocation of that privilege.
    • Each individual in whose name an access account is issued is responsible at all times for its proper use.
    • All network users will be issued a login name and password. Passwords must be changed periodically and must be of sufficient complexity as determined by the district.
    • Only those network users with permission from the Executive Director of Technology may access the district’s system from off-site (e.g., from home).
    • All network users are expected to take reasonable precaution to secure district information stored on devices they use, including maintaining responsible custody over computer resources, ensuring no unauthorized use of district devices, and exercising prudent judgement when browsing the internet and opening email.
    • All network users are expected to abide by the generally accepted rules of network etiquette. This includes being polite and using only appropriate language. Abusive language, vulgarities and swear words are all inappropriate.
    • Network users identifying a security problem on the district’s network must notify appropriate staff. Any network user identified as a security risk or having a history of violations of district computer use guidelines may be denied access to the district’s network.

    IV. Prohibited Activity and Uses

    The following is a list of prohibited activity for all staff and third party users concerning use of the district’s computer network. Any violation of these prohibitions may result in discipline or other appropriate penalty, including suspension or revocation of a user’s access to the network.

    • Using the network for commercial activity, including advertising.
    • Infringing on any copyrights or other intellectual property rights, including copying, installing, receiving, transmitting or making available any copyrighted software on the district computer network.
    • Using the network to receive, transmit or make available to others obscene, offensive, or sexually explicit material.
    • Using the network to receive, transmit or make available to others messages that are racist, sexist, abusive or harassing to others.
    • Use of another’s account or password.
    • Attempting to read, delete, copy or modify the electronic mail (e-mail) of other system users.
    • Forging or attempting to forge e-mail messages.
    • Engaging in vandalism. Vandalism is defined as any malicious attempt to harm or destroy district equipment or materials, data of a user or another user of the district’s network or of any of the entities or other networks that are connected to the Internet. This includes, but is not limited to, creating and/or placing a computer virus, malware on the network, and not reporting security risks as appropriate.
    • Using the network to send anonymous messages or files.
    • Revealing the personal address, telephone number or other personal information of oneself or another person.
    • Using the network for sending and/or receiving personal messages.
    • Intentionally disrupting network traffic or crashing the network and connected systems.
    • Installing personal software, using personal disks, or downloading files on the district’s computers and/or network without the permission of the appropriate district official or employee.
    • Using district computing resources for fraudulent purposes or financial gain.
    • Stealing data, equipment or intellectual property.
    • Gaining or seeking to gain unauthorized access to any files, resources, or computer or phone systems, or vandalize the data of another user.
    • Wastefully using finite district resources.
    • Changing or exceeding resource quotas as set by the district without the permission of the appropriate district official or employee.
    • Using the network while your access privileges are suspended or revoked.
    • Using the network in a fashion inconsistent with directions from teachers and other staff and generally accepted network etiquette.
    • Exhibiting careless behavior with regard to information security (e.g., sharing or displaying passwords, leaving computer equipment unsecured or unattended, etc.)

    V. No Privacy Guarantee

    Users of the district’s computer network should not expect, nor does the district guarantee, privacy for electronic mail (e-mail) or any use of the district’s computer network. The district reserves the right to access and view any material stored on district equipment or any material used in conjunction with the district’s computer network.

    VI. Sanctions

    All users of the district’s computer network and equipment are required to comply with the district’s policy and regulations governing the district’s computer network. Failure to comply with the policy or regulation may result in disciplinary action as well as suspension and/or revocation of computer access privileges.

    Any information pertaining to or implicating illegal activity will be reported to the proper authorities. Transmission of any material in violation of any federal, state and/or local law or regulation is prohibited. This includes, but is not limited to materials protected by copyright, threatening or obscene material or material protected by trade secret. Users must respect all intellectual and property rights and laws.

    VII. District Responsibilities

    The district makes no warranties of any kind, either expressed or implied, for the access being provided. Further, the district assumes no responsibility for the quality, availability, accuracy, nature or reliability of the service and/or information provided. Users of the district’s computer network and the Internet use information at their own risk. Each user is responsible for verifying the integrity and authenticity of the information.

    The district will not be responsible for any damages suffered by any user, including, but not limited to, loss of data resulting from delays, non-deliveries, mis deliveries, or service interruptions caused by the user’s own negligence or any other errors or omissions. The district also will not be responsible for unauthorized financial obligations resulting from the use of or access to the district’s computer network or the Internet.

    The district will take reasonable steps to protect the information on the network and provide a secure network for data storage and use, including ensuring that contracts with vendors address data security issues and that district officials provide appropriate oversight. Disposal of district computer resources shall ensure the complete removal of district information, or the secure destruction of the resource. Even though the district may use technical and/or manual means to regulate access and information, these methods do not provide a foolproof means of enforcing the provisions of the district policy and regulation.

    First Reading: October 18, 2017

    Second Reading and Adoption: November 2, 2017

    Monticello Central School District

    Back to top

    8635 INFORMATION SECURITY BREACH AND NOTIFICATION

    The Board of Education acknowledges the heightened concern regarding the rise in identity theft and the need for secure networks and prompt notification when security breaches occur. To this end, the Board directs the Superintendent of Schools, in accordance with appropriate business and technology personnel, to establish regulations which:

    • Identify and/or define the types of private information that is to be kept secure. For purposes of this policy, “private information” does not include information that can lawfully be made available to the general public pursuant to federal or state law or regulation;
    • Include procedures to identify any breaches of security that result in the release of private information; and
    • Include procedures to notify persons affected by the security breach as required by law.

    Additionally, pursuant to Labor Law §203-d, the district will not communicate employee “personal identifying information” to the general public. This includes social security number, home address or telephone number, personal electronic email address, Internet identification name or password, parent’s surname prior to marriage, or driver’s license number. In addition, the district will protect employee social security numbers in that such numbers shall not: be publicly posted or displayed, be printed on any ID badge, card or time card, be placed in files with unrestricted access, or be used for occupational licensing purposes. Employees with access to such information shall be notified of these prohibitions and their obligations.

    Any breach of the district’s information storage or computerized data which compromises the security, confidentiality, or integrity of personal information maintained by the district shall be promptly reported to the Superintendent and the Board of Education.

    Cross-ref:

    1120, District Records

    5500, Student Records

    8630, Computer Resources and Data Management

    Ref:

    State Technology Law §§201-208

    Labor Law §203-d

    Adoption date: October 2, 2014

    Revised: June 4, 2015

    Monticello Central School District

    Back to top

    8635-R INFORMATION SECURITY BREACH AND NOTIFICATION REGULATION

    Definitions

    “Private information” shall mean personal information (i.e., information such as name, number, symbol, mark or other identifier which can be used to identify a person) in combination with any one or more of the following data elements, when either the personal information or the data element is not encrypted or encrypted with an encryption key that has also been acquired:

    • Social security number;
    • Driver’s license number or non-driver identification card number; or
    • Account number, credit or debit card number, in combination with any required security code, access code, or password which would permit access to an individual’s financial account.

    “Breach of the security of the system” shall mean unauthorized acquisition or acquisition without valid authorization of physical or computerized data which compromises the security, confidentiality, or integrity of personal information maintained by the district. Good faith acquisition of personal information by an officer or employee or agent of the district for the purposes of the district is not a breach of the security of the system, provided that the private information is not used or subject to unauthorized disclosure.

    To successfully implement this policy, the district shall inventory its hard copy, computer programs and electronic files to determine the types of personal, private information that is maintained or used by the district, and review the safeguards in effect to secure and protect that information.

    Procedure for Identifying Security Breaches

    In determining whether information has been acquired, or is reasonably believed to have been acquired, by an unauthorized person or a person without valid authorization, the district shall consider:

    1. indications that the information is in the physical possession and control of an unauthorized person, such as removal of hard copies, lost or stolen computer, or other device containing information;
    2. indications that the information has been downloaded, removed or copied;
    3. indications that the information was used by an unauthorized person, such as fraudulent accounts, opened or instances of identity theft reported; and/or
    4. any other factors which the district shall deem appropriate and relevant to such determination.

    Security Breaches – Procedures and Methods for Notification

    Once it has been determined that a security breach has occurred, the following steps shall be taken:

    1. If the breach involved hard copy or computerized data owned or licensed by the district, the district shall notify those New York State residents whose private information was, or is reasonably believed to have been acquired by a person without valid authorization. The disclosure to affected individuals shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, or any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the system.

      The district shall consult with the New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC) to determine the scope of the breach and restoration measures.

    2. If the breach involved hard copy or computer data maintained by the district, the district shall notify the owner or licensee of the information of the breach immediately following discovery, if the private information was or is reasonably believed to have been acquired by a person without valid authorization.

    The required notice shall include (a) district contact information, (b) a description of the categories information that were or are reasonably believed to have been acquired without authorization, (c) which specific elements of personal or private information were or are reasonably believed to have been acquired and (d) what the district is doing about it. This notice shall be directly provided to the affected individuals by either:

      1. Written notice
      2. Electronic notice, provided that the person to whom notice is required has expressly consented to receiving the notice in electronic form; and that the district keeps a log of each such electronic notification. In no case, however, shall the district require a person to consent to accepting such notice in electronic form as a condition of establishing a business relationship or engaging in any transaction.
      3. Telephone notification, provided that the district keeps a log of each such telephone notification.

    However, if the district can demonstrate to the State Attorney General that (a) the cost of providing notice would exceed $250,000; or (b) that the number of persons to be notified exceeds 500,000; or (c) that the district does not have sufficient contact information, substitute notice may be provided. Substitute notice would consist of all of the following steps:

      1. E-mail notice when the district has such address for the affected individual;
      2. Conspicuous posting on the district’s website, if they maintain one; and
      3. Notification to major media

    Notification of State and Other Agencies

    Once notice has been made to affected New York State residents, the district shall notify the State Attorney General, the Department of State Division of Consumer Protection, and the State Office of Information Technology Services as to the timing, content, and distribution of the notices and approximate number of affected persons.

    If more than 5,000 New York State residents are to be notified at one time, the district shall also notify consumer reporting agencies as to the timing, content and distribution of the notices and the approximate number of affected individuals. A list of consumer reporting agencies will be furnished, upon request, by the Office of the State Attorney General.

    First Reading: May 19, 2015

    Second Reading and Adoption: June 4, 2015

    Monticello Central School District

    Back to top

    9800 Social Media

    The Board of Education and the Superintendent recognize the importance of social media platforms in promoting community involvement and collaboration. The purpose of any official district social media platform shall be to further the district’s vision and mission, support student learning and staff professional development, and enhance communication with students, parents/guardians, staff, and community members.

    For the purposes of this policy, social media is defined as web-based or mobile forms of electronic communication through which users create online spaces for sharing information, ideas and content. All postings to social media sites will be treated with the same care and consideration as any other communication which the Superintendent or his/her designee generates on behalf of the district. Postings will adhere to the standards set in the Board’s “acceptable use of computers” policy.

    The Board of Education and the Superintendent shall allow the District to use social media platforms solely to communicate with the community. The social media platforms will not be interactive by design. While certain media may allow for public comment, the district will not engage in a dialogue in these sites.

    The Superintendent or designee shall ensure that official District social media content and postings respect privacy rights of students, parents/guardians, staff, and Board members to the extent required by law.

    The Superintendent or designee shall ensure that copyright laws are not violated in the use of material on official District social media platforms.

    Users of official district social media platforms should be aware of the public nature and accessibility of social media and that information posted may be considered a public record subject to disclosure under the Freedom of Information Law and federal disclosure laws.

    Any staff members who act as administrators of District-sponsored social media platforms shall relinquish control of such platform upon separation from the District or upon direction of the Superintendent or the Board.

    If staff members choose to blog on their own or if the staff member maintains a social networking presence, the staff member must ensure that it is clear that the postings do not represent the district as a whole.

    If Board members choose to blog on their own or if the member maintains a social networking presence, the Board member must ensure that it is clear that the postings do not represent the Board as a whole.

    First Reading: May 19, 2015

    Second Reading and Adoption: June 4, 2015

    Monticello Central School District

    Back to top

    9180 STAFF USE OF PERSONAL ELECTRONIC DEVICES FOR WORK-RELATED DUTIES

    The Board of Education authorizes staff use of personal electronic devices to access the district’s computer network to carry out job duties in accordance with this policy. Any other staff use of personal electronic devices must not interfere with performance of work responsibilities or disrupt school operations.

    If a staff member wishes to use his/her personal device the following is required:

    • Abide by the rules of acceptable network use outlined in policy 8630, Computer Resources and Data Management and its associated regulation 8630-R.
    • Use only the district’s network to access the Internet or district applications while on school grounds; do not use other gateways to the Internet to conduct district business.

    Staff members who choose to use their own personal device will not be reimbursed or receive an annual/monthly allowance.

    Privacy

    To ensure district compliance with federal and state confidentiality requirements, the district’s technology department will monitor district computer network activity. The district maintains its right to access and monitor the district’s network. In order to avoid an invasion of privacy of personal devices, staff is advised to keep all district files separate from personal files by properly using the district’s computer network to perform work functions and maintain district records. Employees should not have an expectation of privacy if the district’s network is used for personal purposes.

    Violations of Policy

    Violation of this policy may result in revocation of permission to use a personal electronic device for work purposes and/or discipline of the employee in accordance with applicable negotiated agreements.

    Separation from Employment

    When staff leaves district employment access to the district’s network will be discontinued.

    The Superintendent, or his/her designee, will develop procedures and maintain records to implement and monitor this policy.

    Cross-ref:

    1120, District Records

    5500, Student Records

    8630, Computer Resources and Data Management

    Adopted: November 6, 2014

    Revised: June 4, 2015

    Monticello Central School District

    Back to top