Policies & Procedures
All Marlboro account holders should become familiar with our policies and procedures.
The computer and networking resources are the property of Marlboro College. Issuance of accounts to access those resources is defined in the Network Account Policy. Specific policies in regards to the use of on campus computer labs is defined in the Computer Lab Usage Policy. Responsibility of safeguarding private personal and institutional data are defined in the Information Security Policy.
The Acceptable Use Policy describes limitations on the usage of accounts. Sharing or downloading copyrighted files without permission over the network is illegal and a violation of the Acceptable Use Policy and the Copyright and File Sharing Policy.
At Marlboro College we value the privacy of our website visitors and we do not sell visitor names or other information to third parties. It is possible to visit Marlboro’s websites without self-revealing any personal information. We do, however, collect both personally identifiable data and anonymous information about visitors that may be shared with marketing partners of the college. Here are the kinds of data we collect and why.
Personally Identifiable Data
Personally identifiable data may include names, birth dates, social security numbers, credit card numbers, addresses, and more. All personally identifiable data is collected via secure forms which you, the website user, knowingly supply to Marlboro. We collect this type of data for purposes such as scheduling admissions visits, event registrations, donations to the college, and bookstore purchases.
Anonymous data is collected automatically and is not used to identify individuals. Marlboro collects this data for purposes such as assisting in admissions activities including advertising and to gather a better understanding about how visitors use the Marlboro websites. This information is collected through a variety of methods including scripts, cookies, and log files.
Marlboro College follows industry-standard security measures, to protect the loss, misuse, and alteration of the information under our control.
By visiting the websites of Marlboro College, you consent to the collection and use of both personally identifiable and anonymous data as described above. Where appropriate users are given the option to opt-out of future communications. Marlboro College reserves the right to modify this document at any time.
If you have any questions regarding how Marlboro College handles your privacy with regard to its websites, you may contact our Marketing & Communications Department.
Enrolled students are granted an @marlboro.edu email address. This email address is used for official college communications and students are responsible for checking it regularly; directions on how to forward email addressed to that account to another can be found under the Email Forwarding Tutorial.
Students on temporary leave maintain their @marlboro.edu email address as if they were a current student.
Students enrolled in one more courses at Marlboro but not working toward a degree can request to have a network account, granting them access to library and learning resources, wireless internet access on campus, and email. However, such accounts will immediately be disabled, without notice, once the term in which they are enrolled ends.
When a student’s academic status becomes “Withdrawn” according to the Office of the Registrar, his/her account will be disabled. Under normal circumstances, the IT department will immediately disable access to community services (e.g. Nook and Courses), notify the account user via email of the impeding changes, and allow at least a month of continued access to email and file storage (so the account user can move things off of Marlboro’s network). All email and files will then be deleted off the server.
When a student’s academic status becomes “Plan Discontinuance” or “English Discontinuance,” the same procedure will be followed as Withdrawn. However, account users will usually be granted 1 academic term of continued email and file storage use before the account is completely disabled.
Graduates of the undergraduate college are granted their @marlboro.edu addresses for life, though they do not have space on a server for file storage. After Commencement, the IT department will allow at least a month for graduates to move their non-email files off of Marlboro’s network.
Faculty email and file storage accounts are granted to all faculty, including adjuncts, temporary replacements, and fellows. All such accounts will be disabled immediately upon termination of employment (excluding emeriti faculty).
Staff accounts have different username than student accounts. Meaning, if a student becomes a staff or vice versa they need a new account. Staff are granted an account only while they are employed. They will loose access to those accounts immediately upon termination of employment. Staff are eligible for IT services until their last day of employment. Following the last day of employment, the individuals account and data will be permanently removed. If an email account was used for business purposes, the departing staff member should inform the IT department how their email should be redirected after their departure. If a departing staff member is also an alum of the college, please inform the IT department. The account will be moved to alumni status instead of being removed.
Leaving the College
After any individual exits the College their username will not be reassigned to a different person. It is important that each username remain mapped to one individual because vendors may provision access to their systems and store sensitive information based on this identifier. For example, when Jane Doe accesses the third party online billing system her information could be stored based on her username, jdoe. If we allowed for the reuse of Jane’s username, then eventually another individual might log in to the same payment portal and see her information, which could constitute a breach of security and/or privacy.
The college takes a once-daily snapshot of user account data to protect against the result of hardware failure. These backups are not maintained for archiving purposes, may exclude emails and files created and deleted between backup snapshots, and are deleted after 21 days. (This policy excludes administrative server data, such as financial and registrar records, and files on administrative servers, which are retained as long as the backup medium remains readable.)
Exceptions to the above policies may be granted only by the college administration or where described in the Acceptable Use Policy.
A harsh reality of the modern age is that all community members – staff, faculty, and students alike – must be very conscious, and share in the responsibility, of safeguarding private personal and institutional data. Though IT strives to keep firewalls, virus protection, and other mechanical security devices in place, you, the user, are often unwittingly a critical attack vector in a data breach. Confidentiality, integrity, and accessibility of all data, are of the most importance in response to protect the quality and validity of stored information. Any inspections of electronic data, emails, and data stored on Marlboro College servers and computers that may occur will be governed by Marlboro’s College Operating Procedures and laws that may be applicable for both State and Federal data regulations.
The Information Security Policy is designed to protect data that is maintained by Marlboro College while providing education on safe computer practices that includes receiving e-mails, data-retention, and Cyber Security.
- DO NOT ever give anyone your password. IT will never ask for it and any request should be treated as a phishing attempt and security incident.
- Passwords must be changed every 180 days.
- Computer equipment and sensitive data must be secured at all time.
- Doors to offices are to be locked when not in use.
- Log out of all secure websites and or databases before leaving the computer.
- Computers in public spaces are to be locked to a desk and or other permanent device located in the office using a “Computer Cable Security Lock.”
- Users are to lock their devices when not in use by hitting “Ctrl+Alt+Delete” then selecting lock.
- No software may be downloaded without the knowledge and consent of the IT department.
- No plug and play USB storage devices are to be used on ITS without prior IT approval.
- No personal devices are to be connected to the “Admin” network. A “Marlboro College” wireless network is provided for personal devices.
- E-mails are very useful for spear phishing and malware attacks. Most reconnaissance for malware and spear phishing attacks are performed by e-mail. Therefore, the following provisions have been adopted.
- Do not open email attachments or embedded links from unknown senders.
- Do not follow suspicious web links in email. If you are unsure if it is suspicious or not contact email@example.com for information.
- No files are to be downloaded from untrusted sources. When in doubt send an email to “firstname.lastname@example.org” for further guidance.
- Do not send secure information through email. See charts below for more guidance.
Types of Information
|Legally protected data and other data where disclosure would pose a significant legal risk to individuals and/or the college. Typically contains personally identifying information.|
|Confidential|| Medium ||Data that should be carefully protected, but poses less financial or legal risk to the individual or college if exposed.|
|Public||Low to none||Publically available data||Anything you’d on a public page of the college’s website, including names, email addresses, etc.|
Ideally, all secure and confidential data should be stored and accessed only via the system that houses it. For example, if a staff member needs a list of students on academic probation, or health insurance information, or students with financial needs, she should be granted access in the authoritative systems (e.g. Sonis, Education Edge, PowerFaids, et cetera) to view that data directly, avoiding creating and emailing external spreadsheets. When that’s not feasible, there are several solutions for storing and sharing information.
|Storage or Transport Mechanism||Secure||Confidential||Public|
|Google Drive/Docs||DO NOT USE||OK, with caution||OK|
|Email/Gmail||DO NOT USE||OK, with caution||OK|
|Marlboro laptop||DO NOT USE||OK, with caution||OK (Google Drive Recommended)|
|Your own computer||DO NOT USE||DO NOT USE||OK (Google Drive Recommended)|
|Your phone or tablet||DO NOT USE||DO NOT USE||OK (Google Drive Recommended)|
|Thumb drive||DO NOT USE||DO NOT USE||OK (Google Drive Recommended)|
|Marlboro encrypted drive or file||OK, with caution||OK, with caution||OK (Google Drive Recommended)|
Echo Common (K Drive)
Nook secure file upload
|OK||OK||OK (Email reccomended)|
|Website (main site, public area of Nook)||DO NOT USE||DO NOT USE||OK|
|Social media (Facebook, Twitter, YouTube, Instagram, et cetera)||DO NOT USE||DO NOT USE||OK, with caution|
Email is not a secure medium and should never be used for secure data with the possible exception of encrypted files. Email sent to another @marlboro.edu address stays on Google and Marlboro servers and can be considered confidential as long as both you and the other users are following best practices (e.g. not auto-forwarding Marlboro mail to another account). However, confidential data should not be sent to an address in another domain as confidentiality cannot be assured.
Phone and Tablet Policy
Content under revision.
Google Apps for Education
Google Apps for Education consists of a set of applications including Gmail, Calendar, Google Drive, Google Docs, Google Sheets, Google Slides, and Google+. Marlboro users should consider the following general issues when using Google Apps For Education.
- Google Apps logins are pervasive across all Google content and remain in effect until you Sign Out: When you sign into YouTube, you are also logged in to Google’s mail, calendar, map, and news applications. Google’s search engine will tie your searches to your identity – that’s great if you’re trying to remember arcane search criteria, but not helpful if you’ve forgotten to sign off from a publicly accessible computer. You need to sign out after using apps in order to be ensure that a password is requested next time. As such you should not use Apps from any computer or device not owned by Marlboro College and password protected if you work with confidential data.
- You can work with multiple Apps accounts in the same browser, but if you do, caution should be used to avoid data mismanagement.
- If you sign into one App on your browser or device you sign into all apps.
- Google Apps is FERPA compliant. However, you must be follow of FERPA guidelines and best practices.
- Marlboro has worked with Google to insure letter-of-the-law HIPPA compliance. However, due to general security issues Google Apps SHOULD NOT be used for health information without arrangements with IT to insure security. (For example, though a Google calendar is technically “HIPPA Compliant,” nothing stops you from adding private information to it, or sharing that calendar with someone who shouldn’t see it.)
- Google Apps should not be used for secure data.
Gmail Specific Issues
Email in general is not considered to be a secure medium and should never be used for secure data with the possible exception of encrypted files. Email sent to another @marlboro.edu address stays on Google and Marlboro servers and can be considered confidential as long as both you and the other users are following best practices (e.g. not auto-forwarding Marlboro mail to another account). However, confidential data should not be sent to an address in another domain as confidentiality cannot be assured.
Google Drive/Docs Specific Issues
The biggest pitfall with Google Drive is that it’s easy to accidentally share documents with the wrong people. Documents stored on Google Drive cannot be given the same fine grained permissions that IT can assign to documents saved on Marlboro servers. Thus extreme care needs to be taken with confidential data; secure data should not be stored on Google Drive at all. When you share documents, unless they are public data, be very careful with whom you share them – particularly when sharing with addresses out of the marlboro.edu domain. If you are simultaneously logged into your personal Gmail account and your Marlboro account be sure to double check the current logged-in address in the upper right corner before starting a new document with Marlboro information or uploading something to your drive.
Marlboro College is dedicated to stopping illegal downloading and unauthorized distribution of copyrighted intellectual property. Per the Higher Education Opportunity Act of 2008, the College must inform you of the potential Federal civil and criminal penalties for violation of Federal copyright laws. To wit, as provided by the US Department of Education:
Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.
Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages affixed at not less than $750 and not more than $30,000 per work infringed. For “willful” infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys’ fees. For details, see Title 17, United States Code, Sections 504, 505.
Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.
Academic work always has first priority over all other usage of the lab equipment. Persons doing non-academic work (non-specific web browsing, social e-mailing, pleasure writing, etc) are expected to surrender the use of the lab computers to persons who need the equipment for academic work.
Using the equipment for non-classwork related purposes has second priority. This includes just about all uses of the computer outside of game playing. Self-training, web browsing or editing, e-mailing, ftp-ing, and other uses of the equipment is allowed as long as there are machines available for those who need to do academically related work. This sort of usage is encouraged, as it allows the users to become more comfortable with the equipment.
Lab Monitor Authority:
While the lab monitors are on duty, they are the duly appointed enforcers of the lab policy. They are responsible for being sure the equipment is not being abused, as well as assuring that everyone is signing up for their time on the lab computers. They are also the persons responsible for judging what is academic work, what is non-academic work, and what is not allowed in the labs. It is their duty to keep things running smoothly in the lab, keeping the noise level down to a library-like standard, as well as resolving any conflicts regarding equipment usage. All persons using the lab are expected to listen to lab monitors, and follow their instructions. If anyone has a problem with the way a lab monitor is handling a situation, or the general behavior of the lab monitors, they should report the matter to the IT Department.
Expectations for reasonable and ethical use of Marlboro College computing resources are congruent with the Mission of the College. Computing resources are primarily intended to support the educational goals of the College; therefore, uses for academic and administrative purposes have priority. Moreover, computer users at Marlboro should act in accordance with community standards and expectations set out in Marlboro College’s Constitution and bylaws. Responsible and ethical behavior, as it pertains to computer use at Marlboro College, includes but is not limited to the following rights and responsibilities.
Services & Resources: Individuals may avail themselves of information technology systems (ITS) and services at the college appropriate for your role within in the community.
Privacy: Individuals should be aware that data files, electronic messages and internet traffic stored and/or transmitted by the Marlboro network cannot be guaranteed to be private and confidential and are traceable to individuals. Nevertheless, IT administrators at Marlboro College make every effort to treat the contents of data files, electronic mail and internet traffic as private and confidential. Access and inspection of electronic data stored on Marlboro College servers will be governed by all standard College procedures and applicable U.S. and Vermont Laws.
Freedom of Expression: Following the AAUP 1967 Joint Statement on Rights and Responsibilities of Students, the College believes that community members, “should be free to examine and discuss all questions of interest to them, and to express opinions publicly and privately. They should always be free to support causes by orderly means which do not disrupt the regular and essential operation of the institution. At the same time, it should be made clear to the academic and larger community that in their public expressions or demonstrations [individuals in the community] speak only for themselves.” These freedoms of expression extend to the use of computer and Internet resources.
Due Process: Marlboro’s online communications are an extension of the college’s physical community and should therefore not be used to harm another member of the community. Violations of college policies, bylaws, or the constitution that occur online–through evidence that a specific user account violated the rights of an individual connect to another specific user account–shall be addressed in the same manner as if those violations had occurred in the physical community. These violations include, but are not limited to, harassment and infringing on others’ privacy or academic freedom. Misuse of ITS will be handled in the same manner as other violations and infringements of College policies and the Community Code of Conduct. In a situation where a system administrator feels the integrity of a computer system or network has been seriously threatened by an individual’s behavior, the College reserves the right to immediately suspend access pending further action by the appropriate authority.
Legal Behavior: As in any college endeavor, individuals are required to behave in a manner consistent with state and federal law. Individuals are responsible for their own actions.
System Integrity: Individuals should not act in any way that could reasonably be expected to damage or compromise ITS at the College. Likewise, no one should attempt to gain unauthorized access to or try to overwhelm the system resources. Faculty, staff and students may not share passwords or attempt to access any account not assigned to them.
Reasonable Comport: Like within the physical community at the College, electronic communication should support the “general assumption that a code of civilized behavior, suitable to adult citizens of a democratic community, will be followed by all members of the Marlboro College Community.”
College Logo and Name: the college logo may not be used in electronic media without authorization by the appropriate College body. Congruent with the College Policy on Campus Organizations no individual or group may use the name Marlboro in the title of its organization without registering such organization with the Dean of Students’ Office. Individuals may not represent themselves as official agents of the college.
Non-Profit: Personal use of the College’s computing resources is not explicitly prohibited as long as it does not interfere with other users’ access to resources for academic or administrative work and is not excessive.
Internet Service Provider Policies: Use of the College’s external internet connection is also bound by any related policy of our upstream service provider(s). A violation of such policy by any individual user can jeopardize the entire College’s internet service connection. By accessing the College’s internet, users also agree to abide by these policies, listed below.