Accordions

Purchase College is committed to protecting the privacy and confidentiality of information contained in the multiple databases and print files maintained by the college in the regular course of business. Personal information that is confidential in nature will be used only in accordance with Purchase College Information Security Program, Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA) regulations, and all applicable SUNY, state, and federal regulations.

 POLICY

Employees at Purchase College by nature of their positions will gain access to private personal information about students, faculty, staff, alumni, and other constituents of the college. Employees are obligated to maintain the confidentiality of any such private personal information that is encountered.

Purchase College expects all employees with access to personal information to deal with that information in a respectful and professional manner. As a matter of policy, the college restricts access to personal information to only those employees who have a legitimate “job-related reason” in the performance of their duties for gaining access. Access and release of any student educational records must be in accordance with FERPA regulations.

Access and release of any health records must be in accordance with HIPAA regulations. Any personal information viewed or accessed by an employee through college systems or records is not to be shared or released to others unless there is a legally permissible purpose for doing so. In addition, in accordance with Section 203-d of the New York Labor Law, Purchase College will not:

• Publically post or display anyone’s Social Security number;

• Visibly print a Social Security number on an identification badge, including any time card;

• Place Social Security numbers in files with open access; or

• Communicate an employee’s personal “identifying information” to the general public.

Personal Identifying information (PII) is defined by NYS as including an employee’s Social Security number, financial account number and PIN, or driver’s license number. Access to PII will be restricted to those with a demonstrable need for access.

Inappropriate disclosure of information pertaining to students, faculty, staff, and other college constituents may violate applicable law and is considered a violation of ethics and a breach of trust placed in employees by the college. Upon finding of a breach of this policy by an employee in a collective bargaining unit, the college may initiate disciplinary action pursuant to the applicable collective bargaining agreement, up to and including termination of employment.

Employees who deal with confidential material on a regular basis will be required to sign a confidentiality statement and to complete annual information security training. Each campus manager will determine employees required to have access to PII who must receive training and sign confidentiality statements.

GUIDELINES

Employee, student, financial, and medical information contained within Purchase College information systems (electronic and physical files) and external SUNY systems is considered confidential. Access to information made confidential by law or campus practice is limited to those individuals (employees, consultants, adjunct professors, third-party vendors, etc.) whose position legitimately requires use of this information.

The employees (Purchase College faculty, staff, student employees, and volunteers appointed by the college) understand that by virtue of their work for Purchase College they may have access to data that are confidential, and therefore understand they may not disclose such confidential data to any person or entity without appropriate authorization, subpoena, or court order.

Examples of confidential PII information include the following:

• Social Security numbers (SSN)

• Motorist identification number

• Bank account numbers and PIN

In addition, FERPA regulations cover

• Educational records

• Information (including directory information) made confidential by written request.

In order to access confidential information, employees agree to adhere to the following guidelines:

1. Employees understand and acknowledge that improper or inappropriate use of data in the college’s information systems is a violation of college policy, and it may also constitute a violation of federal and/or state laws.

2. Employees will not provide confidential information to any individual or entity without proper authorization.

3. Employees will not access, use, copy or otherwise disseminate information or data that is not relevant and necessary to perform their specific job-related duties.

4. Employees will not remove confidential information from college facilities except as specifically authorized to do so.

5. Employees will not share their user ID and password with anyone.

6. Employees will not use the data for personal or commercial purposes.

7. Employees will refer all requests for educational records from law enforcement governmental agencies and other external entities to the vice president for student affairs for matters related to students and to the FOIL Officer for all other requests.

8. Employees will refer external requests for all college statistical, academic or administrative data to the Office of Institutional Research, Office of Human Resources, or those departments that have been authorized to respond to such requests.

9. Employees will not communicate any Purchase College employee’s personal identifying information to the general public.

10. Employees will report any unauthorized access to confidential data immediately to their supervisor and to the Chief Information Officer.

11. Employees understand that any improper or inappropriate use of data in the college’s information systems may result in disciplinary action pursuant to the applicable collective bargaining agreement, up to and including termination of employment.

12. Employees are not permitted to store Social Security numbers, credit card numbers, motorist/non-driver IDs or bank account numbers on individual staff computers, or portable media such as external hard drives, USB thumb drives, CDs, DVDs, tapes, etc. without express authorization from the Chief Information Officer. Storing any other confidential data on individual staff computers or any type of portable media is strongly discouraged.

14. Employees storing confidential data on college servers must on an operational basis remove files containing confidential data when no longer needed.

15. Employees who are uncertain about what constitutes legitimate use or release of information should always err on the side of confidentiality and refer their questions about the appropriateness of a request for personal information from college systems or records to their supervisor before releasing the information.

PROCEDURES

1. Supervisors are required to review the Information Security Policy Regarding Confidential Information with each new employee assigned to their department. During the department orientation process, supervisors should provide each employee with a description of the type(s) of confidential information his or her specific position will work with in the performance of his or her duties.

As a community of artists, writers, musicians, filmmakers, and scholars whose careers will be spent creating intellectual property, we encourage our entire community to respect the property of others. Downloading anything onto your machine from untrustworthy P2P (peer-to-peer) sources or websites not only exposes you to viruses, worms, and spyware, but often violates the copyright laws and can lead to suspension of network privileges, or to lawsuits from the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), or the Business Software Alliance (BSA). Please remember that theft is a crime, and that nothing in cyberspace is truly anonymous.

Copyright protections are created when words are put on paper, transmitted via email, when music is recorded, software is written, or when an image is created.  Once done, the work is protected by copyright—no formal copyright registration or seal is required for copyright protection to be in effect. If someone else wants to use the work, they must get permission from its creator.

Copyrighted material includes almost all forms of original expression fixed in tangible medium even if no formal copyright notice is filed or attached. However, you cannot copyright any idea, process, system, method of operation, concept or principle, regardless of the form in which it is described. 

Copyright infringement is any reproduction (download), display, distribution (upload), creation of derivative works, or public performance of copyrighted work without permission of the copyright owner.

Federal copyright law and college policy prohibit the copying and/or distribution of copyrighted material without the permission of the copyright owner. Copyrighted materials include but are not limited to text, graphics, art, photographs, music, film, and software. 

Peer-to-peer (P2P) software such as BitTorrent that is often used to share music, movies and other media may lead to violation of copyright laws. Most P2P software automatically shares anything that you download by default—so if you downloaded the latest Hollywood blockbuster to watch it, you would also be helping to distribute an illegal copy to others by sharing the contents of your machine with the world.

If you use any P2P software for legitimate purposes, as a security precaution, you should disable its file sharing component. There is an IU website with details on disabling file-sharing for most P2P software: http://protect.iu.edu

Digital Millennium Copyright Act (DMCA)

The DMCA can be reviewed at: http://www.copyright.gov/legislation/dmca.pdf

An overview of the act can be found at: http://www.arl.org/focus-areas/copyright-ip 

To report alleged copyright infringements on Purchase College computers, please contact the college’s designated DMCA agent:

Bill Junor
Director of Campus Technology  Services 
Purchase College, SUNY
735 Anderson Hill Rd.
Purchase, NY 10577
Tel. 914.251.6461
Fax 914.251.6476

 
Purchase College DMCA Notification Policy / Procedure for DMCA Infringement Reports - September 2008

Pursuant to the provisions of the Digital Millennium Copyright Act, Purchase College receives DMCA Copyright Infringement Notices alleging that computer(s) registered to Purchase College IP addresses are allegedly illegally infringing on copyrighted materials belonging to others. Infringement of copyright is a violation of Federal law, and the violator is subject to both substantial fines and civil damages.

Under the DMCA, as an Internet Service Provider (ISP), the college is obligated to expeditiously remove or disable the allegedly infringing material and notify the subscriber of its actions in what is referred to as “notice and take down procedure.”  The Purchase College DMCA infringement procedure is as follows: 

1. RIAA, MPAA and various agents report alleged copyright infringements to the college’s named DMCA agent, CTS.

2. CTS identifies the computer, the room, and the owner of the computer, and records the DMCA case number, name, other information in a DMCA incident report ticket.

3. CTS places the computer in question into a restricted network

4. The computer owner’s name is forwarded to the vice president for student affairs and to the Office of Community Standards in the form of a DMCA Violation Letter that includes the specific information contained in the Violation Notice received by the college.

5. Student Affairs refers student to the Office of Community Standards for possible disciplinary action.

6. VP Student Affairs or the Office of Community Standards will notify CTS if/when the individual’s computer should be removed from the restricted network once the Office of Community Standards has completed its process.

The college also recommends  that all students take theUniversity of Texas Copyright Crash Course or their Copyright Tutorial, or take other appropriate steps to further their understanding of copyright infringement.

 Counter Notice

Under the DMCA, the college is obligated to inform you of certain requirements of that Act. You have the right under the Act to send a counter notice that you are not in violation or that the violation has ceased. That notice must be in the form required by the Act, and you are advised to seek legal counsel at your expense for appropriate advice on the form of any counter-notice. The specific statutory language is as follows: (17 USC 512(g)(3)): Contents of Counter-Notification: To be effective under this subsection, a counter notification must be a written communication provided to the service provider’s designated agent that includes substantially the following:

(A)          A physical or electronic signature of the subscriber.
(B)           Identification of the material that has been removed or to which access has been disabled and the location at which the material appeared before it was removed or access to it was disabled.
(C)           A statement under penalty of perjury that the subscriber has a good faith belief that the material was removed or disabled as a result of mistake or misidentification of the material to be removed or disabled.
(D)          The subscriber’s name, address, and telephone number, and a statement that the subscriber consents to the jurisdiction of Federal District Court for the judicial district in which the address is located, or if the subscriber’s address is outside of the United States, for any judicial district in which the service provider may be found, and that the subscriber will accept service of process from the person who provided notification under subsection ©(1)© or an agent of such person.

The above is provided for your information only, not as advice, nor is it an attempt at stating the law or your responsibility.  You should review the entire Act with your attorney. 

You are responsible for any network device registered in your name (like a Wi-Fi hotspot). 
You should use encryption on any and all Wi-Fi devices.  You are responsible for any and all internet traffic coming in and out of a device registered under your name. If you did not secure your wireless router, anyone in it’s proximity could have downloaded the file.
If you review the Router Policy you’ll find the following policy regarding encryption/password protection
You should use a strong password (i.e. not “password”);
You should not share your Wi-Fi password with anyone for any reason. 

  College Computer Network Users: if you lose access due to an alleged violation

If you receive an official notice from the college of an alleged copyright violation and have had your network access restricted, please contact the Office of Student Affairs to find out how you can have your network access restored:

Office of the Vice President
for Student Affairs
Student Services 316L
Purchase College
735 Anderson Hill Rd.
Purchase, NY 10577-1400
(914) 251-6030
Fax: (914) 251-6034
student-affairs@purchase.edu

Purchase College is committed to protecting the privacy and confidentiality of information contained in the multiple databases and print files maintained by the college in the regular course of business. Personal information that is confidential in nature will be used only in accordance with Purchase College Information Security Program, Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA) regulations, and all applicable SUNY, state, and federal regulations.

POLICY

Employees at Purchase College by nature of their positions will gain access to private personal information about students, faculty, staff, alumni, and other constituents of the college. Employees are obligated to maintain the confidentiality of any such private personal information that is encountered.

Purchase College expects all employees with access to personal information to deal with that information in a respectful and professional manner. As a matter of policy, the college restricts access to personal information to only those employees who have a legitimate “job-related reason” in the performance of their duties for gaining access. Access and release of any student educational records must be in accordance with FERPA regulations.

Access and release of any health records must be in accordance with HIPAA regulations. Any personal information viewed or accessed by an employee through college systems or records is not to be shared or released to others unless there is a legally permissible purpose for doing so. In addition, in accordance with Section 203-d of the New York Labor Law, Purchase College will not:

• Publically post or display anyone’s Social Security number;

• Visibly print a Social Security number on an identification badge, including any time card;

• Place Social Security numbers in files with open access; or

• Communicate an employee’s personal “identifying information” to the general public.

Personal Identifying information (PII) is defined by NYS as including an employee’s Social Security number, financial account number and PIN, or driver’s license number. Access to PII will be restricted to those with a demonstrable need for access.

Inappropriate disclosure of information pertaining to students, faculty, staff, and other college constituents may violate applicable law and is considered a violation of ethics and a breach of trust placed in employees by the college. Upon finding of a breach of this policy by an employee in a collective bargaining unit, the college may initiate disciplinary action pursuant to the applicable collective bargaining agreement, up to and including termination of employment.

Employees who deal with confidential material on a regular basis will be required to sign a confidentiality statement and to complete annual information security training. Each campus manager will determine employees required to have access to PII who must receive training and sign confidentiality statements.

GUIDELINES

Employee, student, financial, and medical information contained within Purchase College information systems (electronic and physical files) and external SUNY systems is considered confidential. Access to information made confidential by law or campus practice is limited to those individuals (employees, consultants, adjunct professors, third-party vendors, etc.) whose position legitimately requires use of this information.

The employees (Purchase College faculty, staff, student employees, and volunteers appointed by the college) understand that by virtue of their work for Purchase College they may have access to data that are confidential, and therefore understand they may not disclose such confidential data to any person or entity without appropriate authorization, subpoena, or court order.

Examples of confidential PII information include the following:

• Social Security numbers (SSN)

• Motorist identification number

• Bank account numbers and PIN

In addition, FERPA regulations cover

• Educational records

• Information (including directory information) made confidential by written request.

In order to access confidential information, employees agree to adhere to the following guidelines:

1. Employees understand and acknowledge that improper or inappropriate use of data in the college’s information systems is a violation of college policy, and it may also constitute a violation of federal and/or state laws.

2. Employees will not provide confidential information to any individual or entity without proper authorization.

3. Employees will not access, use, copy or otherwise disseminate information or data that is not relevant and necessary to perform their specific job-related duties.

4. Employees will not remove confidential information from college facilities except as specifically authorized to do so.

5. Employees will not share their user ID and password with anyone.

6. Employees will not use the data for personal or commercial purposes.

7. Employees will refer all requests for educational records from law enforcement governmental agencies and other external entities to the vice president for student affairs for matters related to students and to the FOIL Officer for all other requests.

8. Employees will refer external requests for all college statistical, academic or administrative data to the Office of Institutional Research, Office of Human Resources, or those departments that have been authorized to respond to such requests.

9. Employees will not communicate any Purchase College employee’s personal identifying information to the general public.

10. Employees will report any unauthorized access to confidential data immediately to their supervisor and to the Chief Information Officer.

11. Employees understand that any improper or inappropriate use of data in the college’s information systems may result in disciplinary action pursuant to the applicable collective bargaining agreement, up to and including termination of employment.

12. Employees are not permitted to store Social Security numbers, credit card numbers, motorist/non-driver IDs or bank account numbers on individual staff computers, or portable media such as external hard drives, USB thumb drives, CDs, DVDs, tapes, etc. without express authorization from the Chief Information Officer. Storing any other confidential data on individual staff computers or any type of portable media is strongly discouraged.

14. Employees storing confidential data on college servers must on an operational basis remove files containing confidential data when no longer needed.

15. Employees who are uncertain about what constitutes legitimate use or release of information should always err on the side of confidentiality and refer their questions about the appropriateness of a request for personal information from college systems or records to their supervisor before releasing the information.

PROCEDURES

1. Supervisors are required to review the Information Security Policy Regarding Confidential Information with each new employee assigned to their department. During the department orientation process, supervisors should provide each employee with a description of the type(s) of confidential information his or her specific position will work with in the performance of his or her duties.

2. Employees in areas of the college that deal with confidential material will be required to sign a confidentiality statement to be stored in the employee’s personnel file. Each vice president in conjunction with their managers will determine employees required to sign confidentiality statements.

3. Supervisors shall review the policy on Information Security Policy Regarding Confidential Information on an annual basis and confirm in writing that each employee in the unit reviewed and understood the policy.