IT Policy Statement
Purpose
This policy provides notice of the expectations and guidelines of the Colorado Attorney Mentoring Program (CAMP) to all who use and manage Information Technology (IT) resources and services.
CAMP provides IT Resources for the advancement of the program’s educational, research, service, and business objectives. Any access or use of IT Resources that interferes, interrupts, or conflicts with these purposes is not acceptable and will be considered a violation of this policy.
Scope
This policy, and all policies referenced herein, apply to all members of the Colorado Attorney Mentoring Program including staff, mentors, mentees, , authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, CAMP’s IT Resources, whether individually controlled, shared, stand-alone, or networked.
Definitions
IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.
1. User Responsibilities and Statement of Prohibited Uses
A. Spirit of Use
Only authorized Users have the privilege to access and use the IT Resources. Access and use is limited to the purposes that are consistent with the instructional, research, and administrative goals of CAMP.
Users are expected to uphold the standards and principles of CAMP while using the IT Resources and are required to respect the rights of others at all times. Users are prohibited from using any portion of the IT Resources to post or transmit any information, including data, text, files, links, software, chat, collaboration, communication, or other content (Content) that is abusive, disparaging, discriminatory, hostile, combative, threatening, harassing, intimidating, defamatory, pornographic, or obscene. Users who do not respect the Spirit of Use of IT Resources may be held in violation of this policy.
B. User Names
CAMP recognizes that common practice in computing, online or otherwise, involves use of a “user name”, “login”, or “screen name” (collectively, “user name”) that may be different from the User’s legal name. Using someone else’s name or assuming someone else’s identity without appropriate authorization, however, is a violation of CAMP’s principles and this policy.
Users may not use the IT Resources under false name, identification, email address, signature, or other medium of any person or entity without proper authorization. CAMP prohibits such use of a User name for the purposes of misrepresentation or an attempt to avoid legal or other obligations. Any such unethical use may constitute a violation of this policy.
C. Passwords
When choosing a password for access to the IT Resources, or portions thereof, Users are must adhere to the following rules so as to prevent unauthorized access through any User’s password.
- Use a different password for each account; and
- Do not write down your password(s) on a piece of paper or record them in a file.
- Users should avoid using:
- Birth dates;
- Names (First, Last, or any combination);
- Unaltered words that could be found in a dictionary, including non-English words, and words spelled backwards;
- Telephone numbers;
- Social Security numbers;
- Famous or other proper names; and
- Alphabet or keyboard sequences (e.g. “QWERTY”).
Users should not have an expectation of privacy in content either located in CAMP’s IT Resources or the User’s own system, whether that content is protected by a user name and password, or otherwise.
D. Additional Responsibilities
All Users must fully comply with the standards and responsibilities of acceptable use as outlined in:
- All applicable provisions of the CAMP employee handbooks and agreements;
- This IT Policy in its entirety including the related policies as defined in the Related Policies and Procedures section;
- All local, state, federal, and international laws;
- All application and/or software license agreements acquired by CAMP and its authorized units; and
- All applicable CAMP policies and procedures including sexual harassment and non-discrimination.
Users must adhere to the following responsibilities:
- Self-policing of passwords and access codes as set forth above;
- Respecting authorial integrity and the intellectual property rights of others;
- Respecting and protecting the confidentiality, integrity, and availability of all CAMP IT Resources;
- Ensuring that all data and files that the User accesses, transmits, and/or downloads are free from any computer code, file, or program which could damage, disrupt, expose to unauthorized access, or place excessive load on any computer system, network, or other IT Resource;
- Reporting any security risk or code, file, or program, including computer viruses, Trojan Horses, worms, or any other malware that affects any IT Resource including any owned or operated by the User; and
- Properly backing up appropriate User systems, software, and data.
E. Additional Prohibited Uses
Users are prohibited from accessing or using the IT Resources in the following manners:
- Initiating or participating in unauthorized mass mailings to news groups, mailing lists, or individuals, including, but not limited to, chain letters, unsolicited commercial email (commonly known as “spam”), floods, and bombs;
- Giving others, by password or other means, unauthorized access to any User account or the IT Resources;
- Seeking to, without authorization, wrongly access, improperly use, interfere with, dismantle, disrupt, destroy, or prevent access to, any portion of the IT Resources including User or network accounts;
- Violating or otherwise compromising the privacy, or any other personal or property right, of other Users or third parties through use of the IT Resources;
- Disguising or attempting to disguise the identity of the account or other IT Resource being used including “spoofing” resource addresses, impersonating any other person or entity, or misrepresenting affiliation with any other person or entity;
- Using the IT Resources to gain or attempt to gain unauthorized access to networks and/or computer systems;
- Engaging in conduct constituting wasteful use of IT Resources or which unfairly monopolizes them to the exclusion of others;
- Engaging in conduct that results in interference or degradation of controls and security of the IT Resources;
- Unless expressly authorized by CAMP in writing, exploiting or otherwise using the IT Resources for any commercial purpose;
- Engaging in computer crimes or other prohibited acts;
- Intentionally or unintentionally violating any applicable local, state, federal, or international law;
- Knowingly or negligently running, installing, uploading, posting, emailing, or otherwise transmitting any computer code, file, or program, including, but not limited to, computer viruses, Trojan horses, worms, or any other malware, which damages, exposes to unauthorized access, disrupts, or places excessive load on any computer system, network, or other IT Resource; and
- Using any IT Resource, including email or other communication system to intimidate, insult, embarrass, or harass others; to interfere unreasonably with an individual’s work, research, or educational performance; or to create a hostile or offensive environment.
2. Intellectual Property
As each User should have an expectation that others will not abuse his or her intellectual property rights, every User must also respect the intellectual property rights of others including those of other Users, all members of the CAMP community, and all third parties.
Potential violation of intellectual property laws and rights is not merely limited to unauthorized downloading of copyrighted movies, television shows, music, and software through file-sharing software. Rather, the concept of intellectual property broadly covers all copyrighted works, trademarks, patents, and other proprietary and confidential information.
CAMP requires every User to adhere to a strict policy of respecting intellectual property rights. Infringing and illegal uses may involve:
- Unauthorized copying or sharing of written works, such as textbooks and course materials;
- Unauthorized copying, sharing, and use of digital videos or images, digital music as well as logos and other marks;
- Unauthorized copying, sharing, or installation of software, including commercially licensed software as well as “shareware”; and
- Unauthorized copying, sharing, or use of copyrighted, or otherwise proprietary, data or collections of data.
It is the responsibility of every User to avoid infringing any intellectual property right and to report the infringement of another User if and when it is discovered. Failure to respect such rights, or report infringements, is a violation of this policy and subject to the sanctions set forth below.
3. Privacy
CAMP reserves the right to access, inspect, examine, monitor, intercept, remove, restrict, and take possession of all CAMP owned and operated IT Resources, including but not limited to, electronic mail network connectivity, hard disks, printed media, devices, data, software, printers, voice mail, removable media, fax machines, scanners, computers, mobile devices, telephony equipment, connected devices, laptops, documents, and other files.
CAMP also reserves the right to access, inspect, examine, monitor, intercept, remove and restrict use and access to the IT Resources indicated above.
CAMP may exercise these rights for various reasons, including but not limited to:
- Ascertaining whether Users are using the systems in accordance with the IT Policy and other CAMP guidelines;
- Preventing, investigating, or detecting unauthorized use of CAMP’s systems;
- Ensuring compliance with applicable laws and regulations.
Users are expected and obligated to use such IT resources in a manner consistent with the purposes, objectives, and mission of CAMP and this policy.
Except where applicable law provides otherwise, Users should have no expectation of a reasonable level of privacy while accessing or using CAMP’s IT Resources. For example, issuance of a password or other means of access is to assure appropriate confidentiality of CAMP-related information and files. However, it does not guarantee privacy, especially for personal or unlawful use of IT Resources.
Users should note that CAMP may also require back-up and caching of various portions of the IT Resources; logging of activity; monitoring of general usage; and other activities that are not directed against any individual User or User account, for protecting CAMP’s IT Resources and systems, maintaining security and maintenance, or restoring normal operations of the IT Resources.
CAMP reserves the right to examine, use, and disclose any data or Content found on CAMP’s IT Resources for the purposes of furthering the health, safety, discipline, legal rights, security, or intellectual or other property of any User or other person or entity. Information that CAMP gathers from such permissible monitoring or examinations may also be used in disciplinary actions. Such information may be disclosed to law enforcement officials when necessary.
Users are responsible for the security of their own User IDs and passwords. Passwords must not be shared with other persons.
4. Monitoring, Reporting, Violation, and Sanctions
Monitoring
As noted above, CAMP may, but is not required to, monitor, block, or otherwise prevent inappropriate use of the IT Resources. Nonetheless, in the event of a violation or failure to comply with this policy, CAMP may monitor any User’s access and use of the IT Resources in order to determine whether violations are taking place. If violations are found, CAMP may initiate charges and impose appropriate sanctions by following the various processes and procedural safeguards that are applicable to the User’s employment or enrollment status.
Reporting
Users have an obligation to report violations of the IT Policy as well as any potential security or other breach of any portion of the IT Resources. Reporting of any such violations or other issues involving the inappropriate use of the IT Resources should be referred to:
- The CAMP Executive Director; or
- The Chair of the Supreme Court Advisory Committee, if the alleged offender is the CAMP Executive Director.
Violations
A violation of the IT Policy is considered a violation of CAMP’s principles, objectives, and standards. Depending on the severity of violation, it may also violate CAMP’s other policies or even local, state, federal, or international law. CAMP may impose penalties ranging from the termination of the User’s access to the IT Resources to disciplinary review and further action including discharge or dismissal. In cases involving egregious violations, CAMP may institute legal action or cooperate with an action brought by applicable authorities or third parties.
Sanctions
Users who fail to fulfill their responsibilities and engage in prohibited conduct are subject to sanctions imposed by CAMP or the Colorado Judicial Branch. Sanctions against participants include reprimand or dismissal from the program. Staff are subject to disciplinary action including reprimand, suspension, and dismissal. Depending on the nature and severity of the violation, sanctions can range from various levels of warnings to immediate termination of employment or enrollment.
CAMP will exercise good faith and proper discernment in its enforcement of the IT Policy. It will respect the First Amendment freedom to which Users are entitled insofar as the legal rights and responsibilities of the individual User and CAMP require. Under no circumstance shall CAMP be liable to any User or third party for any violation including illegal or improper acts that any User commits through use of the IT Resources.
5. User Obligation to Review
CAMP will periodically update this policy. By accessing and using the IT Resources, each User represents and acknowledges that he or she has checked and read this policy on a regular basis so as to be informed of any changes hereto. If any User does not agree to check the IT Policy for revisions on a regular basis, said User may not use the IT Resources. Changes to the policy are noted in the Revision History table found later in this document.
Revised as of April 20, 2020.