Security and Privacy

Goodwin College computer and telephone systems are vital to the academic mission of the College. To protect the safety and security of these systems, you must only use your account. You are responsible for all use of your account and may not authorize anyone else to use your account. You must take all reasonable precautions, including password maintenance and file protection measures to prevent its unauthorized use.

You must log in only to your own account, except for extraordinary situations where faculty or staff receive permission to access another person's account from Human Resources or the network administrator. In all other circumstances, you may not use another person's password or otherwise seek to gain access to another user's account.

Within means available, every member of the faculty, staff and student-body must take personal responsibility for maintaining the security of institutional records. Institutional records include all matters pertaining to personnel, payroll, registrar, admissions, financial aid, development, medical records, security reports, financial data and other information of a privileged and private nature.

No one has the right or authority to extend his/her own established range of access to computer records. You must not attempt to modify the system facilities or attempt to crash the system. You must not attempt to subvert the restrictions associated with your computer accounts. You must not tamper with any software protection placed on any computer applications. You must not modify or delete data in a College data base without authority.

Privacy: The College acknowledges its obligation – within the limitations of this policy and its ability – to respect the privacy of users' electronic files and communications on the College's information systems and resources. All system administrators shall respect the privacy of users and shall comply with the terms of this policy.

Nevertheless, individual users of information systems and resources should be sensitive to the inherent limitations of shared network resources. No computer security system can absolutely prevent unauthorized persons from accessing stored information and the College cannot and does not guarantee the privacy or confidentiality of stored information or electronic communications.

The College has the right to monitor and access a user's communications, files, stored information and use of the system only under the following limited circumstances:

  • When the user has consented, or has voluntarily made information or communications accessible to the public, as by posting them to a web page or listserv;
  • When necessary to maintain College business functions and the employee is no longer with the College, is suspended, or is otherwise unavailable;
  • When required by law or by College policies or regulations, as reflected in the Information for Faculty, the Employee Handbook, or the Student Handbook;
  • When necessary to protect the integrity, security and proper functioning of the College's computers and networks or to protect the College from liability;
  • When necessary to enforce this policy or other College policies and regulations, as reflected in the Information for Faculty, the Employee Handbook, or the Student Handbook, including the College's sexual harassment policy and anti-discrimination policies, and to investigate when there is reasonable cause to believe that any of those policies or any state or federal laws has been or is being violated. A user's communications or files will be accessed for this purpose only with the prior approval of the Vice President, Facilities and Information Technology or their designee, and Human Resources, in consultation with the appropriate Senior Administrators.
  • If the College monitors or accesses a user's files or communications, it will respect information and communications that are privileged or otherwise protected from disclosure by law. Any monitoring or access to a user's files or communications will be no more extensive than necessary to accomplish the business-related purpose for which it is authorized under this policy.