Acceptable Use of Technology Further Guidance

Home
About MCCC
Policies & Procedures
Acceptable Use of Technology Further Guidance

The purpose of the Montgomery County Community College Acceptable Use of Technology Policy is to preserve the stability and security of the College’s information technology resources, protect the College from inappropriate use, and ensure reasonable accessibility to technology resources for the College community.

These guidelines aim to provide clarity to community members when considering specific situations in the context of the Acceptable Use of Technology Policy. The examples presented in these guidelines are illustrative, not exhaustive. Technology changes so rapidly that the Acceptable Use of Technology policy will continue to evolve. If something is not specified as inappropriate, it still may violate College policy and the law, and be subject to College sanction. It is important to use common sense and critical thinking in evaluating new situations.

Acceptable Use of Technology Expectations
The technological resources provided by Montgomery County Community College are intended to be used for educational purposes and to carry out the legitimate business of the College.

Users are expected to:

  • use only those computing resources that they have been authorized to use, and use them only in the manner and to the extent authorized;
  • protect their user ID, password, and system from unauthorized use;
  • be considerate in the use of shared resources;
  • demonstrate respect for principles of open expression;
  • comply with local, state, and federal law, including copyright law and College policies.

Users should also be aware of UNACCEPTABLE uses of technology resources that include:

  • use of another person’s system access, user ID, password, files, or data, or giving the use of one’s system, user ID, password, files, or data;
  • use of computer programs to decode passwords or access control information;
  • attempt to disguise the identity of the account or computer the user is employing;
  • attempt to gain unauthorized access to resources and data, including others’ passwords;
  • attempt to circumvent, subvert, or disable system or network security measures;
  • engage in any activity that might be purposefully harmful to systems or to any information stored thereon, such as creating or propagating viruses, disrupting services;
  • damage files or make unauthorized modifications to College data;
  • make or use illegal copies of copyrighted materials, software, or music; store such copies on College resources; or transmit them over College networks
  • create or display threatening, obscene, racist, sexist, or harassing material which is in violation of existing law or College policy;
  • engage in any fraudulent activities, including impersonating any person or entity or forging anyone else’s digital or manual signature
  • monopolize systems, overload networks with excessive data, degrade services, or waste computer time, disk space, printer paper, printer toner, manuals, or other resources.
  • use of College’s resources to send or collect responses to unsolicited bulk or commercial messages
  • use of College’s resources or networks for personal profit;
  • install hardware or software onto any College owned computer/network without following IT Security standards for hardware and software installations.

Appropriate Use of Shared Resources
The technological resources provided by Montgomery County Community College are intended to be used for educational purposes and to carry out the legitimate business of the College. Because there are times when some resources are in shorter supply than can easily meet the demand, it is critical to be considerate in the use of shared resources. Consider the following:

  1. Use information technology resources in a manner that respects the integrity of the system or network and in a manner that is consistent with the primary missions of the college.
  2. Refrain from disproportionate uses that have the likelihood of consuming an unreasonable amount of resources, disrupting the intended use of these resources, or impinging on others’ access.

Incidental Personal Use
Incidental personal use is an accepted and appropriate benefit of being associated with the College’s technology environment. This type of personal use must adhere to all College acceptable use policies and procedures. Employees’ supervisors may restrict personal activities of their employees if these personal activities are impacting the employees’ job performances.

Additionally, personal use by students is permitted as long as it adheres to these guidelines and doesn’t interfere with instructional processes. Faculty and staff may restrict personal use by students in these situations.

As above, while incidental personal use is permitted, users are strongly encouraged to carry out internet and email activities not related to the College off-site, using personal computer equipment, an outside service provider, and personal e-mail account.
Moreover, incidental personal use does not include use that interferes with job performance, interferes with the access of others to the technological resources of the College, incurs costs for the College, is done for monetary gain, is otherwise in conflict with the College’s mission, or violates any College policy.


Protecting Accounts
Users are accountable to the College for all actions that are performed by anyone who uses that account. Therefore, you are expected to take reasonable measures to prevent your accounts from being used by others.

Passwords are a significant method of protecting College systems against unauthorized use. Therefore, all College-provided account holders are expected to change any pre-assigned default password at the first possible opportunity, to select strong passwords that are difficult to guess, and to safeguard them from casual observation or capture. Thereafter, any password for a College-provided account that might have been exposed to capture must be changed at once and to something different enough from the original to provide the necessary security.

Intentional sharing of passwords with associates, friends, or family is prohibited.
Additionally, sharing credentials with agentic AI Agents is prohibited unless the AI tools are explicitly approved by the College IT Security team.  Agentic AI systems are capable of autonomous decision making and acting on your behalf.  Such activity has the potential to result in unauthorized access, compliance violations, or loss of data.

The College now also protects certain services and resources via multi-factor authentication. Multi-factor authentication and strong account passwords also protect the account-holder against identity theft and against exploitive use of the account holder’s resources, access, and contact lists.

A password used for access to a Montgomery County Community College account or resource should not be the same as those used to access non-College-affiliated resources. For example, account-holders should not use any of their College passwords as the password for a social media site, a personal banking site, or other outside resources.

Protecting Data
Some kinds of information are considered restricted and/or confidential. Some information is protected by law, for example, by FERPA or HIPAA. Some contractual agreements require protection of related information. Some research data, including data involving human subjects, must be kept confidential. In general, information should be protected consistent with the College’s Information Security Policy (https://www.mc3.edu/about-mccc/policies-and-procedures/it-security).

The IT Department Service Desk (215-641-6495 by telephone, or [email protected] via e-mail, or https://www.mc3.edu/choosing-montco/academic-support/it-support-services via live support) is the best place to start when reporting a potential data breach. If a related device is lost or stolen, a report should be filed as soon as possible with appropriate law enforcement. If the incident occurred off-campus, even outside the U.S., a copy of the relevant police report also should be provided to the Department of Campus Safety.


Storage services in “the cloud” provide a useful alternative for those who use portable network devices or have computers stationary in several locations. The College has arrangements with certain providers for some secure cloud-based services. For example, there are Montgomery County Community College-branded Microsoft OneDrive accounts. Until the College can endorse doing so, storing confidential or private College information in other “cloud” services poses serious risks, and should be avoided.


Email Usage
The College values fostering an environment of open debate, freedom of inquiry, and expression of opinion. The College owned email system is a means by which open debate, freedom of inquiry and expression of opinion can occur. However, to support a truly open and productive work environment, members of the College community are expected to engage in email communication that is respectful, professional and limited to appropriate audiences.

Using College e-mail protects the privacy and security of College data allows for verification of sending and receiving critical correspondence regarding academic and other matters and facilitates responses to subpoenas and other situations that may require the retrieval, inspection, or production of documents including e-mail.

Personal use of College e-mail is permitted. However, users should have no expectation of privacy. In cases of Right-to-Know Act requests, administrative or judicial proceedings, law enforcement investigations, or similar inquiries, information stored electronically may be released to outside parties.

Mass Mailings
At Montgomery County Community College, mass electronic mailings are permitted only as authorized by appropriate College offices. The same authority would govern e-mail to those constituencies, even if the sender does not use the official list, but creates multiple smaller groups to accomplish the same end. In general, the same authority approves the use of large e-mail lists as approves large paper mailings to the same audiences. Users may not send large mass e-mailings or voice mailings without the appropriate College authorization.

Appropriate authorization also must be obtained to conduct Web-based or e-mail surveys, whether among members of the campus community or of people outside the College. Surveys related to research and instruction must obtain approval from the College’s Institutional Review Board for Human Subjects. Special approval is not needed for departments seeking feedback on their courses or services, nor for recognized organizations canvassing their members.

"Spamming" is spreading electronic messages or postings widely and without good purpose. "Bombing," sometimes known as "spamming" as well, is bombarding an individual, group, or system with numerous repeated messages. Both actions interfere with system and network performance and may be harassing to the victims, which in the case of newsgroups can number in the thousands. Both are violations of College regulations. Sometimes, people spam unintentionally. If e-mail is sent to a large list of people with all the addresses visible (rather than blind-copied or via a group list) and someone accidentally replies to "all," rather than just to the sender, the reply is copied to everyone on the list. Deliberate replies of this nature will be considered a violation of College regulations.

Using Copyrighted Materials Appropriately
Montgomery County Community College desires to contribute to the vast body of public knowledge through the research and scholarship of its employees. Everyone associated with the College is encouraged to engage in the free exchange and expression of ideas, to explore new frontiers of scholarship and to expand the boundaries of knowledge. The College's Copyright Ownership Policy can be found at (https://www.mc3.edu/about-mccc/policies-and-procedures/copyright-ownership).

Fair use is a flexible defense that allows socially valuable uses of copyrighted material, including educational copying. The “fair use” defense is intended to protect “transformative” uses of copyrighted works, primarily to create new art, literature, scholarship etc., without permission from the copyright holder. Information about how to apply the four fair use factors can be found at the Library’s Copyright & Fair Use website (https://library.mc3.edu/copyright)

When doing academic work, users are responsible for properly attributing all material--data, images, ideas, sounds, film, and verbatim text found through any sources, including the Internet. At a minimum, users should provide a citation for an electronic source that includes the source's URL, author or site manager's name (if available), and the creation or download date.

Paper and Printing Resources
Unnecessary printing is wasteful in cost and conflicts with the College’s sustainability goals. Members of the College community should practice thrifty and judicious printing. When a work is in progress, editing should take place online whenever possible rather than on a printed draft. Information that can be shared effectively electronically should not be printed at all. When it is necessary to print notes or reference material, consideration should be given to placing multiple pages on each sheet of paper and using two-sided (duplex) printing whenever possible.

If someone without appropriate authorization removes paper or toner cartridges from College printers or, to use for printing or copying elsewhere or for any other purpose, that action will be considered a disciplinary matter.

Policy Violation
Employees found to be in violation of the Acceptable Use of Technology Policy could be subjected to progressive disciplinary action up to and including termination of their employment. Students who violate the Acceptable Use of Technology Policy are governed by the Student Code of Conduct. The College reserves the right to withdraw access to its system to any user. The College also reserves the right to notify appropriate legal authorities in the event that its system is used in a manner that constitutes a violation of any local, state, or federal law.

Discovering Gaps in Security
Users that encounter or observe a gap in system or network security must report the gap to the Information Technology Department Service Desk (215-641-6495 by telephone, [email protected] via e-mail, or https://www.mc3.edu/choosing-montco/academic-support/it-support-services via live support). Users must refrain from exploiting any such gaps in security.

Examples
This section lists examples of acceptable behavior as well as behavior that may constitute a violation of College policy. The list is not all-inclusive; in addition, each situation must be considered in light of the specific facts and circumstances to determine if a violation has occurred.

  • Access

    Acceptable behavior: You are collaborating with another member of the college community. You each need to interact with the same spreadsheet. You create a file and use OneDrive to share the file specifically with that individual.
    Violation: You are collaborating with another member of the college community. You each need to interact with the same spreadsheet. You share your username and password to enable the individual to update the file.
    Acceptable behavior: You bring a personal device to campus and connect the device to the campus WiFi network. You register the device and verify that the device meets basic security standards (patched, antivirus installed, password, etc.). You use the college WiFi network to connect to academic and personal online services.
    Violation: You bring a personal device to campus and connect the device to the campus WiFi network. The device lacks basic security safeguards and is infected with malware. The device attempts to spread malware on the campus network and consume network resources.
  • Copyright, IP

Acceptable behavior: While browsing the World Wide Web, you find a table of information and are impressed by the presentation. You view the source data, and make a note of some of the commands the author used to create that display. You use some of the same commands to create a similar table, containing information you want to present via World Wide Web.
Acceptable behavior: You create a Web page and include a link to someone else's Web page with identification of that page.
Acceptable behavior: You use a network sharing tool to download audio format music files or film or television files for which you have obtained permission, and you password-protect those files so no one without authorization can get them from your device.
Violation: You have legally obtained an online copy of a film or television show file. You have a network sharing tool empowered, which permits others around the world to upload copies of that file from your storage space, and you have put no protections in place to prevent uploading.
Violation: Episodes of a favorite TV show are made Web-available for viewing only via a network streaming site that is authorized by the copyright holder. Since the rights-holder is allowing anyone to view the episodes, you make a copy of your favorite and allow others on the Internet to share your copy.
Violation: You own a copy of a recent film on disk, but the disk is at home and you are on campus, and you download another copy of the film to view on campus.

  • Mass Mailings

    Acceptable behavior: You have received approval from the appropriate College authority and send e-mail to all the members of the organization regarding a coming event.
    Acceptable behavior: Someone "spams" you; you refrain from reply, but report the matter to the appropriate authority.
    Acceptable behavior: You want to post a follow-up to a social network item, but you notice the previous poster has posted that item to several dozen other locations as well. You send your posting only to the one intended location.
    Violation: Someone “spams” you; you notice that they copied a large group on the message, you reply and intentionally copy the same large group.