2.09 Acceptable Use Policy

Index

1. Purpose

2. Scope

3. Policy Statement

4. Definitions

5. User Responsibilities

6. Approved Use

7. Prohibited Use

8. Data Protection and Privacy

9. Accessibility

10. Email, Messaging, and Collaboration

11. Artificial Intelligence and Generative AI

12. Monitoring, Logging, and Privacy Notice

13. Reporting and Incident Management

14. Enforcement

15. Policy Review and Maintenance 

16. Changes 


1. Purpose

The purpose of this Acceptable Use Policy (AUP) is to establish guidelines governing the appropriate use of information technology resources, including artificial intelligence and generative artificial intelligence (AI/GenAI) tools, at Central Piedmont Community College (the “College”).

College Technology Resources, as defined in Section 4 of this Policy, are critical assets that support the College’s core mission of teaching, learning, administration, and community engagement. Proper stewardship of these resources ensures the confidentiality, integrity, and availability of College information and systems. 

Return to index

2. Scope

This Policy applies to all individuals and entities who access, use, manage, or support College Technology Resources, whether on campus or remotely. Covered users include students, faculty, staff, contractors, consultants, temporary workers, volunteers, affiliates, vendors, and guests who are granted access to College Technology Resources or institutional data.

This Policy applies to, but is not limited to, the following:

  • College-owned and leased devices, including, but not limited to, desktops, laptops, tablets, mobile devices, cellular phones, classroom technologies, and shared lab systems.
  • Personally owned devices that connect to College networks, applications, or data repositories.
  • On-premises and cloud-based applications, data platforms, collaboration services, and infrastructure.
  • All forms of institutional data, whether stored, transmitted, processed, or displayed.
  • All GenAI tools and services (e.g., ChatGPT, Claude, Copilot). 

Return to index

3. Policy Statement

Use of College Technology Resources is a privilege granted to support legitimate academic, instructional, research, administrative, operational, and approved community engagement activities.

Users must act responsibly, protect institutional information, comply with applicable law and College policy, and avoid conduct that could expose the institution to security, legal, operational, or reputational harm.

Users are individually accountable for actions performed using their credentials and for ensuring compliance with this Policy.

In addition to this Policy, users must comply with all other College policies when using College Technology Resources, including AI tools. Applicable policies include, but are not limited to, the Intellectual Property Policy (Policy 2.04), Reproduction of Copyrighted Materials Policy (Policy 2.05), Student Academic Integrity Policy (Policy 4.08), Privacy Policy, Data Governance Charter, Standards for Data Classification, Employee Code of Conduct Policy (Policy 1.44), and the Student Code of Conduct (Policy 4.00). 

Return to index

4. Definitions

College-Approved Systems: Any technology platform, software application, cloud service, device, or infrastructure component that has undergone formal review and authorization by Information Technology Services (ITS) or the College. This review ensures alignment with institutional requirements for cybersecurity, data protection, regulatory compliance, architecture standards, and operational support.

College-Approved AI Platforms: AI tools and services that have been reviewed and authorized by the College for use in conducting College business, in accordance with cybersecurity, privacy, and compliance requirements. A list of College-Approved AI Platforms is maintained by Information Technology Services.

College Technology Resources: Any equipment, system, software, service, network, data repository, or interconnected component, whether owned, leased, licensed, managed, or otherwise controlled by the College, that is used to access, create, store, process, transmit, manage, or support institutional information or College business functions. This includes, but is not limited to, desktops, laptops, tablets, mobile devices, cellular phones, classroom technologies, shared lab systems, servers, and other hardware; on-premises and cloud based applications, data platforms, collaboration services, and infrastructure; College-owned or College-licensed software and software services, including AI and Generative AI tools and services (e.g., ChatGPT, Claude, Copilot) whether standalone or embedded within enterprise systems; College networks, internet connections, wireless access points, and related networking infrastructure; and all forms of institutional data, whether stored, transmitted, processed, or displayed. College Technology Resources also includes personally owned devices and third-party platforms or services (including Publicly Available GenAI tools) to the extent they are used to connect to College networks, access College applications or data repositories, or conduct College business. A personally owned device or third-party service becomes subject to this Policy when it is used to access, process, store, or transmit College data or to connect to College systems, regardless of the user’s physical location.

Data Owner: The person or group accountable for data quality, access, classification, and protection. They set governance policies, define standards, and make final decisions regarding data use and compliance.

Data Steward: The subject-matter expert who interprets, executes, and monitors governance policies, bridging the strategic role of the Data Owner and the technical role of the Data Custodian.

Public Classification Level: Data that is open to public inspection according to state and federal law, or readily available through public sources. Although this data is publicly accessible, Public data must still be protected from unauthorized alteration or deletion. By default, Public data is Low Risk unless it meets the requirements for a higher classification.

Publicly Available GenAI: Consumer-facing AI tools offered by third parties that operate outside the College's control and that are not procured, licensed, or managed by the College (e.g., the free tiers of ChatGPT, Claude, or Gemini).

Restricted Use Data: Includes data that, if breached or disclosed to an unauthorized person, is a violation of state or federal law and poses medium risk to College employees, staff, and students. Restricted Use data is also subject to additional legal oversight, not just technical controls. Restricted Use data requires additional legal and compliance considerations beyond those applied to Internal data. Restricted Data includes data protected under the Family Educational Rights and Privacy Act (FERPA), State Employee Personnel Records (NC G.S. § 126-22), and the North Carolina Identity Theft Protection Act (N.C. Gen. Stat. Ch. 75, Article 2A).

Sensitive Information: Information that is classified as confidential, internal, or otherwise protected by law, regulation, contract, or College policy, and that requires safeguarding against unauthorized access, disclosure, alteration, or destruction. This includes, but is not limited to, personally identifiable information (PII) not covered by law, contact lists that contain information that is not publicly available, and institutional business or operational data not intended for public disclosure. 

Return to index

5. User Responsibilities

All users of College Technology Resources are required to:

  • Protect usernames, passwords, tokens, badges, and other authentication methods from loss, theft, misuse, disclosure, compromise, or unauthorized use.
  • Use multi-factor authentication where required and enroll newly assigned devices or accounts.
  • Access only those systems and data for which authorization has been granted.
  • Report suspected cybersecurity events, phishing attempts, malware, data exposure, breaches of data privacy or security, or other security concerns immediately to the Chief Information Security Officer at abuse@cpcc.edu, and to a supervisor pursuant to Section 13 of this Policy.
  • Comply with software licensing, copyright requirements, data retention obligations, records requirements, and terms of use for institutional platforms.
  • Use College Technology Resources in a manner consistent with institutional policies, legal requirements, and College standards for professional and academic conduct.
  • Operate under the principle of least privilege and not seek or retain access beyond what is required for their role.
  • Maintain responsibility for the security posture of any device used to access College Technology Resources.
  • Accurately identify themselves in all electronic communications distributed through College Technology Resources using the college’s approved signature template when communicating in an official capacity as a faculty or staff member.
  • Each employee’s access to College Technology Resources shall be reviewed periodically to ensure that all access remains aligned with the employee’s current responsibilities. Student workers shall not have access to the personal or confidential information of any other employee or student without explicit written approval by their supervisor. 

Return to index

6. Approved Use

Access to College Technology Resources from any device, whether College-owned or personally owned, is supported, provided the device meets institutional security requirements. Users are encouraged to ensure their devices remain up to date with required configurations, updates, and security protections to maintain uninterrupted connectivity and access to College Technology Resources.

Appropriate use of College Technology Resources includes, but is not limited to, the following activities:

  • Instruction, teaching support, coursework, student engagement, and academic collaboration. 
  • Institutional research and scholarly activity consistent with College policy and legal obligations. 
  • Administrative, operational, and business functions that support students, employees, and institutional effectiveness. 
  • Communication and collaboration using approved College platforms. 
  • Professional development activities directly related to institutional roles or academic advancement. 
  • Incidental personal use that is lawful and does not interfere with work or instruction, consume excessive resources, result in additional cost to the College, or conflict with institutional policy.  

Return to index

7. Prohibited Use

Prohibited uses of College Technology Resources include (but are not limited to):

  • Unauthorized access to accounts, systems, applications, facilities, network devices, or institutional data.
  • Attempting to disable, bypass, or interfere with security controls. 
  • Introducing, creating, transmitting, or facilitating malware, ransomware, phishing, credential theft, or any malicious code. 
  • Harassment, intimidation, defamation, discrimination, threats, use of obscene or sexually explicit language, or any use of technology that violates College conduct standards. 
  • Use of College Technology Resources for unlawful activity, private commercial activity or unauthorized political campaign activity. 
  • Accessing or viewing pornography on or by use of any College Technology Resources, including as prohibited by Session Law 2024-26, House Bill 971, Section 7.(a). 
  • Use of unauthorized peer-to-peer file-sharing software (e.g., BitTorrent and similar technologies), rogue wireless access points, unapproved infrastructure, unauthorized scanning, bulk scraping, or any activity that disrupts College networks or services. 
  • Copying, exfiltrating, or sharing Restricted Data, Sensitive Information, or confidential or otherwise restricted information without a legitimate academic, business, or legal need and appropriate authorization.
  • Impersonating another user or misrepresenting identity, authority, authorship, or institutional endorsement.
  • Unauthorized use of the College’s name, logo, branding, or the representation that an individual is speaking or acting on behalf of the College without appropriate authorization or prior approval of the Vice President for Communications, Advancement & External Engagement, or designee. Employees are still encouraged to remain brand ambassadors but are mindful of adhering to college messaging.  
  • Circumventing system, licensing, or administrative controls established by the College or its authorized partners. 
  • Sharing authentication credentials or allowing others to use assigned accounts. 
  • Using unapproved cloud services, SaaS platforms, or external systems to store or process College data.
  • Unauthorized data scraping, extraction, harvesting, or automated collection of data from College Technology Resources. 
  • Excessive or inappropriate use of computing resources that degrades system performance or interferes with others’ use of College Technology Resources. 

Return to index

8. Data Protection and Privacy

Users must protect College information in accordance with applicable legal requirements and institutional standards. Data may only be accessed, used, stored, transmitted, or shared in a manner consistent with role-based authorization and legitimate institutional purposes. Users have no expectation of privacy when using College Technology Resources, and the College reserves the right to access, monitor, log, and disclose communications, files, and records as permitted by applicable law and valid legal process. The College expects users to be aware of the public nature of content posted on the Internet, including the potential for questionable accuracy and validity of Internet-based content and the lack of privacy regarding personal data and commentary.

  • Users must comply with the Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), the North Carolina Identity Theft Protection Act (N.C. Gen. Stat. Ch. 75, Article 2A), the North Carolina Public Records Act (N.C. Gen. Stat. Ch. 132), the North Carolina statutes governing confidentiality of personnel records (N.C. Gen. Stat. Ch. 126, Article 7), applicable NCDIT guidance and Fair Information Practice Principles (FIPPs), and other applicable federal, state, and College requirements related to privacy, records, and information security.

Restricted Data and Sensitive Information shall only be stored, transmitted, or processed in College-approved systems and must not be entered into, copied to, or stored in unapproved consumer tools, personal accounts, or non-College-owned devices (including USB drives, portable hard drives, personal laptops, and personal cloud storage), in accordance with the College’s Standards for Data Classification.

  • Restricted Data and Sensitive Information must not be processed on non-College owned copiers, fax machines, multi-function printers, or scanners, as these devices may store copies locally, including when conducting College business from a remote location.
  • Email communications containing Restricted Data or Sensitive Information, including information protected under FERPA, GLBA, or other compliance mandates, must not be transmitted over insecure channels and must be sent only through College-approved secure or encrypted email. Email is considered an insecure channel and shall not be used to transmit Restricted Data or Sensitive Information unless encrypted by an encryption technology approved by Information Technology Services.
  • All data handling must be aligned with the College’s applicable internal data handling policies, including, but not limited to, the College’s Data Governance Charter, Data Classification Policy, and Standards for Data Classification, and records that constitute public records must be retained and disposed of in accordance with the North Carolina Public Records Act (N.C. Gen. Stat. Ch. 132) and applicable state retention schedules.
  • Data must be handled in accordance with direction from designated Data Owners and Data Stewards where applicable. Users must promptly report suspected privacy incidents, unauthorized access or disclosure, loss of protected data, or security breaches to the Chief Information Security Officer at abuse@cpcc.edu, pursuant to Section 13 of this Policy, the College’s Privacy Policy, and applicable breachnotification requirements under the North Carolina Identity Theft Protection Act (N.C. Gen. Stat. § 75-65). Users should also consult applicable external-facing privacy policies, including, but not limited to, the College’s Privacy Notice and FERPA Notice regarding the College’s collection, use, and safeguarding of personal information. 

Return to index

9. Accessibility

The College is committed to ensuring that technology resources, digital tools, and AI assisted content are accessible to all users, including individuals with disabilities, in accordance with the Americans with Disabilities Act (ADA) Policy (1.26), the Accommodation Requests for Persons with Disabilities Policy (4.12), and Section 508 of the Rehabilitation Act, and applicable federal and state requirements. Users who procure, deploy, or recommend technology solutions, including AI tools, are expected to consider accessibility as a standard requirement, not an afterthought. Students who require accommodation to access College Technology Resources should contact the Office of Disability and Access Services for support, and employees should work with the Human Resources Department. 

Return to index

10. Email, Messaging, and Collaboration

When accessing College Technology Resources, users must:

  • Ensure College communications tools are used in a professional and responsible manner.
  • Remain alert to phishing, social engineering, and suspicious attachments or links, and report them to the Chief Information Security Officer at abuse@cpcc.edu pursuant to Section 13 of this Policy.
  • Follow approved communication processes for mass communications, shared mailboxes, mailing lists, and College-wide notices. Requests for distribution of messages to the entire College community shall be managed by the office of the Vice President, Communications, Advancement & External Engagement, and the College shall approve or disapprove such distribution in its sole discretion.
  • Not share Restricted Data or Sensitive Information through unapproved messaging or file-sharing platforms.
  • Manage email communications in accordance with state records retention requirements, as they may constitute official records pursuant to the N.C. Public Records Act (N.C. Gen. Stat. Ch. 132).  
  • Accurately identify themselves in electronic correspondence and use the College’s predefined template for a professional signature block when sending official communications.
  • Adhere to the College’s Employee Code of Conduct Policy (1.44) when engaging in social media or other Internet communications using College Technology Resources.
  • Maintain a professional voicemail greeting that represents the College appropriately, update it to reflect schedule changes, and return messages promptly.
  • Manage electronic communication and voicemail storage in accordance with best practices and applicable state data retention policies and guidelines, including deleting unneeded messages to ensure systems operate efficiently.
  • Arrange to manage their electronic communication accounts, including voicemail, during periods of extended leave from the College.

Electronic communications and records generated through College-approved collaboration platforms, messaging services, and AI-assisted tools, including but not limited to chat logs, shared documents, and AI-generated outputs, may constitute official College records and must be retained, managed, and disposed of in accordance with applicable state records retention requirements and the College's Data Classification Policy. All electronic communications and voicemail messages sent, received, or stored using the College's electronic communications services are the property of the College. 

Return to index

11. Artificial Intelligence and Generative AI

The College recognizes that artificial intelligence (AI) and Generative AI (GenAI) technologies can improve productivity, support teaching and learning, enhance service delivery, and accelerate analysis. At the same time, these technologies may introduce risks related to privacy, cybersecurity, bias, intellectual property, accessibility, academic integrity, and reputation. The College, therefore, requires AI to be governed by clear standards, human accountability, and appropriate risk controls.

11.1 Permitted AI and GenAI Uses

Permitted uses of AI and GenAI include:

  • Drafting, summarization, translation, formatting assistance, brainstorming, and similar productivity support when no Restricted Data or Sensitive Information is exposed to an unapproved system.
  • Instructional and academic support uses that are allowed by course, program, and College guidance.
  • Software development, scripting, analysis, and process improvement activities performed in approved environments with appropriate review by Information Technology Services.
  • Student support, administrative automation, and knowledge assistance uses that have undergone required governance, security, and data reviews.

Users must consider potential bias, fairness, and unintended impacts when using AI outputs in decision-making processes.

Users who create potentially patentable or copyrightable works using AI tools in conjunction with College Technology Resources must comply with disclosure requirements under the Intellectual Property Policy (2.04).

11.2 Restricted and Prohibited AI Uses

Restricted and prohibited AI uses include:

  • Entering Restricted Data or Sensitive Information, including, but not limited to, any personal information as defined in the North Carolina Identity Theft Protection Act (N.C. Gen. Stat. § 75-61(10)), protected records, employee records, financial data, credentials, security configurations, or other sensitive institutional information into Publicly Available GenAI or other unapproved AI tools.
  • Entering Restricted Data or Sensitive Information protected under the Gramm-Leach Bliley Act or FERPA into any GenAI tool, including College-Approved AI Platforms, without required approval by Information Technology Services. 
  • Entering Restricted Data or Sensitive Information into any GenAI tool, including College-Approved AI Platforms, without specific use-case approval by Information Technology Services.
  • Recording others or entering transcripts of recordings into GenAI tools without obtaining the informed consent of all recorded individuals.
  • Using AI outputs as the sole basis for decisions affecting students, employees, or institutional compliance without qualified human review pursuant to Section 11.3 of this policy.
  • Deploying chatbots, agents, automated decision tools, or AI-powered integrations without required approval by Information Technology Services.
  • Using AI to disclose trade secrets, confidential or proprietary information, or to infringe upon the intellectual property rights of the College or others.
  • Using AI to generate deceptive, harassing, discriminatory, fraudulent, or misleading content, including impersonation or falsified records.
  • Using personal or unapproved GenAI accounts (e.g., personal ChatGPT, Claude, or Gemini accounts) for official College business. All GenAI use for College business must occur through College-Approved AI Platforms to ensure compliance with public records retention obligations under the N.C. Public Records Act (N.C. Gen. Stat. Ch. 132).
  • Entering information that is subject to attorney-client privilege, work-product protection, or that is otherwise privileged or confidential into any Publicly Available GenAI tool. Entering privileged or confidential information into consumer AI tools may constitute a waiver of privilege and may create discoverable records. Any AI-assisted analysis of legal matters should be conducted only through College-Approved AI Platforms and only at the direction of College legal counsel.

11.3 Human Review and Accountability

Users remain accountable for all content (includes visuals), decisions, communications, code, analytics, assessments, and recommendations produced with AI assistance. AI-generated content must be reviewed for accuracy, completeness, appropriateness, bias, confidentiality, accessibility, and legal compliance before it is relied upon or distributed. Users must not rely on AI outputs without validation appropriate to the context and risk level.

11.4 Academic Integrity and Instruction

Faculty should communicate course-specific expectations for AI use in syllabi, assignments, and classroom guidance. Works created with the assistance of AI tools on College Technology Resources remain subject to Intellectual Property Policy (2.04), including applicable ownership, disclosure, and rights-agreement provisions. Students must comply with those expectations and disclose AI assistance when required. Use of AI in a manner that misrepresents authorship, undermines learning objectives, or violates instructional requirements may constitute academic misconduct. NOTE: This Policy does not attempt to define academic misconduct in full. That responsibility rests with Academic Affairs and the Student Code of Conduct Policy (4.00) to avoid jurisdictional overlap or conflicting standards. 

11.5 Data Handling Requirements for AI

  • Only College-Approved AI Platforms may be used to process institutional data above the Public Classification Level unless an explicit exception has been granted.
  • Prompts, uploads, retrieved documents, model outputs, and logs must be treated according to the data classification of the information involved.
  • Contracts, vendor terms, retention practices, model training practices, and integration methods must be reviewed and approved by Information Technology Services and Procurement Services before institutional AI tools are approved.
  • Users must not assume that an AI tool preserves confidentiality simply because access requires a login.
  • Users must opt out of providing conversation history, prompts, and outputs as training data for Publicly Available GenAI models prior to use, whenever such an option is available.  
  • AI-generated outputs must be treated according to the highest classification level of the data used to generate them.
  • AI-generated content intended for distribution or instructional use must meet applicable College accessibility standards and compliance requirements prior to publication, distribution, or delivery.
  • Users must understand that sharing information with a Publicly Available GenAI tool constitutes a public release of that information. Sharing non-public College information with such tools may violate applicable privacy, data breach, and public records laws, including the North Carolina Identity Theft Protection Act (N.C. Gen. Stat. § 75-65) and the North Carolina Public Records Act (N.C. Gen. Stat. Ch. 132).

11.6 AI Training Requirements

All employees, contractors, and other authorized users who use AI or GenAI tools for College business must complete College-mandated AI and data privacy training before using such tools and must participate in any subsequent refresher or updated training as required by the College. Training must cover, at a minimum, the responsible use of AI, data classification and handling, privacy and security risks, bias awareness, public records obligations, and compliance with this Policy. The College shall maintain records of training completion.

11.7 AI Inventory and Risk Assessment

Information Technology Services shall maintain an inventory of all AI tools and applications in use at the College, including the type of AI, purpose of use, users or user groups, data sensitivity levels involved, and frequency of monitoring. The inventory shall be reviewed and updated at least annually. Before any new AI tool or use case is approved for deployment, Information Technology Services shall conduct a documented risk assessment. Risk assessments shall address, at a minimum, data privacy, security, bias, accessibility, legal compliance, and third-party vendor risks. The Data Governance Committee shall review and approve risk assessments for AI tools that process Restricted Data or Sensitive Information. 

Return to index

12. Monitoring, Logging, and Privacy Notice

The College reserves the right, consistent with applicable law and policy, to monitor, log, inspect, filter, or review activity involving College Technology Resources.

  • While the College does not routinely review the content of user files, email, or voicemail, the College reserves the right to access such content for any reason, including when: (a) the user gives prior consent; (b) the College needs to ensure the security or operating performance of its systems or networks; (c) the College has a reasonable concern that a violation of College policy or applicable law has occurred and is investigating the possible violation; (d) the College is complying with a valid subpoena or search warrant issued by a court of competent jurisdiction; or (e) for routine management or maintenance purposes.
  • Monitoring is conducted to protect College Technology Resources, ensure compliance with legal and regulatory requirements, safeguard data, and maintain operational integrity and security.
  • Users should not expect personal privacy when using College Technology Resources, except where explicitly required by law.
  • Information obtained through monitoring may be used for purposes including, but not limited to, security investigations, incident response, compliance reviews, audits, operational management, and enforcement of College policies.
  • While general content review will not typically be undertaken, all network, computing, and communication activities may be logged for e-discovery and forensic purposes. Users acknowledge that third-party platforms and services used by the College may also log and process activity in accordance with their terms and applicable agreements.  

Return to index

13. Reporting and Incident Management

When using College Technology Resources, users must:

  • Report suspected cybersecurity incidents, phishing attempts, data exposure, privacy or security breaches, and actual or suspected violations of this Policy as soon as possible to the College's designated information security reporting channel (abuse@cpcc.edu) and to a supervisor. Employees must also promptly report concerns regarding the unauthorized, inappropriate, or potentially harmful use of Artificial Intelligence (AI) tools in connection with College business.
  • Cooperate with institutional investigations, containment measures, forensic reviews, and remediation activities related to suspected violations or incidents.
  • Understand that the College may suspend access, isolate systems, reset credentials, or take other protective action when reasonably necessary to reduce risk.

Failure to report known or suspected violations may constitute a violation of this Policy.

Employees, students, and other users who report suspected misuse, policy violations, or data privacy or security concerns in good faith will not face retaliation. The College prohibits any adverse action against an individual for making a good-faith report under the Employee Discrimination and Harassment Policy (1.37), the Student Discrimination and Harassment Policy (4.10), and this Section. Reports may be made to the Chief Information Security Officer at abuse@cpcc.edu and to a supervisor, or through any other reporting channel designated by the College. 

Return to index

14. Enforcement

Violations of this Policy may result in suspension or revocation of access, student disciplinary action, employee corrective action, contract remedies, individual financial liability where appropriate, and referral to law enforcement when warranted. Enforcement actions will be taken in accordance with applicable College procedures, employee handbooks, student codes of conduct, and contractual agreements.

Enforcement actions under this Policy will be applied proportionally and consistently, in accordance with the severity and circumstances of the violation. The College is committed to ensuring that all users are treated equitably in the enforcement process, and that corrective measures reflect due consideration of context, intent, and impact. Users subject to enforcement action retain the right to respond through applicable College procedures, including those outlined in employee handbooks, student codes of conduct, and contractual agreements.

Upon dismissal, resignation, or other separation from the College, faculty and staff must make all email files and electronic records related to College business available to the appropriate College administrator, who will authorize termination of the account. Dismissal for cause or student expulsion will result in immediate termination of the user’s access to College Technology Resources, including electronic communication and voicemail accounts. 

Return to index

15. Policy Review and Maintenance

Given the rapid pace of technological change, particularly in artificial intelligence, generative AI, cybersecurity, digital accessibility, and data privacy, this Policy shall be reviewed at least annually by Information Technology Services, in coordination with the Data Governance Committee and other appropriate institutional stakeholders responsible for technology, data, privacy, accessibility, and security governance. 

Return to index

Changes

Background: This Acceptable Use Policy modernizes the College's technology governance framework by consolidating five existing information technology policies (2.09, 2.10, 2.11, 2.12, and 2.13) into a single, comprehensive policy. The revised policy strengthens cybersecurity, privacy, accessibility, and data governance requirements while establishing clear expectations for the responsible use of Artificial Intelligence and Generative AI technologies. This results in a more streamlined, current, and sustainable policy framework that supports the College's educational, operational, and compliance responsibilities.

Resolved: The Board of Trustees approve the Acceptable Use Policy.

Date: July 8, 2026

Return to index