Guidelines for use of software and web-based services used by faculty and staff
To protect NDSU, yourself, and the data you work with, NDSU policy 712, Contract Review, and North Dakota System policy 840, Contracts, require that you use only software and services whose license agreements have been reviewed and approved by the NDSU General Counsel's office.
Many NDSU faculty and staff enjoy and use no cost or free software and Web-based services available on the Internet for education, research, and business related processes. These products can include, but are not limited to, Dropbox, Evernote, Free Quiz Maker, Splashtop Streamer, RemindMe 101, Facebook, Twitter, and many others. NDSU must be mindful of legal restraints, privacy concerns, and security issues which exist for these products. These include but are not limited to:
- The license and contractual provisions
- The majority of the agreements are not compatible with North Dakota law; most notably, the sections of the agreement that describe and detail indemnification and jurisdiction. Most do not contain any language about what notification, if any, would occur if there would be a breach or compromise to the software, service, and/or account. These software applications and services can potentially be used inadvertently or purposefully to collect, store, and use protected information which can put the University at serious risk.
- Privacy concerns
- Many of the products and services that are designed to share information or to collect information for marketing purposes have few or no basic privacy safeguards built in to protect the user and their information. Therefore, these products may not be compliant with the Family Educational Rights and Privacy Act (FERPA) which includes educational records including course assignments and projects, and grades. Additionally, they may not be compliant with privacy laws that cover personally identifiable information, or data that is classified as confidential such as financial information, health related data, contracts and legal agreements, etc.
- Security issues
- It is important for NDSU faculty and staff to be mindful of basic security concerns associated with out students' information. Because of the open and sharing nature of many of these products and services, security standards are lacking or nonexistent. A breach could cause a compromise of students' information that is stored within that product or service.
- The product's intended use
- The Americans with Disabilities Act (ADA) requires NDSU to provide academic adjustments and auxiliary aids and services to students with disabilities for equality of opportunity. Many of these products, while they may be a great resource and provide an effective pedagogical tool for teaching, are not ADA compliant, which has the potential to cause serious legal issues for NDSU.
- Most of the products are intended only for personal use or for trial use in testing to see if they fit consumer's needs. Using them in a business or educational environment can constitute infringement and misuse which can result in litigation against the University.
It is important to NDSU faculty and staff to provide an innovative, engaging, efficient and productive atmosphere for instructional learning and business related to the University and still is mindful of NDSU policy and procedure and all applicable federal and state regulations when creating that environment. To encourage this, when selecting a product or online service it is important to engage the General Counsel's office to review and approve the license or contract associated with that product.
Please understand that using software or a web-based service whose contractual language contains prohibited provisions, or which could lead to a security breach or data loss, maybe considered a violation of NDSU policy and or federal and state law and could be detrimental to the scope of your NDSU employment. This could result in discipline as well as potential liability. We encourage you to seek guidance from the individuals identified below with regards to your questions.
NOTE: The use of open source software, i.e., Linux operating systems and Apache web software, when used in a production environment and managed by IT professionals is not within the scope of these guidelines.
If you have questions, or would like more information, please contact
Assistant General Counsel
Chief IT Security Officer
Jul 28, 2015
1.4 million cars recalled for vulnerable remote control. Fiat, Chrysler, Jeep, and Dodge vehicles can possibly be controlled remotely over the Sprint network. Researchers have shown that while sitting at their desks they can take over many functions of a vehicle on the road through the onboard Infotainment system tied to the Sprint cellular network.
Feb 17, 2015
Over-sharing on a first date could lead to no second date, but over-sharing on a social media site could lead to data theft, real property theft, or physical danger to yourself or your family. There are lots of automated scripts already running on the Internet looking for keywords that are posted to social media, these scripts do everything from changing the word "meet" to "meat" and posting the results to twitter, to alerting potential thieves that a family is now on vacation and away from their house. Be safe on social media
Feb 6, 2015
New Slim Spray Diet ... Want a Cruise ... Fight Hair Loss Now ... SPAM SPAM SPAM ... It seems to get into every e-mail inbox beofre the account is even setup. But there are some ways to fight this menace.
- Don't reply to it
- Don't tell vendors your e-mail account
- If your service has the option, report it or mark it as spam
There are more ways to fight in the link below.
FEB 4, 2015
Its Tax Refund Season, Time for a new phone or tablet. But what about the old one? Do you have information on that device that could be used against you? How can you make sure that your old phones and devices don't come back to haunt you when you are done with it? Many people buy old equipment off ebay just to see what kind of data is left on those devices. Follow this guide to make sure that your device is wiped clean before you dispose of it.
FEB 3, 2015
When you download an app on social media or your mobile device, you may be allowing it to collect personal information like your contacts list or location. If possible, look at an app’s permissions before downloading and make sure you are comfortable with the information it collects. If the app does not tell you what information it collects, error on the side of caution and assume that it may be collecting information.
FEB 2, 2015
There is a security and privacy threat almost everywhere you go. Most don't even think about it. Free WIFI, if its free how can that be bad? In fact most Free WIFI could be quite safe, but a few access points could have an active sniffer on the line watching every single nibble of data that goes across its interface, looking for passwords, usernames, or e-mail addresses. Click Below for more information on safely using WIFI when traveling.