Security Policies and Procedures
To protect the confidentiality, integrity, and availability of information it is important that all Columbus State employees, student employees, contractors, service providers and vendors understand the institutional policies, procedures and standards to protect institutional and personal resources.
The Family Educational Rights and Privacy Act ("FERPA") is a federal law designed to protect the privacy of education records. It also provides guidelines for appropriately using and releasing student education records. FERPA was passed in 1974 and is also called the Buckley Amendment.
Student rights under FERPA are published in the Columbus State Catalog.
The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” ("PHI") by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals' privacy rights to understand and control how their health information is used.
Individuals who have access to protected health information PHI should take HIPAA training.
Columbus State respects the individual initiative and inventiveness involved in the creation of intellectual property. As part of our mission to maintain the highest standards for ethical conduct, Columbus State expects all students, faculty, and staff members to comply with applicable federal, state, and local laws governing copyrighted material.
Columbus State's Plan to Combat Copyright Infringement
The Higher Education Opportunity Act ("HEOA") was signed into law on August 14, 2008. Proposed regulations for implementing the Act were issued by the Department of Education on August 21, 2009, and final regulations were issued on October 29, 2009.
This legislation requires colleges and universities to implement controls against illegal file sharing or risk losing Federal financial aid funding for students. Enforcement of the HEOA provisions began July 1, 2010, and all colleges and universities are required to make a good-faith effort at compliance.
Several sections of the HEOA deal with unauthorized file sharing on campus networks, imposing requirements on all U.S. colleges and universities. It has requirements designed to reduce the illegal uploading and downloading of copyrighted works through peer-to-peer ("P2P") file sharing.
- An annual disclosure to students describing copyright law and campus policies related to violating copyright law.
- A plan to "effectively combat the unauthorized distribution of copyrighted materials"
of its network, including "the use of one or more technology-based deterrents".
- A plan to offer alternatives to illegal downloading.
Definition of copyright infringement
Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.
Summary of penalties
Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or "statutory" damages affixed at not less than $750 and not more than $30,000 per work infringed. For "willful" infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys' fees. For details, see Title 17, United States Code, Sections 504, 505.
Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.
Source: Educause HEOA resources
Columbus State's policy on copyright infringement
In accordance with approved CSCC policy 15-01, section F(1), all users of college computing resources must:
"Comply with all federal, state, and other applicable laws; all generally applicable college rules and policies; and all applicable contracts and licenses. Examples of such laws, rules, policies, contracts, and licenses include, but are not limited to, the laws of libel, privacy, copyright, trademark, obscenity, and child pornography; the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, which prohibit "hacking", "cracking", and similar activities; the college's code of student conduct; the college's sexual harassment policy; and all applicable software licenses. Users who engage in electronic communications with persons in other states or countries or on other systems or networks should be aware that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses."
Individuals who fail to comply with CSCC policy 15-01 and the HEOA Act are subject to misconduct proceedings as defined in CSCC policy 7-10 "Student Code of Conduct" and CSCC policy 3-32 "Disciplinary Action" (for employees).
If you have any questions regarding copyright infringement, please call 614-287-2460 or visit the CSCC library website.
The college employs various policies and rules that deter peer to peer and related
types of traffic.
The college’s IT department regularly monitors the campus network for unusual traffic
List of Alternatives to illegal downloading (external link)
The Payment Card Instrusty ("PCI") and the Payment Card Industry Data Security Standards ("PCI-DSS") is a set of standards and materials that enhance payment card data security. The PCI-DSS defines a series of best practices for storing, processing or transmitting cardholder data.
Those who handle or process payment card transactions, who have responsibility for managing payment card transactions, or who support the systems that process payment card transactions should take PCI Training.
Columbus State is committed to respecting and protecting the privacy of information that it maintains. The Information Security Program is a set of comprehensive guidelines and rules designed to safeguard information maintained at the College. Faculty, staff and student employees are encouraged to complete Information Security Awareness training on a periodic basis.
If you use any of the college’s electronic resources or access any of the College’s data, you need to understand the requirement of securing that data as outlined in the Information Security Policy 15-02.
The information technology policy along with its supporting rules and procedures is required for all the colleges’ administrative units, including Divisions, departments, and centers. It also applies to all members of the College’s community. Including Students, Staff, faculty, adjuncts, temporary employees, contractors, vendors and other third parties.
If you use any of the college’s electronic resources or access any of the College’s data, you need to understand the requirement of securing that data as outlined in Policy 15-01.
Columbus State Community College Policy 11-04 covers record retention and disposal of all records generated in the course of the college’s operation. This Records Retention and Disposal policy is to ensure that necessary records and documents are adequately protected and maintained in compliance with current local, state, and federal legal requirements.
The Identity Theft Prevention Program pursuant to the Red Flags Rule, issued by the Federal Trade Commission (FTC) under Sections 114 and 315 of the Fair and Accurate Credit Transactions Act is a written identity theft prevention program. Designed to detect the “red flags” of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage. The bottom line is that a program can help spot suspicious patterns and prevent the costly consequences of identity theft.