Hawaii State Department of Education Acceptable Use Guidelines for the Hawaii State Department of Education Technology Networks, Systems, Applications, and Services

1. Purpose

The Hawaii State Department of Education (Department) is committed to protecting employees, partners, staff, students, from illegal or damaging actions by individuals, either knowingly or unknowingly. These guidelines are intended to protect the Department's information, assets, users, and information technology resources in compliance with federal regulations, state laws, and Board of Education policies. Employees who are found to be in violation of the Department's Acceptable Use Guidelines (Guidelines) may be subject to disciplinary action, up to and including termination of employment. Students who are found to be in violation of these guidelines shall be addressed through Title 8, Chapter 19. Severe violations may also result in legal action and/or criminal prosecution under applicable state and federal laws.

2. Scope
These Guidelines apply to all Department employees, students, contractors, consultants, volunteers, partners, authorized guests, and temporary employees, including all personnel affiliated with third parties that use the Department's information systems.  These Guidelines apply to all technology and assets that are owned or leased by the Department and other equipment that may be used to access the Department's systems within the entire organizational network.

3. Definitions

Information Systems:  These are Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, browsing, and file transfer protocol.

Information:  Anything stored, copied, transmitted, or held electronically concerning the Department's general business, information systems, employees, business partners, or students, including data and entity types.

Employees:  Employees include full-time Department employees, part-time employees, temporary/casual employees, and any authorized personnel having access to the Department's information systems.

Users:  Employees, contractors, volunteers, partners, students, authorized guests, and others authorized to have access to and/or manage the Department's information technology resources as mentioned below.

Data:  Data referred to in these Guidelines is characterized by one or more of the following:

• All data created by or maintained by the Department's employees related to the Department's general business, information systems, infrastructure, students, employees, communication, etc.
• All data protected by privacy regulations, laws, policies including, but not limited to the Family Educational Rights and Privacy Act, Hawaii Revised Statutes §487J, Board of Education Policy 500-21.
• All data on any Department owned or managed computers, technology equipment, and networks.

Information Technology Resource:  Any network connectivity, software/applications, and electronic devices provided by the Department, including, but not limited to:

• Desktop computers
•  Laptop computers
• Chromebooks
• Tablets (including e-readers)
• Desk phones
• Cellular phones
• Wireless network access
• Printers and copiers
• Fax machines
• Televisions
• Video cameras and recorders
•  Communication via technology resources (e.g., email, text, messaging, etc.)
• Licensed software

4. Roles and Responsibilities

4.1. Users are required to adhere to this acceptable use guidelines while using any of the Department's information technology systems or resources.  Users are responsible for conducting themselves in a professional, responsible, and courteous manner at all times.

4.2. Users who serve as system administrators, server administrators, and technical owners/managers of information technology resources are required to use their administrator access for the intended use and purpose only.  Access shall not be used for personal use or gain, to bypass security/access roles and approval processes, to obtain and/or provide information for others that do not have administrator level access, to circumvent regulations, laws, policies, and processes, or to cause any disruption or discontinuation of services.

5. Ownership of the Department's Information Technology Resources

5.1. The Department's Information Technology Resources (IT Resources) are the property of the Department.

5.2. Data transmitted or created using the Department's IT Resources is the property of the Department and is subject to monitoring. The Department's proprietary information stored on electronic and computing devices, whether owned or leased by the Department, the user, or a third party, remains the sole property of the Department.

5.3. Users shall have no expectation of privacy while using the Department's IT Resources.  IT Resources, activity, and content may be monitored, accessed, reviewed, and preserved.  Inappropriate and illegal use of IT Resources will be reported to the appropriate authorities.  Information in electronic messages is not anonymous and may be subject to disclosure.

5.4. The Department reserves the right to investigate, monitor, or disable any account(s), servers, or machines suspected of violations of regulations, laws, and policies.  The Department also reserves the right to disconnect any device or freeze any account during the pendency of any investigation.

5.5. The Department has the capability and retains the right to access data, electronic and voice mail messages, internet and network usage, etc. at any time in order to comply with security and privacy regulations, laws, and policies.

5.6. Users connecting to the Department's network are subject to monitoring of network usage, connected equipment, systems, and network traffic.

5.7. The Department reserves the right to disconnect any device that is the source of malicious or suspicious activities without notice until the device in violation is cleaned or remediated.

6. Acceptable Use of the Department's IT Resources 

6.1. Users shall use only the resources and information systems for which they have authorization and are appropriate for their user level.

6.2. Users shall protect their passwords and secure resources against unauthorized use or access.

6.3. Users shall not share or reveal their passwords or user IDs for any system or accounts.

6.4. The Department-issued accounts that are inactive for three or more months may be disabled or deleted as they pose a security risk.

6.5. Users shall not alter any configuration settings implemented by the Department.

6.6. Users shall ensure technology devices and its content are secure from unintended use by enabling the password/personal identification number (PIN)/biometric feature on the device and ensuring devices lock after 30 minutes of inactivity or lock their device when left unattended.

6.7. Users shall have Department-provided antivirus/anti-malware installed and ensure that all software and device updates are current on all Department IT Resources.

6.8. Users shall not engage in unauthorized or unlawful activities, including, but not limited to:

• Hacking
• Torrenting or pirating files
• Distribution of illegal or illicit files
• Crypto mining
• Gambling
• Harassment
• Bullying
• Use of resources for commercial purposes
• Use of resources for personal profit
• Use of resources for political campaign purposes
• Use of resources for personal entertainment or amusement purposes
• Use of resources to gain or attempt to gain unauthorized or unlawful access to other computers, computer systems, networks, or accounts (e.g. rootkits, password cracking programs, network scanners).

6.9. Users shall not use Department-purchased software for personal use.

6.10. Users shall comply with all federal regulations, state laws, board of education policies, administrative regulations, and school standards and rules in using technological resources.

6.11. Users shall not use any website, application, or other method to bypass content filtering compliance requirements.

6.12. Users shall cooperate with requests from the Department system administrators for information about IT Resources activities.

6.13. Users shall report any security problems or breaches to eab@k12.hi.us.

6.14. Users shall ensure any sensitive data (e.g., personally identifiable data, student information, staff information, proprietary information, etc.) transmitted outside of the Department is encrypted or password protected to ensure protection of the data.

6.15. Users shall ensure any data provided or transmitted to vendors, agencies, non‑Department entities, etc. complies with all federal regulations, state laws, and board policies related to information and data privacy.

6.16. Users shall ensure that their electronic communications do not infringe upon the rights of others and are conducted in accordance with the same standards of behavior that apply in other forms of communication.

6.17. Users shall not use personal devices and IT Resources to conduct Department business without prior approval and only if no other resources are available and shall be approved by the Department.  If a personal device must be used, the device shall have at minimum antivirus/anti-malware software installed, operating system up-to-date, and have device locking functions via password, PIN, or biometrics.

6.18. Users shall ensure that any information, images, documents, content, etc. they download and use are compliant with copyright, intellectual property rights, etc. and the appropriate permissions are obtained from the owner.