Policies

LIS provides a wide range of information service and support to the Luther community. Policies that guide and govern these services and support activities are collected here for reference.

Network Use

The following policies govern use of Luther College data and data networks:

  1. Acceptable Use

    Luther College, as part of a continuing commitment to faculty, students, and staff, provides certain telecommunications and computing equipment as well as access services. These facilities include centralized servers for email, www, administrative applications, academic applications, and data; a fiber based campus network backbone as well as associated network hardware and software which distribute network resources to academic, administrative, and residential buildings; desktop resources such as computers, printers, and software; as well as access to campus and global information resources. These resources are to be used for education, research, and administrative purposes related to the mission of the College, and consistent with appropriate codes of College conduct. It is expected that users of campus information technology resources will respect the priority of these purposes.

    As a Luther student, faculty, or staff you are encouraged to use these resources. By using these facilities, you agree to abide by all policies and procedures of the College. Luther College expects ethical and responsible behavior. You are expected to conduct yourself as appropriate for any good citizen and you will not participate in any illegal activity, any for profit commercial activity, or anything else that will negatively impact other users of Luther College information technology resources.

    Use of these resources is governed by and is subject to all applicable college policies. For student governance, see the Student Handbook for details of the Luther Code, specifically sections 6.3 Obstruction of Activities and/or Causing a Disturbance; 6.7 Vandalism; and 6.9 Use of College Owned Equipment or Facilities for Unlawful Purposes. Also in the Handbook under the heading “Offenses Which Exploit Others”, see specifically sections on Sexual Harassment, and Discriminatory or Harassing Conduct.

    For details on faculty or staff governance, see the respective handbook or other authorities that describe the Luther Code as it applies to faculty and staff.

    Failure to comply with any of these or other applicable policies will result in sanctions as outlined in those policies and denial of access to these information technology resources.

    By using the information technology resource provided by the College, you are indicating your acceptance of this policy and your promise to abide by it.

  2. Copyright

    Luther considers it the responsibility of each community member to ensure that their academic or administrative work is in compliance with appropriate copyright law. This covers transmission, reproduction, storage, manipulation, and use of intellectual property. Information and guidance on fair use is available on the LIS website. Faculty are responsible for ensuring that all course materials used in their courses are being used appropriately with the proper permissions secured. Students are expected to complete assignments and work under fair use provisions or to arrange licensing in other cases.

    For Luther’s full copyright and intellectual property policies, please see: http://www.luther.edu/copyright

  3. Electronic Harassment and Use of Social Networks

    Under no circumstances will electronic harassment, eavesdropping, or other inappropriate electronic behavior be permitted on Luther data networks. Unfortunately incidents are reported each academic year of community members who use electronic tools, including social networking services to harass, intimidate, or otherwise take advantage of peers or colleagues. This is inappropriate and unprofessional, and will result in disciplinary action against any individual found to be engaging in such behavior.

    All community members are reminded that use of social networking sites such as Facebook, Twitter, LinkedIn, etc. does involve disclosure of personal information to others via the network which can result in increased risk to you. Services such as these are increasingly used for fraudulent and illegal activity including theft, blackmail, extortion, and slander. Luther strongly advises those who choose to participate in online social networking systems to exercise caution and to remain vigilant against individuals who seek to cause harm. We will continue to investigate reported incidents and will pursue sanctions against those in our community who use these services for any illegal or inappropriate purpose.

  4. File Sharing

    Peer-to-peer file sharing is a popular, efficient, and legal way to share files for which you have legal license to distribute or receive via computer networks. There are many software clients that enable file sharing operating on networks, for example BitTorrent. Luther does not expressly prohibit or prevent file sharing on our networks provided users have legal license to share the files they are sharing.

    Receiving or transmitting files for which you do not have legal license to distribute is not permitted under Luther's network use policies and is in many cases an illegal act punishable under criminal and/or civil law. Luther will contact any user found to be violating this policy with information regarding the claimed infringement. Failure to respond to and address the claimed infringement notice and associated activity may result in loss of network privileges and referral to the campus judicial system.

    We have received infringement notifications that have resulted in the suspension of network privileges for Luther students. If you are engaging in file sharing activity on Luther's network there are a number of issues that you should be aware of and consider:

    • All users of Luther's network resources are legally responsible for their own actions. Luther as an institution cannot and will not provide legal protection for online activities, and we will cooperate with any lawful legal action directed at users of our network.
    • Luther does not currently have any active processes to monitor the legality of traffic on our network. We believe users should be responsible for their actions and that it is not Luther's responsibility to police compliance.
    • Luther does not block any protocols on our network outright, however, access to internet resources that are deemed to pose a threat is blocked to protect the security of the network. Additionally we will shape and limit bandwidth to individual users to ensure a positive network experience for all. There are legal and legitimate reasons to use peer-to-peer file sharing protocols, and we don't believe it right to block certain types of traffic because they might be used illegally.
    • People (and computers) are watching what you do online. If you are sharing files for which you do not own legal license to distribute, you run a good risk of being identified by copyright holders. When we are notified of fraudulent acts committed on our network, we track who was responsible for the activity and hold them accountable for that activity.
    • Installing and operating a personally-owned wireless access point attached to Luther's network is not permitted. Any community member that installs wireless access points on the Luther network may have their access to network resources disabled and will be held responsible for all activity that occurs on that access point. This includes anonymous use by others of your access point. In cases where file sharing or other illegal activity occurs over open access points, we have and will continue to pursue punitive measures against the owner and operator of the wireless access point.

    Luther encourages users who choose to acquire digital media to use legal and licensed services such as Amazon, iTunes, Netflix, or Rhapsody.

    For additional questions on Luther's file sharing policies, please contact Paul Mattson, (paul.mattson@luther.edu). For more information on your legal rights and responsibilities, please contact your legal advisor.

  5. Granting and Removing Network Access

    Granting Network Access

    The following individuals are issued credentials (Norse Keys) to access network-based services at Luther while they are active members of the Luther community:

    • Students (regardless of enrolled credit hours)
    • Faculty (regardless of course load or contract status, provided they receive compensation from Luther)
    • Administrative Staff (regardless of contract status, provided they receive compensation from Luther)
    • Contract Staff (regardless of contract status, provided they receive compensation through an authorized service contractor)
    • Employees with Emeritus Status (Faculty or Administrative Staff)
    • Alumni

    The following individuals are not automatically authorized to receive credentials (Norse Keys) to access network-based services at Luther. Requests for credentials to be issued to any individual within one of the groups below should be made in writing to the Executive Director of Library and Information Services:

    • Volunteers
    • Independent Contractors

    Generally, credentials are automatically generated through workflows established for students and employees. LIS requests that supervisors hiring new employees also complete our New Employee Setup Form available at https://www.luther.edu/helpdesk/lisforms/newemployee/.

    Removing Network Access

    Graduating Students

    • Seniors will be contacted by May 1st via email with a message from LIS regarding the transition of their accounts. Any student with a valid reason to keep their account active as a student will be directed to a web form. All other accounts will be transitioned to alumni accounts.
    • Software Development will provide Network & Systems with a list of graduating seniors by June 1st.
    • Voice services will be deleted June 1st.
    • All graduating students will have their accounts transitioned from student accounts to alumni accounts on July 1st of their graduating year.
    • Norse Apps will remain available to alumni.
    • Student H Drive data will be retained until September 1st and then deleted. No requests for restores will be granted after that date. (Effective Fall 2010, LIS will no longer allocate H Drive space for new student accounts and will instead offer links to other cloud-based services).

    Non-Graduating, Non-Enrolled Students

    • Software Development will provide Network & Systems with a list by October 1st of students who:
      • did not graduate in the past year, and
      • did not enroll in any of the previous three fall/spring terms or in between.
    • Students will be contacted by October 15th via email with a message from LIS regarding the transition of their accounts. Any student with a valid reason to keep their account active as a student will be directed to a web form.
    • All non-graduating students who have not enrolled in courses for the fall semester will be transitioned either to an alumni account or an inactive account on November 1st of each year based on their individual criteria.
    • For students qualifying as alumni, Norse Apps will remain available. For students not qualifying as alumni, Norse Apps accounts will be deleted November 1st.
    • Voice services will be deleted November 1st. LIS will no longer reserve or assign telephone numbers to individual students. As a result, students who return after a hiatus will receive a newly-assigned number as needed/requested.
    • For students studying abroad, telephone numbers will remain assigned to the student and identified in Datatel prefixed by X###-####.

    Faculty

    • Faculty accounts will expire on their employment end date.
    • LIS will work with HR to acquire advance notice of these expiries. Notice will be made to LIS and distributed via KBOX to Network and Systems, Software Development, LIS Web Lead, KATIE Lead, Workstation Support Lead. The work order will include all date information, including any approved extensions.
    • Faculty will be contacted by email with a message from LIS regarding the transition of their accounts. Faculty with a valid reason to retain an active faculty account will be directed to a web form where they can request a one month extension for their account to remain active. Any extensions longer than one month will require approval of the Dean of the College and the Executive Director of LIS.
    • For faculty qualifying as alumni, they will retain their Norse Apps account and transition to an alumni account. Emeriti will retain their Norse Apps account indefinitely, unless a request is made to have it removed. For all other faculty, accounts will be initially disabled on their employment end date, and then deleted two months after their employment end date (or extended employment end date).
    • Any personal data stored on Luther servers (including H drive) will be retained for a period of two months after the account expiry, and then deleted. No requests for restores will be granted after that date.
    • Voice services will be disabled/deleted on the employment end date (or extended employment end date).
    • Faculty will be asked to meet with LIS staff to return/inventory all technology equipment.

    Staff and Contract Staff

    • Staff/Contract Staff accounts will expire on their employment end date.
    • LIS will work with HR to acquire advance notice of these expiries. Notice will be made to LIS and distributed via KBOX to Network and Systems, Software Development, LIS Web Lead, KATIE Lead, Workstation Support Lead. The work order will include all date information, including any approved extensions.
    • Staff and their immediate supervisors will be contacted by email with a message from LIS regarding the transition of their accounts. Staff with a valid reason to retain an active staff account will be directed to a web form where they can request a one month extension for their account to remain active. Any extensions longer than one month will require approval of their Vice President and the Executive Director of LIS.
    • For staff qualifying as alumni, they will retain their Norse Apps account and transition to an alumni account. For all other staff, accounts will be initially disabled on their employment end date, and then deleted two months after their employment end date (or extended employment end date).
    • Any personal data stored on Luther servers (including H drive) will be retained for a period of two months after the account expiry, and then deleted. No requests for restores will be granted after that date.
    • Voice services will be disabled/deleted on the employment end date (or extended employment end date).
    • Staff will be asked to meet with LIS staff to return/inventory all technology equipment.

    Death

    • Upon the death of a student, LIS will work with the Dean of Students to determine how to transition digital content owned by the student prior to deletion.
    • Upon the death of a faculty member/staff/contract staff person, LIS will coordinate with the department head/supervisor to take control of and appropriately distribute any digital content owned by the individual prior to deletion.

    Email Notices from LIS Regarding Removal of Network Access Includes:

    • Summary of LIS Exit Policy with link to full text
    • Reminder of Luther Policies on Intellectual Property and Ownership of Data
    • Links to instructions for exporting or transferring email to another employee/service
    • Links to instructions for exporting or transferring Norse Docs data
    • Links to instructions for exporting or transferring KATIE content
    • Links to instructions for exporting or transferring files stored on Luther servers
    • Link to web form requesting special consideration
    • Overview of timeline and deadlines
    • Note to work with supervisor/colleagues to retain/transition critical data
    • Notice to return any LIS/Library materials currently checked out to them (including interlibrary loan materials) and a link to review their circulation records.
    • How to acquire lower-cost software/hardware (auction/academic pricing).
  6. Norse Key Password Policy

    Date Issued: September 12, 2007
    Date Revised: August 8, 2014

    I. Policy

    In order to maintain appropriate network security, all users of Luther College networks and systems are required to periodically change their Norse Key password according to criteria established by Library and Information Services.

    II. Purpose

    Common security practice at institutions of higher education and businesses require regular changes of passwords to maintain secure access to resources.

    III. Scope

    Applies to all faculty, staff, students, and other users who have a Norse Key.

    IV. Terms and Definitions

    • Norse Key - A Norse Key is your gateway to most digital resources at Luther College. Specifically, it is your username and password that is used to log onto services such as your Luther email, My.Luther.edu, the campus directory and many others.
    • Norse Key Accessible Services
    • Norse Key AD Active Directory accessible services.
      • Citrix remote access system (http://citrix.luther.edu/)
      • Slate Admissions customer relations management
      • ImageNow Document Imaging system
    • Services Not Currently Accessible via Norse Key
      • Colleague (Ellucian/Datatel)
      • Business Objects Reporting
      • CBORD Odyssey PCS - Contact Technology Help Desk to synchronize Norse Key and PCS password.

    V. Procedures and Guidelines

    1. Policy Statements

    • All Norse Key passwords and Colleague System User passwords must be changed every 180 days.
    • Passwords must be at least 10 characters long.
    • Passwords must contain at least one number.
    • Passwords must contain at least one character.
    • Passwords cannot be blank and cannot contain any spaces.
    • Paper on which passwords are written must either be destroyed after use or stored in secure locations.
    • A password history will be retained and require users to use original passwords when updating them.
    • Users must review the college Statement of Responsibility and signify their compliance as a condition of changing their Norse Key and being granted access to the Luther College network.

    2. Implementation

    • Colleague System User passwords are currently changed every 180 days. No implementation steps are required for Colleague System Users.
    • Users will receive five notification/reminder messages prior to the expiration of their password. The first will be sent two weeks prior to expiration, the second one week prior to expiration, the third 3 days prior to expiration, the fourth 2 days prior to expiration, and the fifth 1 day prior to expiration. Users will be prompted to visit norsekey.luther.edu to change their Norse Key password.

    VI. Confidentiality and Record

    Library and Information Services is responsible for assuring the Colleague system users and Norse Key passwords expire every 180 days.

  7. Norse Key Security

    Community members should not share or reveal their Norse Key credentials with anyone. In particular, LIS will never ask for your Norse Key via email. Requests for your login information received via email are invariably attempts to compromise your account.

  8. Statement of Responsibility

    STATEMENT OF RESPONSIBILITY FOR THE SECURITY AND CONFIDENTIALITY OF DATA AND DATA NETWORKS

    General Responsibilities

    Security and confidentiality of all data is a matter of concern for all members of the Luther community who have access to records and files, paper and computerized, and the data infrastructure and networks owned by Luther College.

    Each person working with institutional data holds a position of trust and must recognize the responsibility of preserving the security and confidentiality of the information and the systems and networks it uses. All members of the Luther community with authorized access to institutional information or data networks are expected at all times:

    • to keep personal passwords private; passwords are not to be written down or shared with others;
    • to sign off a workstation when leaving the immediate work area for an extended period of time;
    • to assume responsibility and be held accountable for all data modifications made using their user ID and password;
    • not to make or permit unauthorized use of any information in the files or databases;
    • not to permit or provide access to Luther College data infrastructure or networks by any unauthorized individuals;
    • not to seek personal benefit or permit others to benefit personally by any confidential information which has come to them through their work assignment;
    • not to exhibit or divulge the contents of any record or report to any person except in the conduct of their regular work assignment;
    • not to use any official record or report (or copy of same) for purposes other than college business;
    • not to operate or request another to operate any Luther College computer equipment for purely personal business;
    • not to aid, abet, or act in conspiracy with any person to violate any part of this Statement of Responsibility;’
    • to report any violation of this Statement of Responsibility code to one’s supervisor immediately.

    Violation of the provisions contained in this Statement of Responsibility will lead to corrective action consistent with the general disciplinary policies of the college.

    Responsibilities Regarding Student Information

    FERPA and Student Information
    Each person is responsible for knowing the special considerations relative to student information and the Family Educational Rights and Privacy Act (FERPA). It is important that each individual with access to student data understand the reasons for the existence of the Family Education Rights and Privacy Act (FERPA), the consequences of non-compliance, and the procedure involved in order to respond to inquiries about students’ records.

    FERPA is a federal law that guarantees students:

    • the basic right to have access to all their education records;
    • the assurance that their records are protected from access;
    • the right to challenge their records believed to be inaccurate, misleading, or otherwise in violation of the students’ privacy.

    Any institution that has programs that are federally funded (such as Pell Grant and GSL) must comply with this law or be subject to loss of those funds. In addition, individuals with access to student data who do not comply with this law are subject to college personnel and disciplinary policies and/or accountability in a court of law.

    The following guidelines will provide some assistance in complying with FERPA.

    Students must be allowed access to:

    • all types of education records directly related to that student (copies of records may be provided with or without charge).

    Procedures for student access are:

    • electronic authorization or presentation by the student of an ID (telephone requests should not be honored) or receipt of a signed and dated request from the student.

    Students must not be allowed access to:

    • education records (such as print-outs of class lists) that contain information on more than one student (the student may review only the specific information about himself or herself);
    • financial records of the student’s parents;
    • confidential letters of recommendation, for which the student has signed a waiver.

    Circumstances that allow third-party access to confidential educational records (all third-party requests should be referred to the Registrar’s Office):

    • to college employees who are in the process of carrying out their specifically assigned educational or administrative responsibilities; whether the need to know is a legitimate educational interest must be determined by the employee’s office/department administrator or manager;
    • to parents of a dependent student, as defined by the Internal Revenue Code;
    • to representatives of the Department of Defense, limited to directory-type information;
    • in connection with financial aid;
    • to federal or state educational authorities;
    • to accrediting organizations;
    • in compliance with a lawfully issued subpoena;
    • in connection with a health or safety emergency.

    Note: Education records disclosed in the above circumstances must include the condition that further disclosure to a third party not be made without the prior consent of the student.

    Access to student directory information
    Luther College employees may release directory information without written permission of the student; however, students have the right to restrict access to directory information. For students who have made such a request with the Student Life Office, the specific restrictions that are requested may be identified on that student’s record in Datatel. If an employee encounters one of these records, he or she will receive a message on the screen notifying which data has been restricted. If a student has requested that access to directory information be restricted, he or she should refer all requests for information about that student to the Student Life Office.

    Luther College determines that the following student information is directory information:

    • name
    • local and permanent mailing addresses
    • home telephone number
    • campus telephone number
    • e-mail address
    • dates of attendance
    • year of school
    • major(s) and minor(s)
    • awards, honors
    • degree(s) conferred
    • past and present participation in officially recognized sports and activities
    • physical characteristics (height/weight) of athletes
    • date and place of birth
    • photographs and other visual images*

    *Luther College records visual images during many campus events and daily activities, such as convocations, concerts, classes, athletic events, and other public events on and off campus. These images are regularly used and published as part of Luther’s coverage of campus life for a variety of audiences, including but not limited to – the Luther Magazine, the Luther official website, and admissions materials.

    Responsibilities Regarding Other Constituencies Information

    Alumni Records
    Alumni records are for official college and Luther College Alumni Association use, and also for individual communication of a personal nature between alumni. Use of this information for any other purpose, including, but not limited to, reproducing and storing in a retrieval system by any means, electronic or mechanical, and photocopying or using the addresses or other information for any private, commercial, or political mailing is strictly prohibited and constitutes misappropriation of college property.

    Employee Records
    Employee information is for official college use only. Communication of employee information to another member of the Luther community will be limited to name, title, campus location, campus telephone, campus e-mail address, home address, home telephone, spouse name, and children’s names. The use of this information and any other employee information/records for any other purpose, including, but not limited to, reproducing and storing in a retrieval system by any means, electronic or mechanical, and photocopying or using the addresses or other information for any private, commercial, or political mailing is strictly prohibited and constitutes misappropriation of college property. Personal information listed in the Faculty/Staff Directory must have the employee’s written authorization. Employees can opt to have personal information be displayed to other staff and students who securely login to the directory. Optional online campus directory information for staff and student view includes; home address, home phone, spouse, children, and alternate email addresses. Employees can also opt to have their mobile phone number viewable to other staff in the online campus directory.

    • All other requests for employee information from Luther employees not included in the items above should be referred to the Office of Human Resources.
    • All third-party requests should be referred to the Office of Human Resources. Information will only be given upon receiving written authorization, which includes an employee signature authorizing release of such information.
    • Employee information released without written authorization from the employee will be limited to requests from state or federal authorities in compliance with a lawfully issued subpoena or in connection with a health or safety emergency.

    Responsibilities Regarding Data Published to the Luther Web

    Members of the Luther College community may be granted privileges to publish content (including but not limited to text, audio, video, or other multimedia materials) to the Luther College web (websites hosted at the luther.edu domain) for internal or external use. Individuals with such privileges agree to the following:

    All content posted to the Luther College website will be in compliance with all copyright and intellectual property laws and guidelines. For more information on Luther’s copyright policies, see http://www.luther.edu/copyright.
    Ownership of all content published to the Luther College web is the property of Luther College unless otherwise noted and with exceptions as noted in the Luther College Copyright Policy.
    Luther College reserves the right to unpublish or deny publication of any content deemed illegal, inappropriate, inconsistent with the mission of Luther College, or that risks legal action against Luther College or members of the Luther College community.

    Responsibilities Regarding Access to Data Infrastructure and Networks

    Luther College, as part of a continuing commitment to faculty, students, and staff, provides certain telecommunications and computing equipment as well as access services. These facilities include telephony infrastructure, centralized servers for email, www, administrative applications, academic applications, and data; a fiber based campus network backbone as well as associated network hardware and software which distribute network resources to academic, administrative, and residential buildings; desktop resources such as computers, printers, and software; as well as access to campus and global information resources. These resources are to be used for education, research, and administrative purposes related to the mission of the College, and consistent with appropriate codes of College conduct. It is expected that users of campus information technology resources will respect the priority of these purposes.

    As a member of the Luther community you are encouraged to use these resources. By using these resources, you agree to abide by all policies and procedures of the College. Luther College expects ethical and responsible behavior. You are expected to conduct yourself as is appropriate for any good citizen and you will not participate in any illegal activity, any for profit commercial activity, or anything else that will negatively impact other users of Luther College information technology resources.

    Use of these resources is governed by and is subject to all applicable college policies. For student governance, see the Student Handbook for details of the Luther Code, specifically sections III.B.4 (Acts of dishonesty); III.B.7 (Disruption or obstruction of Luther College activities); III.B.11 (Theft or damage to property); and III.B.21 (Theft or abuse of computer facilities or resources). Also in the Handbook see Discriminatory and Harassing Conduct Policies and Procedures.

    For details on faculty or staff governance, see the respective handbook or other authorities that describe the Luther Code as it applies to faculty and staff.

    Failure to comply with any of these or other applicable policies will result in sanctions as outlined in those policies and denial of access to these information technology resources.