Kentucky Department of Education

 

KDE > Administrative Resources > Technology > Additional Technology Resources > Acceptable Use Policy Guidelines and State Requirements for Student and Staff Access to Electronic I

Guidelines for Creating Acceptable Use Policies

Last Updated on Wednesday, January 20, 2010 at 5:01 AM

Best Practices and Guidelines for Creating an Acceptable Use Policy for Employees and Students

PDF of the current version: Best Practices and Guidelines for AUP

 

 

BACKGROUND
The Master Plan for Education Technology calls for Internet access, electronic mail, and other instructional services to be available through the Kentucky Education Technology System (KETS), which includes voice, video, and data access. Accordingly, strategies for managing access and tools to help education entities (KDE and K-12 schools) implement those strategies have been identified and are continually refined.

In 1998, The Kentucky General Assembly passed Senate Bill 230 which required the use of filtering software in every district and school. The purpose of filtering software is to identify and selectively prevent objectionable material from entering the school through the data network. The determination of what constitutes "objectionable" material is a local decision.

1998 Kentucky Senate Bill 230 states:

"Each local school district shall establish a policy regarding student Internet access that shall include, but not be limited to, parental consent for student Internet use, teacher supervision of student computer use, and auditing procedures to determine whether education technology is being used for the purpose of accessing sexually explicit or other objectionable material."

Filtering software is not 100% effective; while filters make it more difficult for objectionable material to be received or accessed; filters are not a solution in themselves. For this reason, the Kentucky Department of Education first disseminated Acceptable Use Policy Guidelines to local districts in 1995. Acceptable use policies guide access to information in electronic media, to information technology, and to electronic networks. The purposes of such policies are: to educate; to provide protection against violations of privacy; to prevent misuse of public resources; to protect against inappropriate or destructive behaviors which occur as a result of access to electronic information resources; and, to ensure that technology resources provided through KETS are dedicated to improving student achievement and school administration. These policies also define school district parameters for acceptable use and specify the disciplinary measures to which those who violate the policy are subject. The 1995 Guidelines were issued with strong recommendation that every district adopt an acceptable use policy and require a user agreement form to comply with the policy signed by staff, faculty, students, and parents. While filters provide a technology-based solution, acceptable use policies address the human dimension of information access issues.

Since 1995, the majority of school districts have adopted acceptable use policies. In 1997, the Department issued recommendations for filtering technology which included a provision that the product(s) selected be capable of logging the time, date, and duration of transactions to the originating user as well as to the final destination.

Senate Bill 230, enacted during the 1998 General Assembly, requires the Kentucky Board of Education to promulgate administrative regulations to prevent sexually explicit material from being transmitted via education technology systems; directs each local school district and school to use the latest available filtering technology to ensure that sexually explicit material is not made available to students; requires the Department of Education to make filtering technology available to every school without cost; and, requires each local school district to establish a policy regarding employee and student Internet access.

The resulting administrative regulation, 701 KAR 5:120, fulfills the requirements of 1998 Senate Bill 230. At the school district level, the regulation requires that each school district adopt and implement an acceptable use policy applicable to every school which conforms to the guidelines issued by the Department; specifies school district responsibilities for implementing and maintaining filtering capabilities in every school; and prohibits the use of electronic mail systems which do not meet state standards.

At the state department level, 1998 SB 230 requires that the Department make filtering technology available to each school at no cost. To comply with this provision, the Department is furnishing software capable of content filtering to school districts to address the filtering needs of every school. The software is purchased with state funds. This software allows schools to block access to specific web site addresses and to "chat room" facilities on the Internet, allows schools to filter out sites based on certain terms, and keeps a detailed log of user activity. In addition, this software has significant instructional value because it saves most frequently requested web sites locally and also allows teachers to reserve and download web sites in advance of class time (commonly referred to as “caching”). These features mean that network response time is increased by 50-70%, web sites are available when the teacher needs them even if the school's network connection is temporarily lost, and students are more likely to find appropriate information the first time they search.

In addition to objectionable material which may reach employees and students through web sites, online chat groups, and electronic mail, sexually explicit material is frequently disseminated through "Usenet" groups on the Internet. Usenet groups are almost exclusively devoted to material which is generally agreed to be inappropriate for K12 sites. For this reason and without school district objection, the Department has always blocked Usenet addresses from coming into the state through KETS and will continue to do so.

The Department provides technical assistance to school districts to support implementation of the state-provided proxy server software, provides professional development activities on implementation of acceptable use policies, and provides information on deterring and detecting inappropriate use.

Compliance with the provisions of 1998 Senate Bill 230 is a condition of school district participation in the offers of assistance process for state education technology funds. Additionally, with the signing of the Children’s Internet Protection Act (CIPA) into law on December 21, 2000, participation in both the Universal Service Fund (USF) and the Enhancing Education Through Technology (EETT Title IID) programs resulted in further AUP requirements. School district authorities must certify that they are enforcing a policy of Internet safety that includes measures to block or filter Internet access for both minors and adults to certain visual depictions. The relevant authority with responsibility for administration of the school/district must certify the status of its compliance for the purpose of CIPA.

Requirements of CIPA

CIPA requirements include the following three items:

Technology Protection Measure
A technology protection measure is a specific technology that blocks or filters Internet access. It must protect against access by adults and minors to visual depictions that are obscene, child pornography, or — with respect to use of computers with Internet access by minors — harmful to minors. It may be disabled for adults engaged in bona fide research or other lawful purposes. For school use, the policy must also include monitoring the online activities of minors.

Internet Safety Policy
The Internet safety policy must address the following issues:

  • Access by minors to inappropriate matter on the Internet.
  • The safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications.
  • Unauthorized access including hacking and other unlawful activities by minors online.
  • Unauthorized disclosure, use, and dissemination of personal information regarding minors.
  • Measures designed to restrict minors’ access to materials harmful to minors.

 

Public Notice and Hearing
The authority with responsibility for administration of the school/district must provide reasonable public notice and hold at least one public hearing to address a proposed technology protection measure and Internet safety policy.

Three sections follow:

Best Practices for Appropriate use of Technology – details at a minimum what employees and students should and should not do as well as the guidance of Digital Citizenship;

Acceptable Use Policy Guidelines - provides general direction and guidance to districts for the formulation, implementation and maintenance of Acceptable Use Policies;

Resources (right sidebar) - an annotated list of web sites and other information related to acceptable use policies, helpful information for parents, and Internet filtering.

 

RETURN TO TOP OF PAGE

 

BEST PRACTICES FOR APPROPRIATE USE OF TECHNOLOGY

Digital Citizenship is a concept which helps teachers, technology leaders and parents to understand what students/children/technology users should know to use technology appropriately. Digital Citizenship is more than just a teaching tool; it is a way to prepare students/technology users for a society full of technology. Too often we are seeing students as well as adults misusing and abusing technology but not sure what to do. The issue is more than what the users do not know but what is considered appropriate technology usage.

Digital citizenship can be defined as the norms of appropriate, responsible behavior with regard to technology use:

  1. Digital Etiquette: electronic standards of conduct or procedure
  2. Digital Communication: electronic exchange of information
  3. Digital Literacy: process of teaching and learning about technology and the use of technology
  4. Digital Access: full electronic participation in society
  5. Digital Commerce: electronic buying and selling of goods
  6. Digital Law: electronic responsibility for actions and deeds
  7. Digital Rights & Responsibilities: those freedoms extended to everyone in a digital world
  8. Digital Health & Wellness: physical and psychological well-being in a digital technology world
  9. Digital Security (self-protection): electronic precautions to guarantee safety

Generally, employees and students think of best practices only in the sense of electronic mail and internet use. It must be understood that any Acceptable Use Policy also extends to: computer hardware and peripherals; software; network access; storage devices: databases, files, and other repositories of information in electronic form. Best practice applies to use while onsite and when using remote access (from home, conferences, while traveling, etc.).

Information technology is provided to employees with the following expectations:

  • Productivity will increase. Work products can be produced and services can be delivered with more accuracy in less time with added value and, in most cases, at less cost.
  • Decision-makers will have rapid access to more complete and accurate information.
  • Communication among staff, between the staff and their customers, and with the public will improve. Services and information will be more widely and equitably accessible.
  • Public employees and public organizations will be more accountable.

Electronic Mail

It must be understood that appropriate use of electronic mail should draw from standards for student and employee communication which already exist. For instance:

 

  • Do not send or attach documents containing pornographic, obscene, or sexually explicit material.
  • Do not transmit obscene, abusive or sexually explicit language.
  • Do not use electronic mail for communications which are not directly related to instruction, sanctioned school activities, or a person's job .
  • Do not use electronic mail, for instance, for private business or personal, non-work related communications.
  • Do not access, copy or transmit another's messages without permission.
  • Do not create, forward or share spam or chain letters.
  • Do not use electronic mail for creation or forwarding of jokes or humor that can be found offensive to others.
  • Do not send electronic communications that contain ethnic slurs, racial epithets or anything that could be construed as harassment or abuse of others based on race, national origin, sex, sexual orientation, age, disability or religious or political beliefs.

Employees must be aware that electronic mail logs, the content of electronic mail, Internet access logs, and the content of Internet sessions may be subject to inspection under the open records laws and are not necessarily private. Employees should remember that electronic mail, Internet access, and other resources are provided for the purpose of carrying out assigned work.

 

Confidentiality and Security of Information

As a result of the passing of HB341 during the regular legislative session in the spring of 2006, the Kentucky Department of Education and all public school districts were required to conduct a study of the requirements for data security and develop a notification process when a breach of data security occurs. Employees and students need to understand special safety cautions, which are again analogous to common practice:

 

  • Students should not reveal their name and personal information to or establish relationships with "strangers" on the network, unless the communication has been coordinated by a parent or teacher.
  • The school should not reveal a student's personal identity unless the parent has given written consent.
  • The school should not transmit a student's work or picture with personally identifiable information without written parental consent.
  • Employees should use discretion when accessing and potentially making electronic and/or paper copies of sensitive data. This includes storing personally identifiable data on personal or school-issued devices (e.g. laptop, thumb drive, smart phone, etc...)

 

Internet Activity

Employees and students must understand that internet searching and activity that involves inappropriate material is prohibited in accordance with Senate Bill 230 and 701 KAR 5:120. Activities that are considered inappropriate include but are not limited to:

  • Visiting websites such as pornographic, obscene, sexually explicit, jokes, gambling, gossip (e.g. Topix), etc., that are not work related.
  • Downloading of inappropriate material including pornographic, obscene, sexually explicit, music/audio that is copyright protected.
  • Internet surfing for personal purposes such as shopping, banking, research for personal purposes, online auctions (e.g. eBay), sports message boards, etc.

Use of Technology

 

Employees and students must understand that technology (e.g. computer, printers, peripherals, external hard drives, thumb drives, etc.) used in the school and work environment are for work and learning related purposes. Computers, while they may be assigned to an individual in the case of employees or student in 1 to 1 initiatives are not intended for uses that are personal in nature such as:

  • Games are not to be installed or played on employee or student computers. The Internet is not to be used for the playing of games or participation in contests.
  • Computers are not to be used to store photos, video, music, audio files, etc. of a personal nature. Doing so uses precious storage space that is needed for learning and work related purposes and can be in violation of copyright laws in some cases.

In general, it is usually helpful to ask oneself these questions if you are not sure whether the way you are using technology violates the Appropriate Use Policy:

 

  1. Am I violating any other laws, regulations or policies? Have I protected individual privacy rights?
  2. Is this directly in support of my job duties and responsibilities? Does the way I am using technology adversely impact the productivity of others without good cause?
  3. If someone observed me doing this, either a colleague or member of the public, would I be uncomfortable? Would it give the impression that I was not doing my job or that this organization was misusing public funds?
  4. If I'm saying it in email, would I say it in person?

 

RETURN TO TOP OF PAGE

 

 

 

ACCEPTABLE USE POLICY CONSIDERATIONS FOR DISTRICTS

 

As stated earlier, Kentucky K-12 school districts are required to establish Acceptable Use Policies (AUP’s) for appropriate technology use which conforms to the provisions of the 1998 Senate Bill 230 and the accompanying Kentucky Administrative Regulation 5:120 (701 KAR 5:120) as well as federal CIPA requirements. An AUP is a written agreement signed by students, employees, and parents/guardians which outlines the terms and conditions for using technology-based devices (voice, audio, video, and data) maintained by the district and personally owned technology-based devices used during school hours on school property. Compliance with the provisions of SB 230 and KAR 5:120 is a condition of school district participation in the offers of assistance process for education technology funds. SB 230 and KAR 5:120 address:

  • Parental consent for student Internet use
  • Teacher supervision of student use of technology-based devices
  • Auditing procedures to determine whether education technology is being used for the purpose of accessing sexually explicit or other objectionable material
  • Limiting use of email on school property to the email system approved by the Kentucky Department of Education as meeting standards for electronic mail systems

GUIDELINES

Best practice suggests that an AUP address appropriate access to and transmission of data and information as well as the use of any technology-based device maintained by the school, including any personally owned technology-based device brought into the school. Therefore, local districts may want to consider how they wish to address the following components:

  • Statement that the AUP complies with state and federal laws and regulations.
  • List of the roles and responsibilities for all stakeholders (employees, students, parents/guardians) when using technology resources on campus.
  • Explanation of the rights and responsibilities of users when accessing district-owned resources through the Internet from technology devices both on and off campus.
  • A disclaimer limiting the school district’s liability relative to:
  • o   Information stored and/or retrieved on school technology-based devices or within district-owned resources accessible on the Internet from any location.
  • o   Personally owned technology-based devices used on school property.
  • Description of the instructional philosophies and strategies as well as the advantages gained by the district/schools in utilizing the technology resources available.
  • Description of the safety measures the district undertakes to comply with Child Safety laws and regulations, with a disclaimer that these measures do not provide foolproof means for enforcing the provisions of the AUP.
  • Description of the method the district undertakes to ensure system and data security, user accounts, and user privileges, with a disclaimer that these measures do not provide a foolproof means for enforcing the provisions of the AUP.
  • Assurances that the policy will be enforced as well as a description of the procedures to address Acceptable Use violations, including legal action.
  • Description of the ongoing awareness training opportunities for all stakeholders.
  • Description of the procedures for evaluating and revising the AUP.

Live@EDU AUP Requirements

Federal law requires that any child age 13 and under have parental consent to access online services, such as the Microsoft Live@EDU offering. Districts must include in their respective local AUPs the language provided below:

The Outlook Live e-mail solution is provided to your child by the district as part of the Live@edu service from Microsoft. By signing this form, you hereby accept and agree that your child's rights to use the Outlook Live e-mail service, and other Live@EDU services as the Kentucky Department of Education may provide over time, are subject to the terms and conditions set forth in district policy/procedure as provided and that the data stored in such Live@EDU services, including the Outlook Live e-mail service, are managed by the district pursuant to policy 08.2323 and accompanying procedures. You also understand that the Windows Live ID provided to your child also can be used to access other electronic services that provide features such as online storage and instant messaging. Use of those Microsoft services is subject to Microsoft's standard consumer terms of use (the Windows Live Service Agreement), and data stored in those systems are managed pursuant to the Windows Live Service Agreement and the Microsoft Online Privacy Statement. Before your child can use those Microsoft services, he/she must accept the Windows Live Service Agreement and, in certain cases, obtain your consent.

 

A sample written agreement form that includes this provision is available from KSBA (Dara. Bass@ksba.org or 1-800-372-2962, ext. 1220).

 

GENERAL CONSIDERATIONS

  1. AUP development/revision should involve representatives of each stakeholder group (i.e. parents, students, teachers, administrators, community members, etc.). Develop a policy which is straightforward and easy to understand. It is very helpful to draw analogies to Board policies and codes of conduct which already exist. If it is unacceptable behavior for a student or staff member to bring a paper magazine with sexually explicit pictures to school, for instance, it is unacceptable behavior for those same people to bring an electronic image of sexually explicit material into the school. If it is unacceptable behavior for a student or staff member to send someone a threatening or harassing hand-written note, it is unacceptable behavior to do the same via electronic mail. These issues are fundamentally those of behavior and personal responsibility thus, for these reasons and more, many districts have integrated their AUP into their local Student Code of Conduct and Staff Handbooks.
  2. Educate the staff, students and parents/guardians. Policy implementation is far more likely to be successful if the elements of Digital Citizenship are supported by the AUP and incorporated into the curriculum and  awareness training of parents, students and employees.
  3. Develop parental consent forms as required by law. These forms should either clearly explain the Board's definition of acceptable use, provide examples of use which is not acceptable, and stipulate the disciplinary actions or other consequences which may occur if the policy is violated OR be accompanied by a copy of the actual AUP and/or related guidelines. Consent forms should be based on the principle that network access is a privilege and not a right and that the privilege of access entails responsibility.
  4. Although the Board policy should respect the privacy rights of students and staff, the policy should state clearly that email and other technology use is not guaranteed to be private. System administrators may periodically scan email, monitor files stored locally or on district-owned resources, both locally and Interned-based, and scan Internet use logs. Educating users and parents about district-owned Internet-based resources, such as Live@EDU email, file sharing, collaborative resources, etc. will be beneficial. Users and parents must understand that although these district-owned resources can be accessed from home, adherence to acceptable use guidelines and the district’s right to monitor and manage still applies. This aspect of an AUP might be analogous to the Board’s policy on school lockers; while generally private, lockers may be searched under certain circumstances.

STRATEGIES FOR ENCOURAGING COMPLIANCE

 

In addition to adopting a policy, the local Board and the schools must adopt multiple level strategies for encouraging compliance:

Preparation of educators

Teachers and others whose duties include classroom management and/or student supervision should be provided with guidance on detecting, deterring, and documenting inappropriate use, on safe-guarding personal privacy, and on dealing with unsolicited online contact as a school safety issue.

The School Council and Community: Information about the Value of the Network

Providing parents and the community with accurate and timely information about how electronic information resources are being used in the schools to support student achievement is very important. The School Based Decision Making Council is an appropriate entity to lead this education effort in the school and community with district guidance and assistance. Parent and community education can be accomplished through technology fairs, community network projects, inviting parents to participate in the classroom, and technology lending libraries which allow parents and students to work together at home.

Familiarity with the Internet and other network services will allow school councils to make more informed judgments about the use of technology throughout the curriculum. Such education efforts will also help parents make more informed judgments about media stories or second-hand information about potential risks associated with the Internet which might otherwise cause undo concern. Their appreciation of the instructional value of these resources will engage them more pro-actively in guiding appropriate use at home and working with the school to ensure that access continues to be available.

Deterrents

To manage the student or staff member who is determined or occasionally tempted to violate acceptable use policies, certain deterrents can be put in place:

The amount of time during which individuals have unmonitored access to the network should be minimized. For students, this means that long, individual sessions in a lab setting are not advisable. Classroom group work generally discourages inappropriate use. For staff, this means that the times when inappropriate use is most likely to occur is time the individual has in an office with a door that can be shut or a computer screen turned so that it cannot be viewed by others.

Certain network management software packages allow the systems administrator to view or intervene and "take over" a user's screen. These packages are designed for problem diagnosis, to troubleshoot network problems, and to support help desk activities. Although they are not designed to scan network activity for inappropriate use, the district may decide to use them for that purpose on an occasional basis. Regardless, if the user is informed that such scanning is feasible that fact alone may deter inappropriate use.

With implementation of Internet-use logs, schools should familiarize parents, students, faculty, and staff with the information contained in logs. The fact that these logs contain detailed information about each Internet access which can be traced to the individual user usually serves as a powerful deterrent.

 

RETURN TO TOP OF PAGE

For more information contact:

David Smith
15 Fountain Place
Frankfort, KY 40601
Phone: 502-564-2020
David.Smith@education.ky.gov

RESOURCES AND EXAMPLES OF POLICIES

 

Although this listing is by no means comprehensive, it will provide guidance and ideas for the development of acceptable use policies.

 

Districts interested in looking at sample AUPs or related sample procedures from other districts are encouraged to contact other CIO/DTCs. Districts who belong to the Kentucky School Board Association (KSBA) Policy and Procedure Service should also contact their respective KSBA consultant at 1-800-372-2962 or by email. Dara.Bass@ksba.org.

 

Nine Elements of Digital Citizenship

Detailed description of the nine elements

 

Universal Service Administrative Company (USF/E-Rate)

 

U.S. Department of Education Enhancing Education Through Technology

 

Model Acceptable Use Policy

Cybercrime.gov

 

Getting Started on the Internet: Developing an Acceptable Use Policy (AUP)

Education World

 

Acceptable Use Policies

iSAFE

 

Acceptable Use Policies

Northwest Educational Technology Consortium

 

SafeKids

This site contains Online Safety Rules for Kids, Guidelines for Parents, an Online Safety Slide Show, and articles on protecting children's privacy online such as "Online Safety and Critical Thinking: The Lessons Children Learn on the Internet Today Could Save Their Lives Tomorrow.

 

School AUP 2.0

A wiki developed to assist in the creation of modern AUP’s.

 

National Center for Technology in Education

National Center for Technology in Education resources

 

Developing Board AUPs

District Administration Developing AUP’s

 

Kentucky School Board Association

Serves school boards and districts in such areas as governmental relations, board member and staff training, insurance and risk management, legal, policy, publications and community relations.

 

Armadillo Acceptable Use Policy Site, Houston Independent School District

A collection of resources for the guidance of students, teachers, administrators, parents, and board members in developing an acceptable use policy for the Internet. 

 

From Now On, The Educational Technology Journal

Articles by Jamieson McKenzie on K12 Internet use policies

 

"Kids and families online," The Children's Partnership

This report builds upon the 1994 report "America's Children and the Information Superhighway." It provides a capsule summary of where things stand today with children, families and the Internet. The update is part of The Children's Partnership program to keep the public and policymakers apprised of the children's stake in technology developments in order to help guide these developments in ways that benefit children's education, healthy development and career prospects.

 

Parents Guide to the Internet, U.S. Department of Education

Designed as an Internet primer for families, this new booklet provides basic information about the value of education technology to young learners while focusing on the Internet. The booklet presents basic terminology, suggests a variety of good sites to visit, and includes a good discussion of how to teach children about online safety. The booklet is viewable, and printable, online. Publication information says that single copies may be ordered free at 1.877.4ED.PUBS; multiple copies may be ordered for $.50 each from the Consumer Information Center, Dept. 372-E, Pueblo, CO 81009.

 

Net Cetera: Chatting with Kids About Being Online

A free guidebook produced through a partnership of over a dozen federal agencies and the technology industry, is designed to help parents when talking with children about Internet safety.  Topics include safe use of social networking web sites, cyberbulling, and protecting computers from viruses and other malicious software.
 

About this Site  |  Feedback: webmaster@education.ky.gov  |  Contact Us

Privacy  |  Disclaimer  |  Accessibility Statement
Copyright © 1999-2010 Commonwealth of Kentucky