Monterey County

Information Technology Policies

 

Section: 4.0
Subject: Information Technology Appropriate Use Policy
Date Issued: September 10, 2002
Issued by: Director of Information Technology, as recommended by the Department Head Information Technology Steering Committee
Applies to: All Officers and Employees

  

PURPOSE

To define the responsibilities of persons provided access to County information technology resources with regard to protecting and preserving the County’s assets and the rights and privileges of others.

POLICY STATEMENT

It is the policy of the County to maintain access for its officials, employees, volunteers, and constituents to both internal and external information with regard to County government processes, including relevant information garnered from local, state, national, and international sources and to provide an atmosphere that encourages access to knowledge and the sharing of information that is consistent with the mission and objectives of County government.  Use should also be consistent with the specific objectives of the project or task(s) for which access to the resources was granted.  All uses inconsistent with these objectives are considered to be inappropriate and unauthorized use and may jeopardize further access to services and result in disciplinary action or other personal/individual legal liabilities.

All persons with access to County information technology resources are expected to conduct themselves with the same integrity in electronic interactions as they would in face-to-face dealings with one another and shall not:

·        Make unauthorized use of any information technology resource.

·        Make unauthorized copies of any software, information, communication, data, or digital media.

·        Seek personal benefit or permit others to benefit personally from the use of County information technology resources or confidential information acquired through the use of those resources.

·        Exhibit or divulge the contents of any record or report to any person except in the conduct of their work assignment and County policies and regulations.

·        Knowingly include, or cause to be included, in any record or report a false, inaccurate, or misleading entry.

·        Operate or request others to operate any County information technology resource for personal business.

·        Divulge personal resource access information or passwords to anyone.

Illegal material, such as child pornography, from any source, with the singular exception of job requirements related to the fulfillment of law enforcement responsibilities, will not be tolerated or further distributed.  Reports or complaints of possible illegal material will be investigated by the Department having ownership of the information resources used with consultation from the Information Technology Department, County Counsel, and/or other agencies as appropriate.

Allegations of violations of Equal Employment Opportunity protections will be referred to the Office of Equal Employment Opportunity and investigated for appropriateness with the possibility of discipline or loss of access privileges being initiated.

Access to and use of the County’s information technology resources are a privilege, must be treated as such, and used in a manner that respects the public trust through which the resources have been provided and in accordance with established policy and regulations.  The County makes information technology resources available with the understanding that those granted access will not violate intellectual property rights or copyright protections, nor misrepresent, tamper with, destroy, or steal information produced by others.

Further, access to the information technology resource infrastructure both within the County and beyond, requires that each and every user accept responsibility to protect the rights of the community.  No person shall irresponsibly use, destroy, alter, dismantle, or disfigure the County’s information technologies, properties, or facilities, including those owned by third parties.

This policy is applicable to any person granted access to County information technology resources, whether at a County facility or elsewhere, and refers to all information resources whether individually controlled, or shared, stand alone or networked.

Individual County Departments may define “conditions of use” for more restrictive access to County information technology resources when additional detail, guidelines, and/or restrictions are consistent with this policy and necessary for achievement of the department’s mission, goals, objectives, or functions.

All computer information created utilizing County computing resources is the property of the County.  Changing computer information without being the data owner or having proper authority to change that information is disallowed.

4.1 – Telecommunications Equipment Use

Electronic voice communications via telephones, radios, pagers, cell phones, etc.  and images transmitted via facsimile machines, are subject to County policy and regulation.  No person shall use this equipment for personal gain or profit, or for personal reasons that would result in depleting County resources, impeding the organization’s ability to conduct business, or cause any interruption or delay in service to the public.

 

In certain applications voice transmissions will be recorded and monitored for appropriateness, documentation, and/or training purposes.  It is the responsibility of the person initiating any telecommunication transmission utilizing County information technology resources to ensure that the content, syntax, and format of the communication complies with County policy and regulation.

 

4.2 – Workstation Use

Computer workstations, including portable and handheld devices, as well as mobile data terminals, shall only be used for authorized County business and government functions.  It is unacceptable to use this equipment for personal gain or profit, or for personal reasons that would result in depleting County resources, impeding the organization’s ability to conduct business, or cause any interruption or delay in service to the public.

 

“Acceptable use” for workstations also applies to providing the proper physical environment.  Workstation hardware has specific environmental requirements.  Manufacturer specifications dictate temperature and humidity limits.  Care must be taken to avoid contamination and damage as the result of spilled liquids or other substances that can cause equipment malfunctions.

 

4.3 – Software Use

The County is committed to ethical and legal practices in using software.  No software may be copied or used without an appropriate license or right to use.

 

Public domain or shareware software may be used for convenience, but should generally be considered suspect and not relied upon for business functions.  There are a few notable exceptions to this statement, such as the Adobe Acrobat Reader and PKZip software, that are carefully tested and controlled for interoperability and wide-general use under various system configurations, but such is often not the case and system conflicts and disablement can and do occur.

 

Restrictions on the use of software purchased from vendors vary widely from manufacturer to manufacturer.  The County only supports that use which is prescribed and permitted by the accompanying documentation and licensing agreement.

 

No person shall use County software resources for personal gain or profit, or for personal reasons that would result in depleting County resources, impeding the organization’s ability to conduct business, or cause any interruption or delay in service to the public.

 

4.3.1 – Computer Games

Computer games are placed on personal computer type equipment by the supplier for the purpose of training first-time users on mouse, pointer, or stylus control.  Unless the user is in a formal training mode, games are not to be played in the workplace during normal County business hours or in departments or divisions where business hours have been extended.  Games may not be played during lunch or work breaks, or before/after work hours where the employee’s shift hours do not coincide with normal County business hours or the extended hours of the department or division.

 

4.4 – County Network Use

The Monterey County network is intended to be used for the conduct of County business.  Those granted access to the network are encouraged to use technical resources as an efficient and effective business tool.  Network access must be used in a manner that does not jeopardize security, confidentiality, or potentially subject the County to litigation as a result of violating any County policy or local, state, or federal law relative to privacy, public record, copyright, or patent.

 

Each person granted access to County network resources is responsible for the content, syntax, and format of all text, audio, or images that he/she may place or send over the network.  No electronic communications may be sent which hide the identity of the sender or misrepresents the sender as someone else, unless authorized in writing by departmental directive.

 

The County network may not be used for transmitting, retrieving, or storing of any communications of a discriminatory or harassing nature or for materials that may be perceived as obscene, unless directly related to the conduct of law enforcement activities or investigations.  No abusive, profane, or offensive language or pictures are to be transmitted through the County’s network unless required by business necessity (e.g. case evidence) and authorized in writing by department directive.

 

Harassment of any kind is prohibited by County policy.  No messages with derogatory or inflammatory remarks about an individual’s race, age, disability, religion, national origin, physical attributes, or sexual preference shall be transmitted.

 

Confidential or sensitive information shall not be transmitted without additional approved security measures or specific department authorization.

 

No person shall use County network resources for personal gain or profit, or for personal reasons that would result in depleting County resources, impeding the organization’s ability to conduct business, or cause any interruption or delay in service to the public.

 

Processes deployed across a local or wide area network may potentially result in a negative impact on the overall network performance.  Controlled testing of network processes must be conducted before being deployed.  Processes that have negative impact on the network will not be deployed until performance issues are coordinated and resolved through the departmental network administrators and the Information Technology Department.

 

4.5 – Electronic Mail (e-mail) Use

All messages communicated on the County’s e-mail system should contain the name of the sender.  Any messages or information sent by an officer or employee to another individual outside of the County are statements that reflect on the County.  All communications sent via the County’s system must comply with this and other County policies and may not disclose any confidential or proprietary information.

 

Officers and employees may not broadcast e-mail messages to all users without specific authorization by the Department Head or Division Chief.  Authorized messages with broad distribution should minimize the size of the message, limit the number of attachments, and be restricted to text messages without embedded images which will negatively impact workstation or network performance.

 

No person shall use County electronic mail resources for personal gain or profit, or for personal reasons that would result in depleting County resources, impeding the organization’s ability to conduct business, or cause any interruption or delay in service to the public.

 

The County’s e-mail network may be made available for use by County employees for official union or Association related business, subject to applicable law and regulations, the conditions set forth in this policy, and any agreed upon limitations regarding use.  Use is subject to prior written agreement between the Union or Association and the County.  Employees using the County’s e-mail network for such purposes are required to familiarize themselves with and abide by these requirements.  Use of the system for union business is restricted in there may be:

·        No broadcasting of messages

·        No confidential or individual-specific information may be communicated, such as information regarding a disciplinary action, etc.

·        Messages may not malign the County, its employees, or officials; and

·        Messages may not be used to coordinate any job actions.

·        Violation of the County’s e-mail policy could result in the permanent revocation of this privilege.

 

4.5.1 – Chain E-Mail

Persons granted access to County information technology resources shall not send or forward chain-email because it interferes with the intended use of County resources.  Such messages clog a network and disrupt e-mail service, as well as other networked activities.  Additionally, these messages waste a large amount of disk storage space assigned to the County’s e-mail system as every copy of the message to a County e-mail account is storage on the County’s mail server.  In a common circle of friends multiple copies of the same message may be received by a single individual as the message is circulated and re-circulated.  Besides the technical issues, recipients of chain e-mail are often irritated by it and see it as an annoyance or sometimes even a threat or form of harassment.

 

County officers and employees are directed to respect the privacy of others, the intended use of County information technology resources and break the chain, deleting any chain e-mail messages received and requesting the sender to discontinue forwarding mail of this type.

 

4.6 – Internet Use

The Monterey County Internet services are intended to be used for the conduct of County business.  Those granted access to the network are encouraged to use technical resources as an efficient and effective business tool.  These services must be used in a manner that does not jeopardize security, confidentiality, or potentially subject the County to litigation as a result of violating any County policy or local, state, or federal law relative to privacy, public record, copyright, or patent.

 

Each person granted access to County Internet services is responsible for the content, syntax, and format of all text, audio, or images that he/she may send or retrieve over the Internet.  No electronic communications may be sent which hide the identity of the sender or misrepresents the sender as someone else, unless authorized in writing by departmental directive.

 

County Internet services may not be used for transmitting, retrieving, or storing of any communications of a discriminatory or harassing nature or materials that may be perceived as obscene, unless directly related to the conduct of law enforcement activities or investigations.  No abusive, profane, or offensive language or pictures will be transmitted through the County’s Internet services unless required by business necessity (e.g. case evidence) and authorized in writing by department directive.

 

Harassment of any kind is prohibited by County policy.  No messages with derogatory or inflammatory remarks about an individual’s race, age, disability, religion, national origin, physical attributes, or sexual preference shall be transmitted.

 

Confidential or sensitive information shall not be transmitted without additional approved security measures or specific department authorization.

 

No person shall use County Internet services for personal gain or profit, or for personal reasons that would result in depleting County resources, impeding the organization’s ability to conduct business, or cause any interruption or delay in service to the public.

 

4.7 – Digital Media Use

Audio recordings and visual images are typically protected by copyright law unless placed in the public domain.  Owners of copyrights hold exclusive rights to the reproduction and distribution of their work.  County policy recognizes this right and prohibits the unauthorized copying and/or distribution of copyrighted works via the County information technology resources.

DEFINITIONS

Broadcast – the initiation and distribution of a message over an information technology resource to all devices and users attached to the resource, which has not been directed to a specific subset of devices or users when the technology resource allows the sender of the message to select such a narrower distribution.

Chain E-Mail – Chain E-Mail is defined as any message sent to one or more people that asks the recipient to forward it to multiple others and contains some promise of reward for forwarding it or a threat of punishment for not doing so.

Information Technology Resources – are defined to include any information in electronic or audiovisual format or any hardware or software that make possible the storage and use of such information, including electronic mail, local databases, externally accessed databases, CD-ROM, motion picture film, recorded magnetic media, photographs, and any other digitized information.

Network – this term refers to workstations and connections of computer workstations to servers or any other computer system through a local or wide area network, Internet, Intranet, or modem connection.

Public Domain Software – software that is not subject to any copyright restrictions.  It can be copied and shared freely.  Warning – public domain software is often the target of unscrupulous individuals seeking to propagate viruses.  Be careful to check public domain software for viruses before copying.

Shareware – typically copyrighted software that the developer encourages users to copy and distribute to others.  This permission is explicitly stated in the documentation or displayed on the computer screen.  The developer of shareware generally asks for a small donation or registration fee if the user finds the product useful.

Site License – site licensed software is software for which an agreement has been made with the manufacture to allow use of the software at any site owned and operated by the licensee.  In general the County makes little use of such an arrangement at this time.

ROLES AND RESPONSIBILITIES

Information Technology Steering Committee – periodically review current use practices and amend this policy as recommended and necessary.

Director of Information Technology – develop and maintain the capacity to audit, monitor, and report usage of information technology resources for conformance with this policy.  Conduct forensic audits of usage in support of investigations of inappropriate use.

County Departments – take steps to protect individuals’ choice to not be unwittingly exposed to offensive material that may have been accessed by others.  Sensitivity to others in an environment of shared resources is important.  Departments should review any practices that may result in offensive material from electronic sources being left on machines or shared printers, purposefully forwarded to others who are unwilling recipients, or displayed in such a manner as to create an abusive work environment for others.  Implement safeguards to encourage responsible management of information that is accessed for personal use and may also include screen-saving devices on public machines and front-screen warning messages advising people of potentially offensive material.  Departments should encourage individuals who are inadvertently or purposefully exposed to unwanted materials to tell the sender that they do not wish to receive the materials and ask the sender to stop.  Initiate investigations of alleged violations of this policy and implement corrective actions as warranted.

County Officers and Employees – Understand the responsibilities of appropriate use policy.   Respect the privacy of others.  Respect the rights of others.  Respect the legal protections afforded by copyright and licensing agreements.  Respect the intended use of County information technology resources.  Respect the nature of shared resources and avoid unreasonably taxing system resources.  With regard to electronic mail, do not send forged electronic mail, mail that will intimidate or harass others, chain messages that can interfere with the efficiency of the system, mass mailings not related to the conduct of County business or containing images and graphics that adversely impact the work of others, and do not send promotional mail for unauthorized or unsupported events.  Also, it is unethical to break into another user’s electronic mailbox or read someone else’s electronic mail without their permission.  Safeguard data, personal information, passwords, and authorization codes, and confidential data.