Loading...
HomeMy WebLinkAboutF201-Internet Email Intranet Computer UseCorporate Policy POLICY TYPE: SUBSECTION: POLICY TITLE: POLICY #: POLICY APPROVED BY EFFECTIVE DATE: REVISED: APPLICABLE TO: 1. Purpose: • Leading the Way Operational Technology Internet, E -Mail, Intranet, and Computer Use F201 Chief Administrative Officer December 10, 2001 April 11, 2017 All Employees To ensure employees are knowledgeable in their use of the internet, intranet, e- mail, and municipal computers, and are aware of the appropriate and permitted uses of these technologies. For social media guidelines and use please refer to policy F203 Use of Social Media (Corporate/Personal). 2. Definitions: a) Personal information, as defined in the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) - means recorded information about an identifiable individual, including, i) information relating to the race, national or ethnic origin, colour, religion, age, sex, sexual orientation or marital or family status of the individual, ii) information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved, iii) any identifying number, symbol or other particular assigned to the individual, iv) the address, telephone number, fingerprints or blood type of the individual, v) the personal opinions or views of the individual except if they relate to another individual, vi) correspondence sent to an institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to that correspondence that would reveal the contents of the original correspondence, vii) the views or opinions of another individual about the individual, and F201 — Internet, E -Mail, Intranet, and Computer Use Page 1 of 1 Corporate Policy • Leading the Way viii) the individual's name if it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual. (see Policy F8 Section 3) b) Sensitive Information —Privileged or proprietary information that only authorized people are allowed to see which includes but is not limited to personal information and that is therefore not accessible to everyone. i.e. personal or confidential information. (see Policy F8 Section 3) c) Computer - For the purposes of this policy, the term computer shall include the following: • Personal Computers, including laptops, iPads and other tablets • Cell Phones (Blackberries, iPhones, Androids, etc.) Hand-held Devices Scanners, Fax machines, and Copiers Any other device as determined by the Manager of Information Technology 3. Policies: a) The Municipality's internet, intranet, e-mail access and any other communication medium is provided for official business use only. Incidental personal use is acceptable, provided the privilege is not abused. b) The internet is a public medium. Employees accessing the internet and external e-mail, through the Municipality's internet service, will be representing the Municipality of Clarington to the outside world and should act appropriately. Each employee is responsible for judiciously representing the Municipality and protecting the security and the integrity of its corporate information. c) Internet i) The Municipality shall provide employee access to the communication tools as appropriate, for the purpose of performing their employment responsibilities. ii) Each user is responsible for the use of his/her account and is fully liable for its use. Should a breach of this policy occur as a result of sharing passwords, the owner of the account will be held responsible. iii) The user shall use the communication tools only for approved purposes and any use is subject to monitoring without the knowledge of the user, ensuring that there are no security breaches, violations, or infringement of Municipality policies. iv) The user shall not download inappropriate material or visit inappropriate websites (including pornographic material and sites) found on the internet and shall not share the address where such information has been found. F201 — Internet, E -Mail, Intranet, and Computer Use Page 2 of 2 Corporate Policy • Leading the Way v) The user shall not download any programs for installation on the Municipality's computers. No program of any kind may be installed on Municipal computer without the prior knowledge and written approval of the Information Technology Manager. The installation and maintenance of all programs and computers is the responsibility of the IT Systems personnel. This includes, but is not limited to, all executable files, including screensavers. d) Electronic Mail (E-mail) i) The Municipality reserves the right to access, use and disclose all messages sent over its e-mail system for any purpose. E-mail messages may be monitored to check for breaches of system security, violation of law or infringement of corporate rules or policies. Such monitoring may occur electronically or manually, without the knowledge of the affected personnel. Management may inspect the contents of e-mail messages disclosed by such monitoring or any follow-up investigation. ii) It is the responsibility of each user to properly observe and maintain the usage limits set by the Information Technology division and to periodically clean and delete obsolete or outdated electronic data or information. These usage limits can be changed on an as -required basis through a formal request sent to the IT division. iii) All users are to ensure on a daily/weekly basis that they manage their e- mail folders, and delete any that are no longer required. e) Ownership of Electronic Information i) All communications sent or received via any Municipal electronic communication tool are legal property of the Municipality of Clarington or the social media host in the instance of social media. There should be no expectation of privacy on any electronic communication or information. ii) The contents of electronic communication properly obtained in accordance with this policy, may be used and/or disclosed by the municipality for any legitimate business purpose without the permission of the originator or recipient. iii) The Municipality's system, hardware, or any other communication device shall not to be made available for use by third parties (including suppliers, customers or the general public) without prior authorization. iv) Personnel shall not, for any reason, share their computer networking passwords with their colleagues. Should a breach of information occur as a result of sharing passwords, the official e-mail originator will be held responsible. F201 — Internet, E -Mail, Intranet, and Computer Use Page 3 of 3 Corporate Policy • Leading the Way v) Personnel shall not make use of any free internet e-mail addresses/ accounts or external mailing systems such as Hotmail for conducting business/corporate emails. Staff will refrain from using Instant Messenger, or other social media sites, etc. unless specifically approved to do so for municipal purposes. vi) Staff shall use instant messaging/texting for transitory communications only. This form of communication is not appropriate for business decisions and it's difficult to track for the purposes of official corporate record keeping. vii) All documents, files, programs, etc. created or stored on a Municipal computer, are considered legal property of the Municipality of Clarington. Employees are not to assume that there is an expectation to privacy. f) Use of Technological Systems i) Information Technology requires five (5) business days' notice prior to the start date of any new employee requiring access to a personal computer and/or voice mail. Notification must be submitted to Information Technology Services utilizing the IT Support Site on the Intranet. ii) When an employee no longer requires a personal computer and/or voice mail, or leaves the employment of the Municipality, the employee's direct manager is to advise the IT division within two (2) working days prior to the effective date in question by using the IT Support Site on the Intranet. g) Intranet i) Use of the internal Intranet site is for the purposes of communication items of interest to the employees of the Municipality. This communication tool is a privilege and it is not guaranteed for ongoing access or use. All terms outlined for internet use are applicable to the use of the Intranet. ii) The Intranet shall not be used for advertising or communicating any business enterprise, personal business or external employment opportunity, where the result would be to generate funds or revenue for the employee, business or individual, particularly where there is a potential for competition with the services provided by the Municipality. The Intranet shall not be used for advertising any illegal activities. (i.e. unlicensed raffles). iii) Any proposed posting to the Intranet that offers opportunities that are unclear as to the benefit of the recipient, must be approved by the Department Head or the CAO as appropriate. F201 — Internet, E -Mail, Intranet, and Computer Use Page 4 of 4 Corporate Policy • Leading the Way iv) The Information Technology Manager (or designate) reserves the right to remove any item posted which appears to contravene this policy. h) Responsibility of User i) When retrieving external e-mail or other electronic information, always exercise extreme caution, especially if there are attachments from an unrecognized source (someone you don't know). Never open these files. Some files contain viruses and can endanger our network. Please contact the Information Systems division to advise them of receipt of unknown files. ii) Care should be taken when handling personal information or sensitive information to ensure it is handled appropriately according to law (such as MFIPPA) and in accordance with other municipal policies. i) Access i) Each department will determine which of their staff is to have access to a computer, e-mail, and the internet. The Department Head will make the final approval. The department will notify Information Technology by the method outlined in Section 3. f) Use of Technological Systems. ii) Each employee requiring access will be given an individual account name and will be required to have a confidential password. Passwords are NOT to be shared among staff. The network will prompt an employee to change the password on a regular basis. Passwords must follow current domain policy. You should not use proper names, places, or personal information that others would be able to figure out. Staff are not permitted to setup BIOS (Basic Input Output System) passwords on their computers unless deemed necessary by the Manager of Information Technology. iii) Employees are to ensure that they either lock out or log off the computer each time they leave the work area. Employees who fail to do so may be held responsible for any inappropriate use and/or e-mail issued from his/her computer. iv) Employees are to use only the computers that they have been authorized to access. Employees will not access any computers in the IT area without explicit permission from the Manager of Information Technology. j) Monitoring i) The Municipality, through Information Technology, may monitor internet usage, e-mail, file storage, computer inventory and configurations on a regular basis to ensure appropriate use and security. F201 — Internet, E -Mail, Intranet, and Computer Use Page 5 of 5 Corporate Policy • Leading the Way ii) Staff will report any inappropriate use and/or unusual activity to HR. HR in consultation with the appropriate Department Head will recommend the course of action to be followed. iii) There may be times an employee's use of the internet, e-mail and/or computer documents are reviewed and/or documented for legal and/or employment reasons. k) Computer Guidelines i) Only software that has been sanctioned by Information Technology (prior to being installed) is to reside on Municipal computers. ii) Only hardware that has been approved by the Manager of Information Technology (prior to being installed) is to reside on the Municipal network. iii) Software's original storage media shall be kept within Information Technology at all times, except during software reloads. iv) System audits will be performed randomly by Information Technology. Inappropriate software will be removed by Information Technology and the appropriate senior staff member will be notified of the violation. v) Installation and setup of hardware is to be undertaken only by an authorized Information Technology employee. Only the Manager/designate of Information Technology may give permission otherwise. vi) Computer hardware is not to be moved from its deployed location by any employee other than Information Technology, unless authorized. vii) Information Technology reserves the right to remove any software it feels either presents a security risk and/or other threat to the network. viii) The Municipality provides all computers with up-to-date virus protection. If a virus is detected or suspected, notify IT immediately. 1) User Agreement i) For current employees at the time of approval of this policy, the Department Head will ensure that this policy is reviewed with staff. Those who utilize Information Technology to conduct municipal business will be required to read this policy and sign the "Information Technology User Acceptance Agreement" form (Appendix A). The Department Head will forward the signed agreement forms to HR for placement in the employee's employment file. F201 — Internet, E -Mail, Intranet, and Computer Use Page 6 of 6 Corporate Policy • Leading the Way ii) The Department Head or designate will send a list to IT of those employees who no longer require the access of a computer, e-mail, internet service, or any other item/service covered under this policy. iii) All new employees who require access to information technology will be required to read this policy and sign the "Information Technology User Acceptance Agreement" form (Appendix A). This form will be placed in the employee's employment file. iv) All employees are required to complete mandatory training as required by Information Technology, in consultation with the CAO. A violation of this policy or the standards, procedures, or guidelines established in support of this policy, is considered grounds for disciplinary action up to and including termination and criminal prosecution. F201 — Internet, E -Mail, Intranet, and Computer Use Page 7 of 7