Organizational Policy

Transcription

1 Approved by: City Manager/General Managers Report No.: n/a Effective: January 1, 2004 Reviewed: July 25, 2012 Amended: July 25, 2012 Next Review: July 25, 2013 Note: Purpose: on The purpose of this policy is to ensure that employees who are authorized to access the City of Burlington s electronic networks and electronic communication devices do so in a manner that is lawful, that is compliant with the City of Burlington policies and procedures, and that best protects both the interests of the City and the privacy of its employees Policy Statement: Authorized Use: The City of Burlington has a proprietary interest in its electronic networks, including computer hardware and systems necessary for the operation of all its electronic communication devices, including its service, Internet services and telephone system. The City authorizes the use of its electronic systems to conduct the business of the Corporation of the City of Burlington using devices approved by the City of Burlington ITS department. The City further acknowledges that occasional personal use may occur provided that personal use of its electronic networks does not interfere with or negatively impact the City s business, and is not for personal financial gain. Personal use must not interfere with an employee s work performance/productivity or interfere with their ability to fulfill their role in the organization. To maintain network capacity for business purposes and corporate productivity, personal use of the City s electronic network and Internet service must be limited. Employees are encouraged to ask their supervisor if they have any questions on the appropriate use of the City s technology. Social Media: The City s official social media presence (i.e. Facebook, Twitter) is administered by authorized staff with secure access to corporate social media accounts. Information provided through social media is public information. Although social media providers have taken steps to improve privacy settings in their software, there

2 should be no expectation of privacy or having control over how information will be used. Access to Social Media such as (but not limited to) Facebook and Twitter is restricted. For those with access, It is not permitted to attach corporate files or in any way conduct corporate business using a personal social networking account. Please refer do Social Media Policy. Examples of Personal Acceptable Use: An employee takes a few minutes to check on the cost of flights. An employee checks on the scores of last night s baseball game. An employee receives a phone call from their child s school that they are sick. All authorized use, whether for City business or personal use, must be lawful, in keeping with the City s policies and procedures, and consistent with the best interest of the Corporation. Although the City uses technology such as web filters to restrict access to various undesirable websites and services to support the policy it is not foolproof. The fact that you are able to access a site does not make it acceptable or compliant with policy. Examples of Unacceptable Use: An employee who owns their own company, uses the City s system to send information to their clients during their unpaid lunch break (i.e. Use of the City s internet or for personal financial gain). Downloading music or video for personal use. Streaming events on-line. Downloading and storing any personal files. The above situations are examples only. If, as an employee, you are unsure as to the appropriate use of technology or computers discuss this with your supervisor or with Human Resources in order to ensure you are not in violation of the policy. Monitoring of Electronic Networks, Internet and The City reserves the right to monitor its electronic networks. For Page 2 of 8

3 example to assess system or network performance, to protect City resources and to ensure compliance with City policies. Special monitoring will be conducted without notice where the City has reason to suspect unauthorized or unacceptable use of its electronic networks. Most Internet and can be monitored by the City for both incoming and outgoing activity without the knowledge of the user. Because most organizations have an interest in how their resources are being used, most systems are capable of this type of monitoring. There is often a false air of anonymity that accompanies Internet access. No expectation of Privacy for Personal Use: While limited personal use has been allowed within this policy, any personal use may be monitored, and you will be held accountable should it contravene any aspect of this policy. There should be no expectation of privacy for personal use. Consequences of Non-Compliance: Breaches of the Computer and Technology Acceptable Use Policy shall be reported immediately to the Director of Information Technology Services and the Executive Director of Human Resources. Employees found to have engaged in a breach of this policy will be disciplined appropriately and such disciplinary action could range from removal of electronic network privileges to the termination of employment. It is the responsibility of the employee to become familiar with the City s policies, Code of Conduct and, Rules and Regulations. If you require any of these documents, please contact your supervisor and/or Human Resources. Additional Information: Appendix A The City of Burlington s corporate information technology infrastructure allows employees access to an extensive computer network and productivity tools via the PC. While electronic mail is a very fast and efficient means of communication, it requires a certain amount of caution and restriction in its use. The Internet can also be a valuable tool to support the business endeavors of the Corporation, but again there are risks involved that require caution on the employee s part. Please also refer to the following corporate policies; Social Media Policy, Computer Passwords Policy, Information Technology Security Policy and the Mobile Device Policy. Page 3 of 8

4 Protection of Privacy for Corporate Records: The transmission of personal information in electronic format, the ability to monitor Internet and activity from a remote site without detection, the ability to retransmit without the originator s knowledge, and the ease with which third parties may access or reproduce another s all underscore the risks to privacy of using electronic technology. Although the City may have access to any private information stored on City computers, the collection, management and use of this information is done in accordance with the corporate standards and applicable privacy legislation. Electronic forms of communication are subject to the Municipal Freedom of Information and Protection Act (MIFPA) and its regulations respecting the collection, use and disclosure of personal and other protected information. Electronic messages and records of Internet access are considered corporate records and are therefore subject to formal access requests made under the Act. Electronic records are also admissible as evidence in a court of law or before a tribunal. In order to protect personal information and personal privacy, the following guidelines are recommended: Discretion should be exercised before sending any that contains sensitive or personal information. There may be alternate forms of communication that afford greater privacy protection such as confidential memo or letter by confidential mail. Where personal information is transmitted by , personal identifiers should be blocked out. The MFIPPA limits disclosure of personal information to those persons who require such information in the performance of their duties. Distribution of personal information to others may constitute an unjustified invasion of personal privacy. Protect against unauthorized access to city owned computer systems through password protection. Do not share your password with anyone. When you leave your desk, log out or lock your PC to ensure that Page 4 of 8

5 your electronic network systems are not accessible by others. Sensitive personal and confidential business information intended for recipients outside the City should be sent through conventional means, such as confidential mail or encrypted using approved ITS security software. None of the security features of the City s electronic systems are present once the message leaves the City network. Your message will not be automatically encrypted during transmission. While on the Internet, our messages will likely pass through a number of systems, none of which are governed by the City s security measures. If you are concerned about personal Internet use privacy or if use falls outside the scope of authorized use as defined in this policy, then you are required to arrange use through your own Internet provider (home internet services). Report any breaches of privacy or unauthorized disclosure to the Director of Information Technology Services and the Executive Director of Human Resources. External/Internal All internet use is monitored. In an attempt to prevent computer viruses from entering the City s network, all incoming Internet is typically monitored by automated tools and any that are deemed suspicious are blocked. A manual review of a suspicious may be conducted and during this process the administrator may view private or personal information without the sender or receiver s knowledge or consent. The ITS department has the ability to access and view inbound and outbound . ITS can track a particular ; identify the source, destination and any hops in between. Mailbox sizes are limited to manage disk space. There is a size restriction on all individual s sent and some people have a size restriction on individual s received. Web Browsing: The City attempts to prevent staff from accessing web sites that are deemed inappropriate through the use of a filter. System administrators can identify which web sites staff are accessing or trying to access. Staff is not permitted to intentionally circumvent web filter restrictions. Page 5 of 8

6 Web-based services such as gmail and hotmail may be restricted. When connected to the City s electronic network, it is not permitted to attach and send any corporate or business related files using web-based . All corporate files must be sent using the corporate system. It is not permitted to save any attached files received via web-based to a corporate computer (PC or network drive). The City accepts no responsibility for the security (protection of personal information) or proper operation when City computers are used to access personal on-line services. The City will not make any effort to support or exempt websites (if blocked by the filter) that are deemed to be for personal use. Admissible Evidence: transmissions, electronic calendars and other forms of electronic records are generally admissible into evidence in the course of legal proceedings. This is particularly important because communication tends to be spontaneous and often takes on the characteristics of a telephone chat. Whereas people may keep records of telephone conversations, the conversations are rarely taped. Their utility in a legal proceeding may therefore be of limited value. However, transmissions prepared casually and without due caution may contain statements or admissions that can be damaging in a legal proceeding. Violations of the Law: The circulation of jokes, pornographic material, discriminatory statements, or hate material violates the City s policy against harassment and discrimination and may contravene the Ontario Human Rights Code. In addition, the electronic downloading, possession and redistribution of inappropriate material (eg. sexually explicit information, hate mail, racially offensive material, and profanity) may constitute a violation of the provisions of the Criminal Code. Some actions may contravene the laws and policies of all three levels of government. Violations of the laws or policies, if proven, can result in penalties ranging from discipline up to and including termination in the employment context, to incarceration or fines in the criminal context. Employer Responsibility: Turning a blind eye to the activities of employees on company time and using company resources can result in the employer being charged under Page 6 of 8

7 the provisions of the Criminal Code, can result in an employer having to defend itself in a human rights complaint, or can result in civil suits against the organization in cases such as defamation suits. Employers have a legitimate interest in monitoring the utilization of its employees electronic activity while at the same time extending as much privacy to its employees as it can without placing at risk its own legal obligations. Scope: This policy applies to: All Employees, Volunteers and Council Anyone who uses a device which connects to the City s network. Definitions: For the purpose of this policy, unless otherwise stated, the following definitions shall apply: Term Business Use Communication Devices: Table of Terms and Definitions Definition Use of the City s network and communications devices for conducting work related tasks. Any City owned electronic device such as, but not limited to, telephone, Blackberry, computer, laptop etc. These devices also include those which may be periodically used as a standalone device. Electronic Network: System of electronically interconnected devices for information interchange between devices, the internet, or cell phone system. The City s electronic network includes wired and wireless connectivity for a variety of end-user devices and provides access to internal systems/information and the Internet Electronic Forms of Communication: Conveyance of information through the use of electronic means such as , texting, webmail, (i.e. Gmail), instant messaging, social media channels, Fax, FTP etc. Page 7 of 8

8 External Internal Personal Use: entering and leaving the City s Network. between employees within the Corporation and/or Council. Personal use is the use of communication devices and/or the City s electronic network for non-work related activities. References: Municipal Freedom of Information and Protection Act (MIFPA) Social Media Policy Code of Conduct Corporation Rules and Regulations Computer Passwords Policy - ITS Information Technology Security Policy - ITS Mobile Device Policy - ITS Roles Accountable: Executive Director of Human Resources, or designate, is answerable for the timely review, updating and dissemination of this policy. Responsible: All managers and supervisors in the corporation are responsible to perform the work to complete the task. Page 8 of 8