SF 115 Supplementary Cover Sheet



Similar documents
r.ay'i(l!tb-fl c«. 7c-/~lz

o is not required 0 is attached; or 0 has been requested.

Request for Records,...D-is_p_o_s-it-io_n_A_u_t_h_o-ri_ty... ~ Le_a_v_e-B-Ia_n_k-(N_A_RA--Us_e_O_nl-y)--1

Records Management. Training 101

--j except for Items that may be marked "disposition not 3 MINOR SUBDIVISION approved" or "withdrawn" In column 10

7. 9. GRS OR 10. ACTION ITEM NO. SUPERSEDED TAKEN (NARA JOB CITATION USE ONLY Please see attached

N'_" '3_()~ _q \ '-l \ 0<'0

State Records Guideline No 18. Managing Social Media Records

Table of Contents. To control records generated by the Medical Device Single Audit Program and Quality Management System (QMS) processes.

Non-Official/Personal Use of Social Media and Social Networking. Availability of Information and Access to Persons Without Internet Access

SOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No

Division: Chapter: Policy:

Request for Records Disposition Authority

General Records Management Training

RECORDS COMMISSION[671]

Privacy Impact Assessment

Student use of the Internet Systems is governed by this Policy, OCS regulations, policies and guidelines, and applicable law.

Privacy Impact Assessment

Statement of Policy. Reason for Policy

CCG Social Media Policy

Wake County Social Media Guidelines

Android Developer Applications

~'ID. Request for Records Disposition Authority

Office of IT Planning, Architecture, and E-Government Office of the Chief Information Officer

COUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9

Physical Access Control System

Human Resources Policies and Procedures

Federal Bureau of Prisons. Privacy Impact Assessment for the HR Automation System. Issued by: Sonya D. Thompson Deputy Assistant Director/CIO

NOAA Records Schedule Series Chapter: 900 Facility Security and Safety Files

o is not required; 0 is attached; or o has been requested. DATE SIG ATURE OF AGENCY REPRESENTATIVE TITLE

Fairfax County Social Media Policy & Guidelines for Official Accounts. May 2015

PHI- Protected Health Information

Audit Report. The Social Security Administration s Management of Electronic Message Records

SUMMARY: The National Guard Bureau proposes to add a new system. of records, INGB 005, entitled Special Investigation Reports

Privacy Act of 1974; Department of Transportation, Federal Aviation Administration,

Privacy Impact Assessment. For. Non-GFE for Remote Access. Date: May 26, Point of Contact and Author: Michael Gray

SYSTEM NAME: Digital Identity Access Management System (DIAMS) - P281. SYSTEM LOCATION: U.S. Department of Housing and Urban Development, 451 Seventh

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION. Records Schedules; Availability and Request for Comments

39C-1 Records Management Program 39C-3

Privacy Act of 1974; Department of Homeland Security <Component Name> - <SORN. AGENCY: Department of Homeland Security, Privacy Office.

Records Management Policy. EPA Classification No.: CIO CIO Approval Date: 02/10/2015. CIO Transmittal No.: Review Date: 02/10/2018

LSUHSC-NEW ORLEANS RECORDS RETENTION AND DISPOSITION POLICY

Department of State SharePoint Server PIA

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

DBIDS/IACS PRIVACY IMPACT ASSESSMENT (PIA) 2. Name of IT System: Defense Biometric Identification System (DBIDS)

How To Use Social Media At Monmouth University

University Schools Social Media Guidelines for Employees

Standard Operating Procedure Information Security Compliance Requirements under the cabig Program

Business Associate Agreement

Covered California. Terms and Conditions of Use

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

UNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET MS 1221 DIRECTIVES MANUAL

TRUST POLICY AND PROCEDURES FOR THE USE OF SOCIAL NETWORKING SITES (INCLUDING ACCESS VIA MOBILE DEVICES) Status: Final. Version Date Author Reason

Records Management Understanding how the pieces fit together?

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006)

GRS 6.1 Managed Under a Capstone Approach

AASTMT Acceptable Use Policy

INFORMATION SYSTEM GENERAL USAGE POLICY

SOCIAL MEDIA & DIGITAL MARKETING POLICIES AND PROCEDURES

Computer, Network, Internet and Web Page Acceptable Use Policy for the Students of the Springfield Public Schools

Elo Touch Solutions Privacy Policy

Transcription:

SF 115 Supplementary Cover Sheet Sumrnarv: This action establishes two new Office of the Secretary series entitled: "1408 - Social Media Records," and "1409 - DO1 Data Loss Prevention," along with their associated sub-items. Several sub-items of 1408 are included for refercncc and do not establish a new retention (1408.3, 1408.4, 1408.5). Please consult with J. Peter Langsdorf for any correspondence, and with the office contacts for each item: For Social Media (1408): Larry Gillick, Acting Director of New Media Larry~Gillick@ios.doi.gov 202-208-5 141 For Data Loss Prevention (1409): Darrel Garnett, CIPP Infomiation Assurance Engineer Darrell-Garnettaios.doi.gov 703-648-5564 Reason for submission: (I ) This action provides for the disposition of temporary electronic records common to several offices that have been previously unscheduled. (2) This actions expands the General Electronic Systems Records section of the OS Records Manual, including useful guidance to employees for the handling of electronic records.

I REQUEST FOR RECORDS DISPOSITION AUTHORITY I JOB NLTMBER I TO: NATIONAL ARCHIVES & RECORDS ADMMISTRATION 8601 ADELPHI ROAD COLLEGE PARK, MD 20740-6001 FROM: (Agency or establishment) Department of the Interior 2. MAJOR SUBDIVISION Office of the Secretary 3. MINOR SUBDIVISION Date Received I I I NOTIFICATION TO AGENCY In accordance with the provisions of 44 U.S.C., 3303a. the disposition request, including amendments, is approved except for items that may he marked "disposition not approved or "withdrawn" in column 10. 14. NAME OF PERSON WITH WHOM TO CONFER 4. TELEPHONE? NUMBER DATE ARCHIVIST OF THE UNITED STATES Keith Holden 202-219-1563 5. AGENCY INFORMATION I hereby certify that I am authorized to act for this agency in matters pertaining to the disposition of its records and that the records proposed for disposal on the attached 4 page(s) are not needed now for the business of this agency or will not be needed after the retention periods specified; and that written concurrence from the General Accounting Office, under the provisions of Title 8 of the GAO Manual for Guidance of Federal Agencies. His not required is attached; or has been requested. I DATE 1 SIGNATURE OF AGENCY REPRESENTATIVE 7. ITEM 8. DESCRIPTION OF ITEM AND PROPOSED DISPOSITION 1400 General System Records 1408 Social Media Records 1 1408.1 Web Publishing 1408.2 Social Networking and Voting 1408.3 File Sharing 1408.4 User Infonnation/Accounts 1408.5 Traffic Monitoring 1409 DO1 Data Loss Prevention (DLP) System Data Files 1409.1 Minor Incidents 1409.2 Major Incidents 1409.3 Critical Incidents (See Attachment for Description and Disposition) I 15-109 PREVIOUS EDITlON NOT USABLE Prescribed by NARA 36 CFR 1228

Additional General Electronic Records, Addendum to 1400 1408 - Social Media Records. Social Media is an umbrella term used to define the various activities integrating web teclmology, social interaction, and user-generated content. Through social media, individuals or collaboration of individuals, create, organize, edit, comment on, combine, and share content. These strategies can be used to connect people to the government and to share information (e.g., providing information, promoting discussion about the agency, soliciting responses from the public, recruiting personnel, and providing collaborative space). Information contained in social media platforms may still be considered federal records and are covered by the following items. 1408.1 Web Publishing. Data in these applications consists of information published by the government and does not include information from outside sources. This is most commonly limited to micro-blogging, and blogging where comments are not enabled or not considered federal records. Information that is published to social media platforms is typically duplicative of information stored elsewhere, often as a general public release. Some examples of web publishing include Twitter, Wordpress, Wikispaces, Blogger, Plurk, etc. Disposition: Teniporary. Cut off when data is published for the public. Destroy when no longer needed for agency business. 1408.2 Social Networking and Voting. Data in these applications is valued for the input and comments that are received from the public. Users are able to comment on information published by the agency, or in some cases publish material of their own for the express purpose of providing feedback or suggestions to the agency. In some cases, users may be able to vote on the information published or on associated comments from other users. This item does not include user account information that the government has controlling access to. Examples of social networking applications include Facebook, comment-capable blogs, LinkedIn, Ideascale, Chaordix, etc. Disposition: Temporary. Cut off when voting/comments are closed. Destroy when no longer needed for agency business. If action is taken based off of the commentslinput, a copy of this information must be maintained as part of the development records for that project. Consult your records liaison or records officer for proper classification of these records. 1408.3 File Sharing. Data in these applications is stored for use by multiple individuals within the government for collaborative purposes. This is most often utilized during the developmental process of official agency publications or reports, receiving input from

several individuals as a draft' evolves. This item also includes use of file-sharing applications to circulate photographs and videos. In all cases, data on these platforms should be maintained outside of the application, as well. Final versions of documents should be held elsewhere, as should original copies of videos and photographs. Exaniples of file sharing applications include Flickr, collaborative workspaces, YouTube, Picasa, Sharepoint, etc. Disposition: These records are considered duplicative copies of official agency records. They are non-records and may be destroyed when no longer needed for reference. 1408.4 User Information/Accounts. This data applies to information collected by the social media application for account registrationlmanagement in an application that is operated or managed by the agency. It may include user name, email address, passwords, and other information about an individual, varying by the social media platform. There is a strong potential for PI1 in these applications. This information must be accessible and controllable by the agency for it to be applicable with this records schedule. Social media applications in which the agency participates as a user (e.g. Facebook, Twitter) do not apply, as the agency has no role in managing account registration. Disposition: These records are considered the same as 1404.3 User Identification Files (Routine Systems) and should be treated accordingly. 1408.5 Traffic Monitoring. Data in these applications is used to track browsing activity and sequence of traffic. IP addresses or "cookies" can be analyzed to show browsing history and where individuals arrive at and browse fiom DO1 sites. Google analytics is an example of an application supplying this data. Disposition: This data is considered part of what is maintained with 1403 Management and Maintenance Files for electronic systems and should be handled accordingly. 1409 - DO1 Data Loss Prevention (DLP) System Data Files. DO1 Data Loss Prevention Systems monitor email and web traffic within DO1 to ensure that personally identifiable information (PII) and other sensitive personal data is not released to unauthorized parties, and to record communications and activity that violate the department's Acceptable Use policy (as outlined in the DO1 Information Technology -. Security Policy Handbook). Systems may also be designed to detect andlor respond to other specific incidents, such as known ~alwarelvirus~s and other computer threats.

Data files contain a record of incidents that match the above criteria, classed into three categories for PIIIAccept Use each: Minor, Major, and Critical. They are tracked for statistical reporting and, in the case of Major and Critical incidents, maintained for possible use in Human Resources or Law Enforcement investigations. Information in an incident file includes: server where the messageltraffic originated; date and time of the incident; sender's email andlor IP address; recipient's email andlor IP address; and the messageldata that was sent (subject line, attachments, body of message). 1409.1 - Minor Incidents. These incidents constitute violations that are unintentional andor represent minimal consequences to the bureau or agency. They are tracked primarily for statistical reporting purposes only, or as an indication that employees lack proper training in the appropriate use of government equipment. Minor PI1 incidents include, but are not limited to: Incidents which involve an individual sending hisher own PI1 information out of the DO1 network. This can include family members such as spouses as well as children. Examples include; SSN's, CCN's, Usemame/Password, W2's, New hire paperwork, etc. Minor Acceptable Use incidents include, but are not limited to: Incidents which involve an individual using inappropriate language in a personal, non-professional conversation or environment. Incidents which show poor taste or judgment. Disposition: Temporarv. Cut off when the incident is classifiedlrecorded. Destroy 6 months after cut-off, or when no longer needed for agency business, whichever is later. Do not preserve records longer than 1 year. 1409.2 - Major Incidents. These incidents constitute severe violations of policy and represent a danger to the security of an individual (in the case of PII) or to the bureau or office (for Acceptable Use). Major PI1 incidents include, but are not limited to: Incidents which involve an individual sending several other individual's information, or an individual sending hisker government assigned credit card, usernamelpassword, etc. out of the DO1 network. Examples include; Payroll worksheets, Government related usemamelpassword, Government related credit card, etc. Major Acceptable Use incidents include, but are not limited to: Incidents which involve an individual using inappropriate language for: solicitation of sexual acts; sexually/racially derogatory comments; describing activities which are deemed to be inappropriate or offensive to fellow employees, partners, contractors or the public; or adult ratedpomographic authoring. Disposition: Temporary. Cut off when all necessary follow-up actions have been completed. Destroy 3 years after cut-off.

[Note: Though this disposition resembles that provided for in GRS 24-7, that chapter indicates that a system's data files should be separately scheduled. As the incident files comprise this system's data, a separate records schedule is believed necessary.] 1409.3 - Critical Incidents. These incidents constitute a severe, widespread, andlor time-sensitive compromise of information and security, constituting an immediate and dangerous risk to individuals or to the bureaulagency. Incidents may include: the compromise of a computer system with employee data being maliciously sent to an outside party or parties; the description or discussion of illegal activities. Critical incidents are escalated to the proper authorities. Disposition: Temporary. Cut off when incident data is transferred to the investigating organization. Destroy data immediately upon successful transfer.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information