Administrative Policy 1-05 Use of E-Mail/Internet

Policy 1-5 USE OF COMPUTERS, E-MAIL, AND INTERNET

SUBJECT: Use of Computers, E-mail, and Internet 

PURPOSE: Access to computer systems and networks owned or operated by the City of Lawton (CoL) is a privilege which imposes certain responsibilities and obligations and is granted subject to CoL policies and ordinances and local, state, and federal laws.  The objective of this policy is to ensure an available, reliable, secure, and responsive network environment.  It is the responsibility of each user to ensure that the CoL’s technology is used appropriately.

POLICY STATEMENT: 

CoL employees are expected to use the CoL network responsibly and productively. Use of CoL computers, networks, electronic mail (e-mail), and Internet access is a privilege granted by City management and the Information Technology Services Department (ITSD) and may be revoked at any time for inappropriate conduct carried out on such systems, including, but not limited to:

  • Sending chain letters, “Ponzi”, “pyramid” schemes or participating in any way in the creation or transmission of unsolicited commercial e-mail (“spam”) that is unrelated to legitimate CoL purposes;
  • Engaging in private or personal business activities. Internet access is limited to job-related activities only.  Unless specifically granted in this policy, any non-business use of CoL resources is expressly forbidden;
  • Accessing networks, servers, drives, folders, or files to which the employee has not been granted access or authorization from someone with the right to make such a grant;
  • Knowingly or willingly sending confidential or CoL sensitive information outside of the City of Lawton by means of removable media, cloud storage, or electronic mail (e-mail);
  • Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties.  For purposes of this section, “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes;
  • Port scanning or security scanning is expressly prohibited unless prior notification to the ITSD is made;
  • Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations;
  • Destroying, deleting, erasing or concealing CoL files or other CoL data, or otherwise making such files or data unavailable or inaccessible to CoL or the other authorized users of CoL systems;
  • Using computers to perpetrate any form of fraud, and/or software, film or music piracy;
  • Engaging in unlawful or malicious activities;
  • Deliberately propagating any virus, worm, Trojan horse, trap-door program code, or other code or file designed to disrupt, disable, impair, or otherwise harm either the CoL’s network or systems or those of any other individual or entity;
  • Hacking into unauthorized websites or systems;
  • Misrepresenting oneself or the City of Lawton;
  • Sending, receiving, or accessing pornographic materials;
  • Becoming involved in partisan politics;
  • Causing congestion, disruption, disablement, alteration, or impairment of CoL networks or systems;
  • Failing to log off any secure, controlled-access computer or other form of electronic data system to which you are assigned, if you leave such computer or system unattended;
  • Revealing your account password to others or allowing use of your account by others.  This includes other employees as well as family, friends, and any other unauthorized person;
  • Interfering with or denying service to any user or network (i.e. denial of service attack);
  • Defeating or attempting to defeat security restrictions on company systems and applications; and/or
  • Using recreational games.

All sites and downloads may be monitored and/or blocked by CoL if they are deemed to be harmful and/or not productive to business.

Sending messages to groups: Do not select the entire address list for inclusion in the to:, cc: and/or bc: fields.  Send only to those people who “need to know” the information.

 Using Col’s network systems to access, create, view, transmit, or receive racist, sexist, threatening, or otherwise objectionable or illegal material is strictly prohibited.  “Material” is defined as any visual, textual, or auditory entity.  Such material may violate the CoL’s Harassment Policy (Council Policy 3-3) and Sexual Harassment Policy (Council Policy 3-1) and may be subject to disciplinary action.  CoL’s electronic mail system, Internet access, and computer systems must not be used to violate the laws and regulations of the United States or any other nation or any state, city, province, or other local jurisdiction in any way.  Use of CoL resources for illegal activity may lead to disciplinary action, up to and including dismissal and criminal prosecution.  The CoL will comply with reasonable requests from law enforcement and regulatory agencies for logs, diaries, archives, or files on individual Internet activities, e-mail use, and /or computer use.

 

OWNERSHIP AND ACCESS OF ELECTRONIC EMAIL, INTERNET ACCESS, AND COMPUTER FILES; NO EXPECTATION OF PRIVACY: 

CoL owns the rights to all data and files on any computer, network, or other information system used in the CoL and to all data and files sent or received using any CoL system or using the CoL’s access to any computer network, to the extent that such rights are not superseded by applicable laws relating to intellectual property.  The CoL also reserves the right to monitor electronic mail messages (Including personal/private/instant messaging systems) and their content, as well as any and all use by employees of the Internet and of computer equipment used to create, view, or access e-mail and Internet content.  Employees must be aware that the electronic mail messages sent and received using CoL equipment or CoL provided Internet access, including web-based messaging systems used with such systems or access, are not private and are subject to viewing, downloading, inspection, release, and archiving by CoL at all times.  CoL has the right to inspect any and all files stored in private areas of the network or on individual computers or storage media in order to assure compliance with CoL policies and local, state, and federal laws.

CoL uses software in electronic information systems that allows monitoring by authorized personnel and that creates and stores copies of any message, files, or other information that is entered into, received by, sent, or viewed on such systems.  There is no expectation of privacy in any information or activity conducted, sent, performed, or viewed on or with CoL equipment or Internet access.  Accordingly, employees should assume that whatever they do, type, enter, send, receive, and view on CoL electronic information systems is electronically stored and subject to inspection, monitoring, evaluation, and CoL use at any time.  Further, employees who use CoL systems and Internet access to send or receive files or other data that would otherwise be subject to any kind of confidentiality or disclosure privilege thereby waive whatever right they have to assert such confidentiality or privilege from disclosure. This waiver does not apply to attorneys sending or receiving information that is protected by attorney-client privilege. Employees who wish to maintain their right to confidentiality or a disclosure privilege must send or receive such information using some means other than CoL systems or the CoL provided Internet access.

CoL has licensed the use of certain commercial software application programs for business purposes.  Third parties retain the ownership and distribution rights to such software.  No employee may create, use, or distribute copies of such software that are not in compliance with the license agreements for the software.  Violation of this policy may lead to disciplinary action, up to and including dismissal.

CONFIDENTIALTY OF ELECTRONIC EMAIL: 

As noted above, electronic mail is subject at all times to monitoring, and the release of specific information is subject to applicable local, state, and federal laws and CoL rules, policies, and procedures of confidentiality.  Existing rules, policies and procedures governing the sharing of confidential information also apply to the sharing of information via commercial software.  Since there is the possibility that any message could be shared with or without your permission or knowledge, the best rule to follow in the use of electronic email for non-work-related information is to decide if you would post the information on the office bulletin board with your signature.

It is a violation of CoL policy for any employee, including system administrators and supervisors, to access electronic mail and computer systems files to satisfy curiosity about the affairs of others, unless such access is directly related to that employee’s job duties.  Employees found to have engaged in such activities may be subject to disciplinary action.

 ELECTRONIC MAIL TAMPERING: 

Electronic mail messages received should not be altered without the sender’s permission; nor should electronic mail be altered and forwarded to another user and/or unauthorized attachments be placed on another’s electronic mail message.

 

POLICY STATEMENT FOR INTERNET/INTRANET BROWSER(S): 

The Internet is to be used to further the CoL’s mission, to provide effective service of the highest quality to the Citizens of Lawton and staff, and to support other direct job-related purposes.  The various modes of Internet/Intranet access are CoL resources and are provided as business tools to employees who may use them for research, professional development, and work-related communications.

Employees may be individually liable for any and all damages incurred as a result of violating CoL policy, copyright, and licensing agreements.

All CoL policies and procedures apply to employees’ conduct on the Internet, especially, but not exclusively, relating to: intellectual property, confidentiality, CoL information dissemination, standards of conduct, misuse of CoL resources, anti-harassment, and information and data security. 

PERSONAL ELECTRONIC EQUIPMENT: 

Due to the significant risk of harm to CoL electronic resources, or loss of data, from any unauthorized access that causes data loss or disruption, employees should not bring personal computer or data storage devices (such as floppy discs, CDs/DVDs, external hard drives, USB/flash drives, “smart” phones, iPods/iPads/iTouch or similar devices, laptops or other mobile computing devices, or other data storage media) to the workplace and connect them to CoL electronic systems unless expressly permitted to do so by CoL ITSD.  No personal electronic device will be allowed access to the CoL network without the express permission from the City Manager or the Director of Information Technology Services. If Col ITSD detects that a personal computer or data storage device has been connected to the CoL network without authorization, said personal computer or data storage device is subject to inspection to determine what information, if any, has been transmitted to or downloaded from the CoL network.  

Anyone bringing a personal electronic device, image recording device, or other data storage device onto CoL premises with the intent to connect to any CoL network must agree to the following:  If a personal electronic device is allowed access to any CoL network, the employee, contractor, or otherwise authorized person gives permission to CoL to inspect the device at any time with personnel from ITSD and to analyze any files, other data, or data storage media that may be connectable to the personal device.   The purpose of any such inspection would be to ascertain whether the device: (1) contains any files that would be harmful to the CoL electronic systems, as well as (2) to determine whether data, other than what had been authorized, had been downloaded from COL electronic systems to the device. No removable storage will be allowed access to the CoL network without explanation to, and prior approval from, the ITSD Director and the City Manager. Employees who do not wish such inspections be done on their personal computer or removable devices should not bring such items to work at all.  No personal removable storage will be allowed access to the CoL network without explanation to and prior approval from the ITSD Director or City Manager.  Employees are further cautioned that the use of personal electronic equipment to conduct CoL business may subject said equipment to inspection, retrieval, and release of any information that would qualify as a “record” as defined by the Oklahoma Open Records Act.

 

DISCIPLINARY ACTION: 

In the event that this policy is questioned, the Information Technology Services Director is authorized to provide interpretation of this policy.  Violation of this policy, or failure to permit an inspection of any device under the circumstances covered by this policy, may result in disciplinary action, up to and including immediate termination of employment.  In addition, the employee may face both civil and criminal liability from CoL, from law enforcement officials, or from individuals whose rights are harmed by the violation.

REFERENCES: None

 

RESCISSION: This policy rescinds Administrative Policy 1-5 dated June 23, 2003

 

RESPONSIBLE DEPARTMENT: Information Technology Services Department

 

_________________________

Michael Cleghorn

City Manager

November 10, 2021

 

 

1-5, Amended, 11/10/2021,1-5, Amended, 06/23/2003 , 1-5, Amended, 09/01/2002, 1-5, Amended, 11/28/2000,  1-5, Added, 08/21/1997