[Added 9-1-2009]
A.Â
The purpose of a policy on Internet use is not to impose restrictions
that are contrary to City of Union City's established culture
of openness, trust, and integrity but rather to protect City of Union
City's employees, partners, and the government from illegal or
damaging actions by individuals, either knowingly or unknowingly.
Internet/Intranet/Extranet-related systems, including but not limited
to computer equipment, software, operating systems, storage media,
network accounts providing electronic mail, World Wide Web browsing,
and FTP are the property of City of Union City. These systems are
to be used for business purposes in serving the interests of the City,
and for our residents in the course of normal operations. Recognizing
that the Internet/Intranet/Extranet-related systems are the property
of the City, employees do not have any expectation of or right to
privacy with regard to the use of the systems.
B.Â
Effective security is a team effort involving the participation and
support of City of Union City employees and affiliates who deal with
information and/or information systems. While this policy defines
how City employees can and can not use City electronic resources,
it can not cover every conceivable situation. Consequently, common
sense and professional courtesy will still be required. It is the
responsibility of every computer user to know these guidelines and
to conduct their activities accordingly.
C.Â
Additionally, electronic communications may be considered government
records within the meaning of the Open Public Records Act, N.J.S.A.
47:1A-1 et seq. (hereinafter "OPRA") and further may be considered
public records within the meaning of the Destruction of Public Records
Law of (1953), N.J.S.A. 47:3-15 et seq. (hereinafter "DPRL") Accordingly,
like paper documents, electronic communications must be retained and
destroyed according to established records management procedures.
D.Â
The principal purpose of electronic mail (e-mail) and access to the
Internet is for City of Union City business communications, as set
forth at length in the Policy on Internet Usage, and all computer
equipment (and associated hardware and software) are the property
of City of Union City. Occasional personal use is permitted when necessary;
however, any and all e-mail communications sent or received on a City
computer, whether using a City or personal (including password protected
and web-based accounts) e-mail address, are considered part of the
City's business records and may not be considered to be private
or confidential. All Internet activity on City computers, including
e-mail communications, are subject to periodic backup programs. As
a result, all such information may be stored on the City's server
backup system.
[Added 10-19-2010]
E.Â
Electronic communications with doctors, lawyers, therapists, accountants,
etc., which take place using a City computer, whether using a City
e-mail account or a personal, password protected, web-based e-mail
account, may not be privileged, private or confidential.
[Added 10-19-2010]
F.Â
The City of Union City reserves the right to review and access all
material on the City's media systems, including Internet sites
viewed and personal web-based e-mail accounts accessed on a City computer,
and computers, including hard drives and server backup systems, at
any time.
[Added 10-19-2010]
This policy provides rules and guidelines for the proper use
of the Internet, Intranet, Extranet, e-mail, fax machines, and computers.
It applies to employees, contractors, consultants, temporaries, and
other workers using City of Union City Internet or computers, including
all personnel affiliated with third parties. It also applies to all
electronic resources owned or leased by City of Union City. The intent
is to prevent wasteful use of the City's electronic resources,
lost time, and inappropriate behavior. It also covers the actions
required of staff to enable compliance with data protection regulations,
avoidance of computer fraud, security breaches, or software piracy.
This policy is also intended to implement retention policies consistent
with the State of New Jersey Division of Archives and Records Management
guidelines and best practices for managing electronic mail.
A.Â
It is the intent of City of Union City to provide high-quality computing
facilities to its authorized users. This will allow the City of Union
City to:
B.Â
Each computer owned by the City is a business tool. As such, responsible
employees are accountable for the condition of that tool and for abiding
by the computing provisions set forth by the City.
C.Â
City of Union City via the policy and any other instruction shall
approve all City of Union City employees use of the internet and e-mail.
D.Â
The City network (local and wide are networks including phones, fax
machines, switches, routers, hubs, and other connected equipment)
may be used only for lawful purposes. Transmission, distribution,
or storage of any material in violation of any applicable law or regulation
is prohibited. This includes, without limitation, material protected
by copyright, trademark, trade secret or other intellectual property
right used without proper authorization.
E.Â
Unauthorized copying of copyrighted material including, but not limited
to, digitization and distribution of photographs from magazines, books
or other copyrighted sources, copyrighted music, and the installation
of any copyrighted software for which City of Union City or the end
user does not have an active license is strictly prohibited.
F.Â
The City retains the copyright to any material created by employees
in the course of their official duties. Copyrighted materials belonging
to entities other than the City may not be transmitted by an employee
on the City Internet or e-mail systems except with permission or as
a single copy for reference only.
G.Â
Related questions should be directed first to your supervisor and
then, if necessary, to the IT Agent.
H.Â
Note: The
terms Internet, Intranet (internal City Internet for employee use
only), and Extranet (business-to-business Internet interface between
the City and a business partner) are interchangeable. Any rule applying
to one, likewise, applies to the other.
A.Â
Employees are responsible for ensuring business critical electronic
data/information is backed up and available only to authorized personnel.
B.Â
Employees must use extreme caution when opening e-mail attachments
received from unknown senders, which may contain viruses, worms, e-mail
bombs, or Trojan horse code.
C.Â
Sharing user names/logon IDs and passwords (network, Windows, application,
etc.) without supervisor permission (emergency basis only) is forbidden.
D.Â
Data stored on network server drives are automatically backed up
by IT on a daily basis. Lost or damaged files may be restored by contacting
IT. If you store information on your personal computer, you (not IT)
have assumed data backup and recovery responsibility.
E.Â
All PCs, laptops and workstations must be secured with a password-protected
screensaver with the automatic activation feature set at 10 minutes
or less, or by logging off when the host will be unattended.
F.Â
Individual users shall be held accountable for knowledgeable use
of their account by others. This includes family and other household
members when work is being done at home.
Use of the Internet or electronic mail for the following purposes
is strictly prohibited:
A.Â
Executing any form of network monitoring which will intercept data
not intended for the employee's host, unless this activity is
a part of the employee's normal job/duty.
B.Â
Circumventing user authentication or security of any host, network,
or account.
C.Â
Using any program/script/command, or sending messages of any kind,
with the intent to interfere with or disable a user's terminal
session, via any means, locally or via the Internet/Intranet/Extranet.
D.Â
Engaging in activities commonly call "hacking" or "cracking." Examples:
(1)Â
Password
sniffing (includes dictionary and brute force password cracking attacks).
(2)Â
Data
manipulation or vandalizing of web pages.
(3)Â
Eavesdropping
on network traffic.
(4)Â
Scanning
for computer/network vulnerabilities without authorization.
(5)Â
Networking
sniffing.
(6)Â
Pinged
floods.
(7)Â
Packet
spoofing.
(8)Â
Forged
routing information for malicious purposes.
(9)Â
Intentionally
launching denial-of-service attacks on any computer system.
E.Â
Snooping in other individual's e-mail or using masquerading
techniques. Example: Sending e-mail from a mailbox other than the
employee's own, in order to disguise one's identity.
F.Â
Engaging in anonymous activity to avoid being identified in network
security systems. Internet accounts shall be accessed only by the
authorized owner (or his/her designee) of the account.
G.Â
Interfering with or disrupting network users, services, or equipment.
Examples:
H.Â
Connecting a network hardware device (workstations, printers, scanners,
wireless, etc.) to the network without the approval of IT. IT is responsible
for monitoring, tracking, maintaining, and troubleshooting all network
devices.
I.Â
Allowing a modem/router to be connected to or installed on a network
computer. Modem use must be approved by IT and will be installed only
on computers which have no physical connection to the network. This
is necessary for preventing potential third parties from compromising
network security through a back door.
J.Â
Interrupting or disabling the automatic downloading of antivirus
software, software patches, or other IT-approved administrative software.
K.Â
Disabling the automatic execution of IT-approved software including,
but not limited to, antivirus software.
L.Â
Any other activity that the user knows or should know is inconsistent
with City business and for the security of the City computers.
A.Â
Approved software must be licensed by the original manufacturer prior
to being installed.
B.Â
Screen savers may be installed when approved by IT.
C.Â
Nonsystem wallpapers, e.g., family pictures, are permitted to be
installed, provided that there are no copyright infringements.
D.Â
Instant messaging software must be approved by IT.
E.Â
Playing computer games, including those built into the Windows operating
system, is prohibited.
F.Â
Software that is not part of the City standard suite of software
may not be loaded onto a government computer unless the software has
been approved in advance in writing by IT.
Use of the Internet or electronic mail for the following purposes
is strictly prohibited:
A.Â
Accessing Internet sites with sexually explicit or hate material.
B.Â
Transmitting threatening, obscene, harassing, discriminatory, or
sexually explicit materials.
C.Â
Accessing gambling sites.
D.Â
Sending or forwarding chain letters. These are e-mails which either
ask you to forward them on to all your friends (or to everyone you
know) or which state that something bad will happen if you do not
forward them. E-mails of this type, which are usually warning about
something (example: computer viruses) are almost certainly hoaxes.
E.Â
Advertising, soliciting, or selling commercial items.
F.Â
Advertising, soliciting, or selling personal items.
G.Â
Conducting personal or commercial business for profit.
H.Â
Engaging in non-City sanctioned fund-raising.
I.Â
Engaging in political activities prohibited by law.
J.Â
Releasing proprietary data or information to unauthorized persons.
K.Â
Auto-forwarding e-mail messages to a commercial e-mail account.
L.Â
Participating in message boards about the City.
M.Â
Sending messages to large groups of people without prior management
approval.
N.Â
Providing information about, or lists of, City employees to parties
outside City of Union City without the Business Administrator's
approval.
O.Â
Using e-mail resulting in inadvertent commitment of the City to a
contract or agreement if it appears to the other party that you have
authority to do so. E-mails sent to external stakeholders must include
the following disclaimer:
"This transmission is confidential and may be legally privileged.
If you are not the intended recipient, please notify the sender by
return e-mail and delete this message from your system. The City of
Union City reserves the right to monitor e-mail communication. No
contract may be concluded on behalf of the City of Union City by e-mail.
If the content of this e-mail does not relate to the business of the
City of Union City, then we do not endorse it and will accept no liability."
|
P.Â
Using personal e-mail accounts for City of Union City business purposes.
Q.Â
Using Instant messaging on City computers unless the use is specifically
approved by the appropriate director of the employee's department.
R.Â
Accessing chat rooms unless specifically approved in advance for
each occasion by the employee's supervisor.
A.Â
Do not send offensive jokes, frivolous messages, or anything which
may be construed as discriminatory or harassing in nature.
B.Â
Since the confidentiality of e-mail mail cannot be assured, do not
type anything you don't want repeated. Do not try to carry out
confidential or sensitive tasks or air controversial views on e-mail.
Ask yourself: Would I want a member of the public or a jury to read
this message? Remember that all e-mails (even deleted ones) are saved
and usually can be retrieved.
C.Â
Respect privacy and consider this aspect before forwarding messages.
D.Â
Be polite. E-mails can often seem abrupt, even when this is not the
intention. Use professional courtesy and discretion. The use of all
uppercase text in either the subject or the body of an e-mail should
also be avoided as this is deemed to be the e-mail equivalent of shouting.
E.Â
Do not reply with history if it is not necessary especially if it
incorporates a large attachment. Do not send greeting cards. Voluminous
data files attached to e-mails increase network traffic congestion
often resulting in overall response time degradation.
F.Â
Use "reply all" and distribution lists with caution in order to keep
the number of your messages to a minimum and reduce the risk of sending
messages to the wrong people.
G.Â
Check your e-mails regularly. Set the out-of-office flag and arrange
for someone to deal with your e-mail if you are away for an extended
period.
H.Â
Messages should be clearly addressed "To" those from whom an action
or response is expected; "cc" or "bcc" should be used for other recipients
of the message. The use of "bcc" is not recommended since may consider
this to come under the heading of "dirty pool."
I.Â
Delete unwanted or unnecessary e-mail subject to the retention policy
identified below.
J.Â
Unsolicited e-mail, especially with an attachment, may contain a
virus, if in doubt, delete the e-mail or contact the sender to check
before opening.
K.Â
Enter a meaningful "subject" field to help the reader anticipate
the content correctly, and try to keep to one subject per message.
L.Â
Don't use all or part of someone else's message without
acknowledgement. Don't edit someone else's message without
making it clear the changes that you have made and use good judgment
when considering distributing other people's messages without
permission.
M.Â
Avoid subscribing to unnecessary mailing lists. Unsubscribe from
mailing lists when they are no longer required.
N.Â
Use discretion before selecting "request read receipt" or "request
delivery receipt" options as this may unnecessarily increase network
traffic thereby retarding overall response time. These options should
be used by exception. They should not be system default selections.
O.Â
Once a message is sent, there is no way to retrieve it. Check carefully
that messages are addressed to the correct recipient(s) before sending.
A.Â
The City reserves the right, to monitor, examine, copy, change, and/or
delete without notice all of its systems configurations, as well as
the files on those systems for such purposes as maintaining business
continuity, responding to a complaint of computer abuse, such as harassment;
or protecting City resources from unauthorized misuse.
B.Â
The City neither guarantees against, nor shall it be responsible
for, the destruction, corruption, or disclosure of personal material
on or by its computer resources. Specifically, the City reserves the
right to remove, replace, or reconfigure its computer resources without
formal notice to employees (despite the fact that advance notice will
normally be given).
C.Â
If employees are maintaining personal files on City systems with
appropriate permission, they are advised to locate such files in a
root directory named "personal" to facilitate the identification and
backup of those files.
A.Â
E-mails which are not considered government records under OPRA or
public records under DPRL may be deleted immediately from the computer
system. They are as follows:
(1)Â
Personal correspondence. Any e-mail not received or created in the
course of City business may be deleted immediately, since it is not
an official record. Examples of the type of messages that may be deleted
are unsolicited e-mail advertisements, commonly called "SPAM," personal
messages, or the "Let's do lunch" (not a City-business meeting
over lunch) or "Can I catch a ride?" type of note. This provision
is not intended and not shall not be interpreted to allow employees
to create or receive personal correspondences.
(2)Â
Nongovernmental publications. Publications, promotional material
from vendors, and similar materials that are publicly available to
anyone are not official records unless specifically incorporated into
other official records. This includes LISTERV® messages (other
than those you post in your official capacity), unsolicited promotional
material, files copied or downloaded from Internet sites, etc. These
items may be deleted immediately, or maintained in a "Non-Record"
mailbox and deleted at a later time, just as you might trash unwanted
publications or promotional flyers received in the mail. However,
for example, if you justify the purchase of a "Zip Filing System"
by incorporating the reviews you saved (from the "Files R Us LISTSERV®")
in your proposal to your boss, those LISTSERV® messages become
official records and must be retained in accordance with the retention
schedule for purchasing proposals.
B.Â
Transient documents are considered government records under OPRA
or public records under DPRL and are to be retained as follows:
(1)Â
Much of the communication via e-mail has a very limited administrative
value. For instance, an e-mail message notifying employees of an upcoming
meeting would only have value until the meeting has been attended
or the employee receiving the message has marked the date and time
in his/her calendar.
(2)Â
Transient messages do not set policy, establish guidelines or procedures,
certify a transaction or become a receipt. The informal tone of transitory
messages might be compared to a communication that might take place
during a telephone conversation or conversation in an office hallway.
These types of records are transient documents and can be scheduled
using the General Retention Schedules established by the State Records
Committee. Transient documents include telephone messages (such as
"While You Were Out" notes), drafts, and other documents that serve
to convey information of temporary importance in lieu of oral communication.
E-mail messages of a similar nature should be retained until they
are no longer of administrative value and then destroyed.
C.Â
Intermediate documents are considered government records under OPRA
or public records under DPRL and are to be retained as follows:
(1)Â
E-mail messages that have more significant administrative, legal
and/or fiscal value but are not scheduled as transient or permanent
should be categorized under other appropriate record series. These
may include but are not limited to:
(a)Â
General correspondence. Including correspondence from various
individuals, companies, and organizations requesting information pertaining
to agency and legal interpretations and other miscellaneous inquiries.
This correspondence is informative; it does not attempt to influence
agency policy.
(b)Â
Internal correspondence. Including letters, memos, and requests
for routine information; monthly and weekly reports; and documents
advising supervisors of various events, issues, and status of ongoing
projects.
(c)Â
Minutes of agency staff meetings. Minutes and supporting records
documenting internal policy decisions.
(2)Â
Retention. These categories of e-mail should be retained for the
appropriate period of time per the records retention schedules approved
under the General Retention Schedules for the City.
D.Â
Permanent documents are considered government records under OPRA
or public records under DPRL and are to be retained as follows:
(1)Â
E-mail messages that have significant administrative, legal and/or
fiscal value and are scheduled as permanent also should be categorized
under the appropriate record series. These may include but are not
limited to:
(a)Â
Executive correspondence.
[1]Â
Correspondence of the head of an agency dealing with significant
aspects of the administration of their offices. Correspondence includes
information concerning agency policies, program, fiscal and personnel
matters.
[2]Â
Retention shall be three years, then, periodic review for transfer
to archives in accordance with standards and protocols.
(c)Â
Minutes of boards, commissions, etc. Including approved minutes
of official bodies, attachments, and transmittal documents. This does
not apply to drafts of minutes or minutes that have not been approved.
Copies may be retained in electronic form, but retention of hard copy
is required.
(2)Â
Retention. Permanent, Periodic review for transfer to archives in
accordance with standards and protocols.
E.Â
Distribution lists are considered government records under OPRA or
public records under DPRL and are to be retained as follows: If you
send to a "distribution list" (not a LISTSERV®, but a specified
list of individuals), you must also keep a copy of the members of
that list for as long as you are required to keep the message itself.
It is of little value to know that the "Security Alert" notice went
to "SWAT Team 7," without knowing whether "Arnold S." received the
message. Nicknames present a similar problem.