1.0 Overview
Information Management Services (IMS) intentions for publishing an Acceptable Use Policy are in support of Salt Lake City Corporation’s established culture of openness, trust and integrity. IMS is committed to protecting Salt Lake City Corporation’s employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
2.0. Purpose of this Procedure.
The purpose of the information technology resources (e.g., E-Mail, electronic voice, video communication, facsimile, Internet/Intranet/Extranet-related systems,, and future technologies) provided by Salt Lake City Corporation, is to support city agencies in achieving their mission and goals, and to improve city government in general.
3.0. General Use and Ownership – Privacy of Records
Salt Lake City Corporation is committed to respecting the rights of its employees, including their reasonable expectation of privacy. However, it is also responsible for servicing and protecting its electronic communication networks. Salt Lake City Corporation has the right to access and disclose the contents of electronic files, as required for legal, audit, or legitimate operational or management purposes.
Do not transmit personal information about yourself or someone else using corporate resources without proper authorization. The confidentiality of such material cannot be guaranteed. E-Mail and other electronic files may be accessible through the discovery process in the event of litigation. Each of these technologies may create a "record" and therefore are reproducible and subject to judicial use or a Government Records Access and Management Act (GRAMA) request for information.
4.0. Retention/Disposition of Electronic Records
Just as with any other government record, electronic records are retained or disposed of in accordance with GRAMA. Refer to GRAMA or ask your the City Recorder’s Office if you need additional information or for guidance in this area.
5.0. Warnings/Corrective Actions
Each city agency shall review complaints or instances of unacceptable use brought to its attention. Violators are subject to corrective action and discipline and may also be prosecuted under city, state and federal statutes.
Please refer to the following appendices for detailed information:
Appendix A - Responsibilities
Appendix B - Unacceptable Use of Information Resources
Appendix C - Overview of Technologies
Appendix A – City Employee Responsibilities
1. Access only files, data and protected accounts that are your own, that are publicly available, or to which you have been given authorized access.
2. Use corporate resources efficiently and productively. Refrain from monopolizing systems, overloading networks with excessive data, playing computer games or wasting computer time, connect time, disk space, printer paper, or other corporate resources.
3. Be responsible for the use of your accounts. Under no circumstances shall you give your passwords to another person. Guard yourself against unauthorized access to your accounts. Follow City password procedures.
4. Seek the advice of the authorized supervisor responsible for any corporate resource if you are in doubt concerning your authorization to access that resource.
5. Conduct yourself as a representative of both the city agency and Salt Lake City Corporation as a whole.
6. Effective use of computer resources is important to Salt Lake City Corporation. To help improve the effectiveness of your use of these resources, incidental and occasional personal use is permitted, as long as such use does not:
* Disrupt or distract the conduct of city business
* Involve solicitation
* Involve a for-profit personal business activity
* Have the potential to harm the city, or
* Involve illegal activities
Note: Any resources used for personal use that incurs a cost must be reimbursed to Salt Lake City Corporation.
Appendix B - Unacceptable Use of Information Resources
The first and foremost rule for using these technologies is:
Don't say, do, write, view, or acquire anything that you wouldn't be proud to have everyone in the world learn about if the electronic records are laid bare.
Any use of corporate resources for inappropriate purposes, or in support of such activities, is prohibited (unless authorized through job responsibilities). The following list is currently considered unacceptable use of corporate resources.
1. Illegal Use - Any use of corporate resources for illegal purposes, or in support of such activities. Illegal activities shall be defined as any violation of local, state, or federal laws.
2. Commercial Use - Any use for commercial purposes, product advertisements, or "for profit" personal activity.
3. Sexually Explicit - Any sexually explicit use, whether visual or textual. You should not view, transmit, retrieve, save, or print any electronic files which may be deemed as sexually explicit.
4. Religious or Political Lobbying - Any use for religious or political lobbying, such as using E-Mail to circulate solicitations or advertisements.
5. Copyright Infringement - Duplicating, transmitting, or using software not in compliance with software license agreements. The unauthorized use of copyrighted materials or another person's original writings.
6. Unnecessary Use of Resources - Wasting resources by intentionally:
* Storing information or software on corporate resources which are not authorized by the agency
* Printing unnecessary amounts of paper
* Disrupting the use or performance of corporate resources or any other computer system or network (for example, unauthorized world wide web pages)
8. Viruses or other malicious programs - Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.). This is includes knowingly or inadvertently spreading computer viruses.
If you have questions on how to check for Viruses, please call IMS Customer Support (535-7272) and they will be glad to assist you. If you suspect a virus on your system immediately inform IMS Customer Support (535-7272).
9. Junk Mail or Spam - Distributing "junk" mail, such as chain letters, advertisements, or unauthorized solicitations. This includes Unauthorized and/or unsolicited electronic mass mailings or “spam” email.
10. Confidential Information - The distribution of confidential information is prohibited without the proper authorization. When authorized, transmitting classified information requires proper security. This is in accordance with the Government Records Access and Management Act.
11. Security Breaches - Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
12. Port scanning or security scanning is expressly prohibited without prior permission from the IMS Security Officer.
13. Executing any form of network monitoring which will intercept data not intended for the
employee’s host server or system database, unless this activity is a part of the employee’s normal job/duty.
14. Using any program/script/command, or sending messages of any kind, with the intent to interfere with network and server operations
15. Providing information about, or lists of, Salt Lake City Corporation employees to parties outside Salt Lake City Corporation.
Appendix C - Overview of Technologies
The following are examples of less obvious computer technologies that this procedure governs. This overview will increase understanding of the uniqueness of these technologies as they relate to creating electronic 'records'. This is what separates these from other forms of communications such as a telephone conversation. An electronic record is reproducible and therefore deserves special recognition.
1. E-Mail
E-Mail is a major means of communication in city government, and it offers an efficient method of conducting city business. E-Mail, as defined in this document, consists not only of the corporate E-Mail system, but also the act of sending and receiving E-Mail through the Internet.
2. Facsimile (Fax)
Fax machines, in the past, simply created a paper copy of the original message. With today's technology, this is becoming less and less true; an electronic copy may be created. The same rules governing acceptable use of other corporate resources also apply to the use of fax technology. As with other technologies, the content of faxed messages may be seen by authorized individuals during the performance of their duties.
Use of fax technology does not always require a password for access. Recipients should not assume that the sender is always as reported. A fax should always be perceived as a non-private communication method. Remember, anyone at the other end may read your fax.
3. Internet
The Internet provides the ability to communicate, collaborate with others and access information throughout the world. However, there is little in the way of hierarchy or control of the information available. Increased access to computers and people all over the world also brings the availability of controversial material that may not be considered of value to an individual or the city. The City will eliminate the capability to access Internet sites that are generally considered inappropriate.
Even if you are able to encrypt your data, anything you transmit over the Internet is subject to interception, reading, and copying by other people. This includes E-Mail, personal information and passwords that are transmitted when you log into an account or log into another computer.
4. Voice Mail
Voice mail is a means of communication that is in and of itself unique. It is similar to a telephone conversation, but it creates a "record". This should always be remembered by anyone using this technology. By the very definition of a record, the sender must remember that the message can also be saved, replayed, and shared with others that the sender did not intend. It also can be used in litigation. The same rules of password protection and confidentiality that concern other technologies also apply here.
5. Emerging Technologies
This procedure does not address the specific details of technologies that are yet to be invented or implemented within city government. This procedure should be sufficient to allow you to determine the acceptable use of any new or emerging technology. If you have any questions regarding appropriate use of a particular technology not specifically covered in this procedure, please contact the City Recorders Office/IMS at phone number 535-7948 and ask for the IMS Security Administrator or Kendrick Cowley, CIO or Mike Freeland Deputy Director of IMS and they will be glad to help you.