New Hanover County

Information Technology Department

Issued:  10/09/02

Policy Number:  5-03

Subject: ACCEPTABLE USE POLICY

PURPOSE AND SCOPE:

The purpose of this policy is to outline the acceptable use of all telephone, FAX, and computer equipment, as well as the networks, pagers, PDA’s, and any other County-owned systems made available to an employee by New Hanover County.  Inappropriate use could expose New Hanover County to virus attacks, security compromises, and possible legal issues.  Any employee found to have violated this policy may be subject to disciplinary action as outlined in the Personnel Manual.

This policy applies to all County employees and other workers or third parties performing work for New Hanover County. This policy applies to all computing, telephonic, and network systems owned or leased by New Hanover County, as well as any non-county-owned equipment that may be attached to a County network.

When using the term network, it is explicitly defined to mean all County voice and data networks as well as any other networks to which the County networks are connected such as the Internet, State networks, the City of Wilmington network, among others.

CHANGE SUMMARY:

01/16/03   Added network usage rules, revised “Purpose and Scope”

11/25/02   Revised to include Confidential/Secure E-Mail usage.

10/09/02   This is the Original Document.

POLICY:

General Use and Ownership

  1. Under no circumstances is an employee of New Hanover County authorized to engage in any activity that is illegal under local, state, federal or international law while using County-owned voice and data equipment or networks.
  1. Employees shall agree that the data they create and store on county systems remains the property of New Hanover County.  Accordingly, there should be no expectation of privacy, confidentiality or ownership of system contents by the users.
  1. Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual Department Heads are responsible for insuring that personal use of County systems is not abused.
  1. Authorized individuals within the New Hanover County Government may monitor equipment, systems, and network traffic at any time for security and network maintenance purposes.
  1. New Hanover County reserves the right to audit networks and systems on a periodic basis to ensure compliance with all applicable guidelines, directives or statutes.

 

Security and Proprietary Information

  1. Most information contained in County systems is open to the public. There are a limited number of exceptions where information is considered confidential, for example: attorney-client privilege, criminal investigations, or specific personnel information.  Employees should take all necessary steps to prevent unauthorized access to this information. 
  1. Numerous State and Federal statutes specify what information may be classified as Confidential.  A Summary of Categories of Confidential Information has been prepared for your convenience by the County Attorney to help you in deciding if your information is considered Confidential under these Statutes.  Classifying information not specifically allowed under these statutes, as confidential or secure is also a violation of the Public Access statutes.
  1. Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. As a guide, system level passwords should be changed quarterly; user level passwords should be changed every six months.

 

E-Mail

  1. To assist staff members with the distribution of written communications, the county has installed a Lotus Notes E-Mail system. The E-Mail system and its contents are County property and are intended to be used for official County business. Incidental personal use of this system is allowed, but such usage must not interfere with County business activities. It is against County policy to use E-Mail for any unlawful activity.  Please review the County E-Mail Policy.
  1. All E-Mail created on County E-Mail systems, except Confidential or Secure E-Mail, is subject to release to the public under the Public Access statutes.  Please review the Summary of Categories of Confidential Information to determine if your E-Mail is Confidential.  Do not designate E-Mail as Confidential if it is not authorized.  Also, there is an additional listing of helpful questions and answers in the Confidential E-Mail FAQ’s.

AntiVirus

  1. All computing devices used by an employee or that are connected to the New Hanover County network, whether owned by the employee or the County, shall be continually executing approved virus-scanning software with a current virus signature file.
  1. Employees must use extreme caution when opening E-Mail or attachments received from unknown senders, which may contain viruses or other types of malicious program.  The County Virus Warning Policy gives guidance should the user suspect that he has encountered a program of this type.

Software Licensing

  1. Most software purchased by the county for use by its staff contains usage restrictions outlined in a license agreement.  Employees are prohibited from making copies of any licensed or copyrighted software.  Unauthorized use of software is illegal and forbidden by this section because it could subject the county to substantial penalties.
  1. Despite the fact that software can be easily obtained via the Internet, local vendors, or other sources, employees are prohibited from installing any software on county computers unless the Information Technology Director has approved that installation.  The county has software that is capable of auditing the contents of all desktop computers and periodic surveys will be conducted to insure that no unauthorized software has been installed.  All unauthorized software found to be causing an operational problem on a county computer will be immediately removed.

 

 

Network Usage

1.      County employees and other workers connected to NHC data or voice networks are expected to use these networks responsibly and professionally and shall make no intentional use of these services in an illegal, malicious, or obscene manner. 

2.      Public employees have a responsibility to make sure that all public information disseminated via the NHC network is accurate. 

3.      Public employees may make reasonable personal use of the NHC data and voice networks as long as:

    1. The direct measurable cost to the public is none or is negligible;
    2. There is no negative impact on employee performance of public duties;
    3. The policy is applied equitably among all employees of the county.

 

 Unacceptable Use

The list below is by no means exhaustive, but is an attempt to provide guidelines for activities which constitute unacceptable use.

 

 

System and Network Activities

The following activities are strictly prohibited, with no exceptions:

·        Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by the New Hanover County Government.

·        Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which New Hanover County or the end user does not have an active license, is strictly prohibited.

·        Introduction of viruses or other malicious programs designed to disrupt or degrade the NHC networks or any County server or computer.

·        Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.

·        Using New Hanover County computing and telephonic systems or networks to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.

·        Making fraudulent offers of products, items, or services originating from any New Hanover County account.

·        Attempting to defeat security features or disrupting network communications. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless this falls within the scope of regular duties.

·        Executing any form of network monitoring, port scanning, or security scanning unless this activity is a part of the employee's normal duties.

·        Circumventing the user authentication or security of any computer, network, or account.

·        Using any program/script/command or message of any kind to interfere with, or disable, the ability of a user to make full use of the County’s telephone, computer, or network systems.

E-Mail and Other Communications

·        Sending unsolicited E-Mail messages (“Spam”), including the sending of "junk mail" or other advertising material.

·        Any form of harassment via E-Mail, telephone or paging, whether through language, frequency, or size of messages.

·        Unauthorized use, or forging, of E-Mail header information.

·        Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.

CHANGE HISTORY:

Version

Date

Author

Comments

A

10/09/02

SCT

Original Document

B

11/25/02

DB

Revised to include Confidential/Secure E-Mail usage.

C

01/16/03

DB

Added network usage rules, revised “Purpose and Scope”