[Ord. No. 09-090 §1, 9-1-2009; Ord. No. 10-009 §3, 1-27-2010]
A. Scope.
1. The Electronic Information Policy established by this Section of
the Personnel Administration Program applies to all St. Charles County
employees except as otherwise exempted in the Charter or by ordinance
of the County Council.
2. Elected officials and department heads are required by the Charter
to operate their offices within the guidelines of the Personnel Administration
Program.
3. The County may access electronic information in the course of the
hiring process and in the course of employment.
[Ord. No. 14-128 §16, 12-15-2014]
4. Part 7 applies to all employees, vendors and consultants operating
on behalf of St. Charles County.
B. Purpose.
1. The purpose of this policy is to ensure the proper use of computer
information systems, hardware, Internet and e-mail by St. Charles
County employees and others who may use County-owned equipment, data
or facilities while supporting the needs of St. Charles County citizens,
other customers of County services and County employees.
[Ord. No. 19-112, 12-17-2019]
2. St. Charles County is committed to the utilization of new technologies
to streamline operations, improve service to citizens and to manage
information flow. To further this mission, the County provides access
to various computing technology resources including electronic mail
(e-mail) and access to the Internet. These technology services supplement
and, in some instances, replace former communication methods, such
as written mail or telephone usage.
C. Privacy.
1. There shall be no presumption of privacy while using County-owned
or County-leased equipment or software.
a. The County reserves the right to audit, access and review all matters
on the County's information technology network, including e-mail and
voice mail messages at any time, with or without notice, and that
such access may occur during or after working hours.
b. Use of a County-provided password or code (identification and authentication)
does not restrict the County's right to access electronic communications
and, except where prohibited by law, the County will disclose any
and all information as provided by law.
[Ord. No. 19-112, 12-17-2019]
2. All electronic systems, hardware, software, temporary or permanent
files and any related systems or devices, including e-mail, are the
property of St. Charles County Government. The County can and will
monitor and/or review employee use of these systems and the data held
within each system at any time without notice. This right is exercised
in order to determine whether there have been any violations of law,
breaches of County policy or security, or communications made in violation
of this policy.
3. An employee's use of any County computing system constitutes consent
for the County to monitor information systems usage.
4. The County reserves the right to access the Internet and electronic
information during the hiring process and in the course of employment.
Any electronic information available to the public generally, whether
through blogs or social networking websites, etc., may subject an
employee to disciplinary action.
[Ord. No. 19-112, 12-17-2019]
D. Identification And Authentication.
1. Employees assigned a unique user ID and password to County networks
and systems shall be held responsible and accountable for use and
activity of the ID.
2.
Passwords provide the first line of defense against unauthorized
computer access. The stronger the password, the more protected the
computer will be from hackers and malicious software. The County requires
users to create strong network passwords using a combination of upper-
and lower-case letters, numbers, and symbols. Passwords shall be created
in accordance with the requirements listed by each portal and system
required (i.e., special characters, password length, capital/lowercase
requirements, etc.). If permitted by the particular system requiring
password access for work purposes, each password should have at least
eight (8) characters, including at least one (1) upper case, one (1)
lower case, and one (1) numeric.
[Ord. No. 19-112, 12-17-2019]
3. Passwords or codes corresponding with an employee's unique user ID
shall not be shared with anyone other than the authorized user.
E. Equipment.
1. Unless otherwise authorized by the Director of Administration, the
Department of Information Systems is responsible for providing, downloading,
installing, altering, uninstalling, and supporting County computer
equipment, including hardware and software.
[Ord. No. 19-112, 12-17-2019]
a. Hardware. Only County-owned hardware is allowed.
An employee shall not install or attach any personal hardware to the
County network without approval of the Director of Information Systems.
Employees shall protect County-owned equipment from theft, damage
and unauthorized use. The employee will be responsible for any intentional
damage to County computer equipment.
b.
Extreme diligence must be used to ensure the physical security
of laptops, portable computers, or other mobile devices with access
to the County network or containing County data. Anyone accessing
County systems and applications away from their work stations must
secure their remote workstations from use by unauthorized individuals.
[Ord. No. 19-112, 12-17-2019]
c.
No data storage device shall be utilized in County-owned hardware
without taking reasonable steps to ensure such device is without viruses,
malware, or other contents that could damage the County hardware,
software, or network.
[Ord. No. 19-112, 12-17-2019]
d. Software. Use of unauthorized or unlicensed software
on County equipment is strictly prohibited. No employee may disable
or circumvent anti-virus software without approval of the Director
of Information Systems. An employee shall not install or place software
on any County system without approval of the Director of Information
Systems.
2.
Mobile Device Policy. In order to effectuate
the purposes of this Electronic Information Policy, the Director of
the Department of Information Systems shall have the authority to
adopt, and amend from time to time as necessary, a Mobile Device Policy
applicable to all County employees, contractors and third parties
using mobile devices on the County network and/or to access and/or
store or use County data on a mobile device. The Mobile Device Policy
shall be reviewed and approved by the Director of Administration.
[Ord. No. 14-128 §16, 12-15-2014]
F. Data. All official County records, files and documents must be protected
from unauthorized disclosure and damage. Workstations must be secured
when the user is away by logging off of or locking the workstation.
[Ord. No. 19-112, 12-17-2019]
G. Deliberate or repeated acts that make the County network vulnerable,
including but not limited to downloading files that may include viruses
or malware, clicking links or providing personal information as part
of a phishing attempt, or otherwise making vulnerable the County network
are subject to discipline, up to and including termination from County
employment.
[Ord. No. 19-112, 12-17-2019]
H. All County hardware and software will be properly licensed and used
according to applicable copyright laws.
[Ord. No. 19-112, 12-17-2019]
I. E-mail.
1. Allowed use. The County e-mail system is set up
to conduct County business, however, as with the County phone system,
incidental use by employees that does not interfere with normal job
functions, responsiveness, or the ability to perform daily job duties
is permissible. Sending or receiving personal e-mail on the County
system is permitted, however, it is to be kept to a minimum, should
not impinge on production or work flow and shall be used as seldom,
and kept as brief, as possible. E-mail can be inspected at any time
by appropriate management personnel or requested under the Open Meetings
Act. Employees sending or receiving e-mail for any reason should be
aware that there is no presumption of privacy and they are expected
to conduct themselves at all times so that their messages are appropriate
and do not reflect poorly on County Government.
[Ord. No. 19-112, 12-17-2019]
2. Prohibited use. Any action violating Federal, State
or local laws and regulations. Prohibited use of e-mail includes,
but is not limited to:
a. Creation or distribution of chain letters or viruses, or of any messages
that contain ethnic slurs, racial epithets, or anything that may be
construed as harassment or disparagement of others based on their
race, national origin, sex, sexual orientation, age, disability, religious
or political beliefs;
b. Solicitation, promotion or advertising of any non-County organization,
product or service unless approved by the Director of Administration
as a charitable purpose or unless approved by the Appointing Authority
as a civic purpose;
d. The display of any kind of sexually explicit image or document;
e. Any political activity as prohibited by Section 115.450.2 of the
Ordinances of St. Charles County, Missouri;
f. Any use to conduct business other than County business or to send
or receive messages related to another job.
g.
Clicking links or opening attachments from unknown or untrusted
sources. The legitimacy of an email should be verified before clicking
on any link or opening any attachment.
[Ord. No. 19-112, 12-17-2019]
h.
Use of personal email accounts for official County business
to evade obligations under the Open Meetings Act.
[Ord. No. 19-112, 12-17-2019]
J. Internet.
1. Allowed use. The County Internet and intranet systems
are set up to conduct County business, however, as with the County
phone system, incidental use by employees that does not interfere
with normal job functions, responsiveness, or the ability to perform
daily job activities is permissible. Accessing the County Internet
system is permitted; however, it is to be kept to a minimum, should
not impinge on production or work flow and shall occur as seldom,
and kept as brief, as possible. Employees accessing the Internet or
intranet for any reason should be aware that there is no presumption
of privacy and they are expected to conduct themselves at all times
so that their usage of the Internet or intranet is appropriate and
does not reflect poorly on County Government. All employees should
be aware that Internet or intranet use can be reviewed and inspected
at any time by appropriate management personnel or requested by the
public under the Open Meetings Act. Personal use must not interfere
with business use of the Internet (i.e., using streaming video or
audio that consumes band-width).
[Ord. No. 19-112, 12-17-2019]
2. Prohibited use of the internet includes, but is not limited to:
a. Any action or communication construed as harassing or disparaging
of another person or group of persons for any reason;
b. The display of any kind of sexually explicit image or document;
c. Any political activity as prohibited by Section 115.450.2 of the
Ordinances of St. Charles County Missouri;
d. Any third (3rd) party web application, chat program or browser plug
in not provided for your job function;
e. Downloading, installation or distribution of any software;
f. Hosting of any application;
g. Deliberately propagating any virus, worm, Trojan horse or trap door
program code or other means of disrupting the intended beneficial
use of the network system;
h. Unauthorized representation of St. Charles County Government;
i. Hosting, accessing or updating a personal webpage, blog or other
social networking profile on County time or equipment.
K. Responsibilities. Employees are responsible for:
1. Reviewing and complying with the Electronic Information Policy which
is provided upon hiring and is continuously available online;
[Ord. No. 19-112, 12-17-2019]
2. Abiding by Federal, State and local laws and regulations and the
policy provided for in this Section;
3. Following copyright laws regarding protected digital content or intellectual
property;
4. Minimizing unnecessary network traffic that may interfere with the
ability of others to make effective use of St. Charles County's network
resources;
5. Executing a certification form provided by the Human Resources Department.
L. Exceptions. When approved by an Appointing Authority or
his or her designee and necessary for a criminal investigation, legal
proceedings, trial or other job responsibility, the access, receipt,
transfer and/or retention of computer information prohibited under
this policy is hereby exempt from prohibition pursuant to this policy.
[Ord. No. 19-112, 12-17-2019]
M. Violations. Violations of this policy by County employees
may result in suspension of Internet, e-mail, or other privileges,
or disciplinary action up to and including termination consistent
with County personnel policies.
[Ord. No. 19-112, 12-17-2019]