Milwaukee County Acceptable Use Policy

Definitions:

• County: Milwaukee County Government
• Directive: This Administrative Directive on Acceptable Use
• Information System: Hardware, Software, Data, Networks, Portable Devices and any other County data processing infrastructure, equipment, technology, components, information or material of any sort.
• Hardware: Physical data processing components, goods or equipment of any sort owned or controlled by the County. Hardware includes Portable Devices.
• Software: Data processing programs on or associated with Hardware, irrespective of where software resides or executes.
• Data: Information, communication, material or graphics of any sort stored or transmitted electronically via the Information System.
• Networks: Connecting systems that allow the Information System to communicate. This includes wireless networks.
• Portable Devices: County portable Hardware, including cellphones, tablets and laptops.
• User: Any person – including a County employee, consultant, contractor or agent – using Information System.

Policy:

• Everything on the Information System, whether job-related or personal, belongs to the County. The County is the sole owner of the Information System and all Data.
• The Information System is owned and controlled by the County and is provided to further the efficient operation of the County’s business. The Information System is not provided for inappropriate uses or for the personal convenience of Users.
• Users have no expectation of privacy when using the County Information System. The County Information System is subject to search at any time by the County or its agents, without notice to or permission of Users.
• All Data, whether or not “personal,” is subject to the County’s monitoring, review, deletion or collection at any time, without notice or permission, to ensure compliance with this Directive, to comply with law enforcement requests, to complete an investigation, to defend the County in legal proceedings, to comply with open records requests or for any other reason consistent with the law. This includes documents, emails, texts, instant messages, graphics, photos or any other items.
• Any Data or Software created by a User in the scope of or related to the User’s employment or work for the County becomes the property of the County upon creation and must not be copied or shared except to assist the User in the performance of his or her County work.
• County employees and contract workers or other non-employee Users will be required to acknowledge and sign this Directive.
• Failure to comply with this Directive will constitute action outside the scope of the User’s County employment or obligations and may result in discipline up to and including termination of the User’s employment or engagement.
• Failure to comply may also result in denial of access to the Information System.
• Federal law may also apply when the crime is committed on a computer or communications device that communicates to another device outside of the state.

Access:

• Only authorized Users may use the County Information System, and only through their own usernames, passwords and other means made available by the County.
• Users must not knowingly share or allow the use of usernames and passwords with anyone, whether or not another User.
• Users may access, use or share Data only to the extent authorized and necessary to fulfill assigned job duties.
• Users are accountable for all work, transactions and communications under their usernames and passwords.
• Users are expressly prohibited from pursuing unauthorized access to restricted areas of the Information System and from accessing or trying to access, copy, alter or delete the Data of any other User without authorization.
• Users requiring job access to material or sites otherwise prohibited under this Directive may submit a specific written request, approved by management, to IMSD for consideration.

Inappropriate Activity:

• Users are expressly prohibited from accessing, displaying, downloading or distributing any Data or material of any sort that could be deemed pornographic, racist, sexist, defamatory, discriminatory, harassing or otherwise offensive or in violation of County policies, resolutions or ordinances, state or federal law, or any other applicable law.
• Users are expressly prohibited from using the County Information System to attempt to probe, scan, disable, overload or breach the security or authentication measures of any system or Network, either internally or externally.
• Users are expressly prohibited from knowingly introducing or propagating any computer virus or other harmful feature in the Information System. Users must use extreme caution when opening e-mail attachments received from unknown senders, which may contain malicious content. A User who becomes aware of a virus or other harmful feature must immediately disconnect from all Networks, cease using the Information System and immediately report the discovery to the IMSD Service Desk at imsdhelp@milwaukeecountywi.gov or call 414-278-7888.

Software:

• Only Software owned, licensed or authorized by the County may be installed or used on the Information System. Users are expressly prohibited from installing or attempting to install unauthorized Software.
• Users must not download Software from the Internet unless specifically authorized to do so by IMSD. Users must not download or distribute pirated Software or Data.

Data and Physical Security:

• Users must store all County-related Data in County designated storage locations where it can be backed up. No personal, non-County Data is to be stored on the Information System nor should the Information System be used to collect, store, transmit or transfer any type of personal data and information.
• Any theft, loss or unauthorized disclosure of Data must be reported immediately to the IMSD Service Desk at imsdhelp@milwaukeecountywi.gov or call 414-278-7888.
• Any Data or material, including personal material, that is stored on the Information System is not private and is subject to County access and disclosure at any time, including to comply with law enforcement requests, to complete an investigation, or to defend the County in legal proceedings.
• Users must take adequate steps to protect the physical security of the Information System by ensuring Portable Devices are securely stored when not in use and workstations are locked when left unattended. Any theft or loss of Hardware must be reported immediately to the IMSD Service Desk at imsdhelp@milwaukeecountywi.gov or call 414-278-7888.
• Users must preserve all Data required to be retained under applicable law, resolution or policy. This includes emails, texts and, where possible, instant messaging where applicable.
• Users who maintain “isolated” Data such as safe combinations, alarm codes, domain name registry passwords, administrative passwords, off-site storage access codes, etc., must contact the IMSD Service Desk at imsdhelp@milwaukeecountywi.gov or call 414-278-7888 to ensure that duplicate copies of the information are securely maintained.

Portable or Mobile Hardware:

• Users who have been issued County Portable Hardware (such as BlackBerrys, smartphones, tablets, or network access devices) or access the County Information System remotely through any other personally owned Hardware that is approved by IMSD must ensure they are protected with a password or a passcode, and must secure the equipment when left unattended.
• The theft or loss of any County- or personally-owned portable or mobile Hardware (such as BlackBerrys, smartphones, or tablets) that accesses the County Information System remotely must be reported immediately to IMSD Service Desk at imsdhelp@milwaukeecountywi.gov or call 414- 278-7888. Users accessing County Information Systems through personally-owned mobile devices (such as an iPhone, Blackberry, smartphone or tablets) must review and sign the County Mobile Device Release and Waiver.
• Users using County Portable Hardware must comply with applicable laws and ordinances restricting mobile device usage while driving.
• Users are not allowed to use mobile devices while operating a vehicle even where it is legal to do so.

Email and Texting, Instant Messaging, Social Media and Internet

General

• Users must not send sensitive or confidential Data over the Internet or via email without adequate protection securing the Data. Examples include credit card numbers, telephone calling card numbers, fixed passwords, health information or customer account numbers which relate to personal identification information or personal health information.
• The Information System, including email, texting, etc., is not to be used to convey non-work-related information other than described in the section on Incidental Personal Use.

Email and Texting

• Users must take particular care when using email or texting as a means of communication because, although often informal in nature, email communications may be subject to production in a legal action or Public Records request.
• Users must not knowingly distribute or forward hoax virus warnings, chain letters, jokes, political commentaries, or similar unsolicited email or texts of any kind.
• Users must not access any other User’s email or texts without explicit authorization from that User (e.g. through Outlook delegates) or proper management permission.
• Users must not send any email or text purporting to come from another User without explicit authorization from that User (e.g., through Outlook delegates).
• Due to their disruptive effect, system-wide or “all user” messages or blasts are prohibited, except as part of the County’s authorized emergency response efforts. Please note the County intranet may provide a suitable location for information of interest to all employees.

Instant Messaging

• Users may access approved instant messaging services only for informal business communication similar to a quick phone call or quick in-person verbal communication, unless the content of the messages is subject to an instruction to preserve records and electronically stored information.
• Users may not send or receive file attachments via instant messaging services.
• Users must communicate only with known and trusted correspondents via instant messaging
• Instant messages should not be used to transfer or record any substantive government information, because instant messages are not normally stored or saved.

Internet and Intranet

Business Internet Access

• When visiting an Internet site, information identifying a User's PC may be logged (i.e. cookies, temp files). Therefore, Users must assume they are identified as County employees or contractors and act appropriately at all times.
• Users must not access websites, blogs, discussion forums, chat rooms or other locations that are in appropriate or have any content that could be construed as defamatory, harassing or otherwise offensive (e.g. pornography, bullying) or in violation of County policies.
• Users must always exercise caution when using a County e-mail address to join networking sites. While such use may be appropriate as part of job duties for some (e.g. LinkedIn), for others this may not be the case.
• Users accessing a web site must comply with its terms and conditions. Users may not infringe copyrights or other protections.
• Users may not use the Information System to download, play or store personal photographs, music or video files (e.g. MP3, MP4) due to capacity, copyright and legal issues. Personal photographs, music and video files will be deleted from County servers when found. Users may not stream video or audio (e.g., Internet radio, Pandora, sports video) who’s content is not directly related to the business of Milwaukee County Government.
• The County routinely blocks access to Internet sites that are deemed to be inappropriate or to pose an information security threat to the County. Access is prohibited. Any attempts to access blocked Internet sites are monitored and recorded. Persistent attempts to access blocked sites may result in discipline or termination.
• The County may monitor and disclose User’s Internet activity to ensure compliance with this Directive or for any other purpose permitted or required by law.

Social Media or Networking Sites

• Users must be mindful of, and clear about, the capacity in which they are participating. Only authorized County spokespersons should make statements on social media sites on behalf of the County.
• Social media or networking sites may be accessed only as needed for the User’s job. Personal use of social media on the Information System is prohibited.
• Interactions on social media or networking sites must comply with all County policies.

Incidental Personal Use

• Incidental Personal Use of the Information System consists of occasional, brief use of the Information System (including email or Internet) for short, routine, non-sensitive, non-confidential communications. For illustration, this might include: an email to check on a child’s arrival home from school, an email to meet someone for lunch, a quick check of the Internet for weather or news.
• Incidental Personal Use is permitted. This use is at the absolute discretion of the County and no User may expect or claim such personal use as a right or expect such use to be private. Excessive use or other abuse may result in discipline or termination.
• Incidental Personal Use is not allowed if it interferes with the performance of the User’s duties, exposes the County to expense or liability, or is unlawful for the County.

Prohibited Uses

In addition to prohibited activity set out elsewhere, the following are also expressly prohibited:

• Users are prohibited from using the Information System for solicitations for outside organizations, political or religious causes, or with the operation or management of any business other than that of the County.
• Users are prohibited from using the Information System for personal online shopping, personal online sales, or other online transactions. Users may use the Information System for occasional, brief access of online services such as online banking, using the User’s personal email and account information.
• Users are strictly prohibited from using County email addresses for non-County business. For example, a County email address may not be used for personal online shopping or financial transactions, personal blog or bulletin board memberships, personal email alerts from merchants or teams, etc., or as part of a payment such as PayPal.
• A County email address may not be used as a User’s personal address for: Facebook, social media, Twitter or similar services, online subscriptions, game systems, online gaming or gambling, couponing, or contests and sweepstakes.
• Use of the Information System for gambling of any sort (including “social” gambling or office pools), games of chance or games of skill, online video games, lotteries, or sweepstakes is strictly prohibited.
• Personal, offensive or inappropriate use of webcams, video conferencing equipment, recording devices or microphones is prohibited.

Users or any other County employees are required to report violations, or suspected violations of the Acceptable Use directives. Violations may expose the County to a host of legal and information security risks. Activities that should immediately be reported to a supervisor include, but are not limited to:

• Attempts to circumvent established computer security systems
• Use or suspected use of virus, trojan horse hacker programs or any other intrusive program
• Obtaining or trying to obtain another User's password
• Using the computer to make harassing or defamatory comments or to violate Milwaukee County's Harassment Policy or Milwaukee County Civil Service Rules
• Illegal conduct of any kind.

Reported violations will be investigated. Failure to adhere to this reporting policy may result in discipline, up to and including discharge.

Users or employees who, in good faith, report violations or suspected violations will be protected from retaliation. However, Users or employees who falsely accuse another of violations without a good faith basis for such accusation are also subject to discipline, up to and including discharge.