Internet Safety / Acceptable Use of Technology (Employees)
I. Purpose
This administrative regulation provides terms and conditions that must be accepted by City Schools employees, including school and teaching staff, guests, consultants, administrative staff located in headquarters and satellite offices, as well as affiliated agencies. Signatories to this document will be held accountable for acceptable uses, rules of behavior, and access privileges to City Schools Internet, Intranet connections, Email correspondence (sent and received), use of City Schools computer hardware and peripherals, and installation and maintenance of software. Signatories to policy EGD and this administrative regulation acknowledge that they endorse a binding directive of the Baltimore City Board of School Commissioners (the Board) and that a copy of the acknowledgement will be electronically recorded and/or deposited in the employee file of each consenting person. Employee acknowledgement and acceptance of policy EGD and EGD-RA will be electronically recorded twice per year via Active Directory login script distributed to all City Schools administrative computers.
City Schools reserves the right to review and update the acceptable use and conduct provisions in this administrative regulation at any time.
Definitions
A. City Schools “communications systems” refers to the entire City Schools technological infrastructure and encompasses the collective use of the Internet, Intranet, Email, coaxial and wireless telephone, pagers, facsimile machines, computer hardware and peripherals, duplication machines, audio and video recording tape machines, television, Compact Disc (CD-ROM) recorders and players, still and motion picture cameras and projectors, digital environmental control systems, security and safety monitoring systems, and any other instrument or device used to transmit and receive electronic literary and/or audio and visual information.
B. For the purpose of clarity the term “technologies” in the AUTAR refers to any electronic device and instrument that uses, manages, carries or supports audio, video or data and includes, but is not limited to, information transmitted or received via radio, television, cable, microwave, telephone, computer systems, Personal Digital Assistants (PDAs), Smart Phones, networks, and fax machines.
C. The term “user” applies to City Schools employees, including school and teaching staff, guests, consultants, administrative staff located in headquarters and satellite offices, as well as affiliated agents.
D. “Removable media devices” include, but are not limited to:
Portable USB-based memory sticks, also known as flash drives, thumb drives, jump drives, or key drives;
Memory cards such as SD, CompactFlash, Memory sticks, or any related flash drive-based supplemental storage media;
USB card readers that allow connectivity to a PC;
Portable MP3 and MPEG music and media player-type devices such as iPods with external flash or hard drive-based memory that support storage;
PDAs, cell phone handsets, and smartphones with internal flash or hard drive-based memory that support a data storage function;
Digital cameras with internal or external memory support;
Removable memory-based media, such as rewritable Blu Rays, DVDs, CDs, and floppy disks; Any hardware that provides connectivity to USB devices through means such as wireless (i.e. WiFi,
WiMAX, irDA, and Bluetooth) or wired network access. II. Guidelines
A. System Responsibilities
The Chief Information Technology Officer (CITO) will serve as the coordinator to oversee the appropriate use of the City Schools communication system accessibility. Department and division management, as designees of the Chief Executive Office (CEO), are responsible for assisting in the enforcement of EGD and EGD-RA.
B. Filtering
As required by law, City Schools uses filtering technology to screen internet sites for offensive material and prohibit access, to the extent possible, to objectionable, offensive or unsuitable content found on the internet. In addition to the use of filtering technology, the Information Technology Department (ITD) may also block access to certain websites when required by law, including when their use may interfere with the optimal functioning of, or when the website may compromise the security of the City Schools communications systems. In cooperation with the Library/Media Office of Enrichment, the ITD shall establish standards and procedures by which individual websites may be authorized for blocking or unblocking of access from the City Schools network. All blocking and unblocking decisions will be made by the ITD and the Library/Media Office of Enrichment in compliance with applicable laws and the requirements of policy EGD.
1. Access privileges are determined by privacy, freedom of expression, and limitation of usage. Use of the City Schools communications systems is intended for City Schools business and education purposes, with limited personal use permitted. Such personal use must in all circumstances comply with the acceptable use and conduct provisions in this administrative regulation, and must not result in costs to City Schools, or cause legal action against or cause embarrassment to City Schools. Such use must also be appropriate as to duration and not interfere with the user’s duties and City Schools’ business demands.
a. Privacy and Electronic Surveillance
i. Users have no privacy expectations in the contents of their personal files and records of their online activity while using City Schools technologies and the communications systems. All Email, equipment, and documents created, composed, stored, transmitted, and/or received are and remain at all times the property of City Schools. These items are not the private property of any employee or individual, and no employee or individual should have any expectation of privacy when using the City Schools communications systems. City Schools may conduct monitoring and auditing activities from time to time to verify user compliance with the AUTAR.
ii. City Schools specifically reserves the right to access electronic communications and computer files at any time, including but not limited to, whenever necessary for corporate investigations into allegations of misconduct, fraud, or other wrongdoing, for technical maintenance purposes, to assure system security and compliance with Board policy or applicable legal requirements, and any other business purpose.
b. Software Licensing
i. In efforts beyond those that exist in filtering, City Schools has the option to pursue random electronic surveillance when it is discovered that a user has and/or intends to install and/or accesses unauthorized software and/or software that is restricted by licensing to a single user at one workstation while being accessible to multiple users at more than one workstation. Random electronic surveillance may also be used to detect when a user accesses prohibited Web sites and monitor access for use that is not business or education-related.
ii. Users are advised that they will be ordered to produce proof of licensing and when none exists or cannot be produced, a notice to cease and desist will be presented and the software will be deleted. The user may also be subject to discipline by City Schools. The owner(s) of the unauthorized software may institute penalties and / or litigation against the user. City Schools will cooperate with local, state or federal officials in any lawful investigation concerning or
relating to any illegal activities conducted by a user of City Schools technologies and the communications systems.
c. Use of Email
i. The City Schools Email system is designed to facilitate the exchange of information, enhance internal school communications capabilities, and increase productivity. Access to and use of the Email system is limited to City Schools business purposes only.
ii. Expecting certain communications with the Office of Legal Counsel, no privileged information should be contained in an Email document.
iii. Confidential business or student information should be prominently marked “confidential” to indicate the sensitive nature of the Email document. Any City Schools employee who is uncertain as to how to protect confidential information on the City Schools internal Email system should seek assistance from the ITD.
iv. Email documents sent via Internet Email services (i.e. Yahoo! Mail, Gmail, Hotmail, etc.) are not safe from intrusion. Therefore, no privileged, confidential, trade-secret, or business- sensitive information shall be contained in any Internet Email document.
d. Use of Internet
i. The Internet is constantly evolving in application and content. This administrative regulation is not intended to list all forms of acceptable and unacceptable use. Users have the responsibility to use the Internet in an efficient, effective, ethical and lawful manner. Internet users must follow the same code of conduct expected in any other form of written or face-to- face business communication.
ii. The Internet provides a plethora of communication mechanisms, commonly known as “social networking” or “Web 2.0” (i.e. Blogs, Facebook, MySpace, Twitter, etc). The use of Web 2.0 tools on City Schools resources and / or the City Schools communications systems must be for City Schools educational or business purposes only, and must comply with the acceptable use and conduct provisions in this administration regulation. All written communication posted to the Internet should strive for the highest level of professionalism, politeness and courtesy. Users should take all necessary precautions to protect their online privacy by restricting public access to online profiles or other related commentary.
iii. Users should not use commentary deemed to be defamatory, obscene, proprietary, or libelous. Whether using City Schools technology resources or personal technology resources, users should refrain from discussing students or coworkers, or publicly criticizing City Schools policies or employees while conducting their professional duties. Users should exercise caution with regard to exaggeration, colorful language, guesswork, obscenity, copyrighted
materials, legal conclusions, and derogatory remarks or characterizations. City Schools employees, both on and off the work site, shall not accept or encourage “friend requests” from students on unsupervised peer networking or social sites, such as MySpace or Facebook, nor shall employees engage in unsupervised online contact with students. Under no circumstances should City Schools employees post images that include students to social networking profiles or web sites.
iv. City Schools has the option to conduct an investigation when it is discovered or alleged that a user may have violated the Access and Limitations provisions outlined above.
D. Use of Removable Media
1. Removable media devices present a significant security risk to the City Schools communications network. City Schools acknowledges users with a legitimate business requirement to connect removable media devices to City Schools resources for the purposes of transporting large files or working remotely. Users must take precautions to ensure removable media devices being shared between non-City Schools technology resources and City Schools technology resources are free from viruses and other malicious software prior to being connected to the City Schools communications systems. Failure to do so may result in data loss to City Schools, and users will be subject to the penalties outlined in Section G - Penalties.
2. Additionally, users are not permitted to store sensitive data on removable media devices. Sensitive data includes, but is not limited to: personal and financial data of employees or students; federally protected data such as FERPA and HIPAA protected information; state protected data; passwords; and other data considered confidential by City Schools.
E. End Of Use
Access to City Schools technologies and communications systems will cease immediately when a user’s employment is terminated, when the user is in lay-off status, during lengthy leaves of absence, at the conclusion of a public official’s term, and when the relationship/partnership between contractors and/or consultants and City Schools is terminated.
F. Enforcement
Minor infractions of this administrative regulation, when accidental, such as consuming excessive resources or overloading the City Schools communications systems, are generally resolved informally through Email or in-person discussions between the user and the principal or immediate supervisor with advice from the ITD.
1. Major infractions or repeated minor infractions of this administrative regulation may result in penalties that include the temporary or permanent loss of City Schools communications systems access or the modification of the user’s access. More serious violations, such as the unauthorized use or duplication of licensed software, City Schools data files, passwords of other users, repeated harassment and threatening behavior, will be subject to disciplinary action or termination of employment.
2. Any offense that violates local, state or federal laws may result in any and all of the above penalties and may, in addition, lead to the levy of fines and / or arrest, litigation, and imprisonment. Employees will be subject to penalties that are based on levels of assessment.
a. LEVEL I General infractions that result in no loss of data or damage to a technology resource and are not classified as a misdemeanor or felony. This level includes account sharing and misuse of computer resources. Penalty may be suspension of an employee from direct technology resource access for one month and a letter of reprimand deposited in the permanent employee file.
b. LEVEL II Infractions that result in minor loss of data or damage to a technology resource and are not classified as a misdemeanor or felony. This level includes unauthorized deletion of data files and unauthorized shut-down of file servers. Penalty may be suspension from the workplace for up to three days and / or suspension from direct technology resource access for up to six months and a fine to cover replacement of data or resources.
c. LEVEL III Infractions that result in irreplaceable loss of data or severe damage to a technology resource and are classified as a misdemeanor or felony. This includes copyright violations and virus introduction into a computer or network. Penalties may include but not be limited to permanent suspension from direct technology resource access, termination of employment and possible criminal charges.
H. Violations
Conduct that violates this administrative regulation includes the following: 1. Unauthorized use of a computer account;
2. Sharing or revealing City Schools network user account passwords;
3. Using the site level local area network or the City Schools wide area network to gain or attempt to gain unauthorized access to any computer system;
4. Misrepresenting the user’s identity or City Schools in an electronic correspondence;
5. Creating, exchanging, publishing or otherwise distributing in public forums and open communication tools to third parties (for example, via Internet Email, IM, blog postings, chat rooms,
electronic broadcasting services including Twitter, MySpace, Facebook, virtual representatives and more) any of the following: product advertisements, political lobbying or religious promotion, or any other global communication that is disruptive to City Schools operations; confidential City Schools information to unauthorized people or violating City Schools’ data protection policy; otherwise using the Internet in a way that increases City Schools’ legal and regulatory liability;
6. Connecting unauthorized equipment to any part of the City Schools network;
7. Unauthorized attempts to circumvent data protection schemes or uncover security loopholes and/or decrypt intentionally secure data;
8. Using software or Web sites (often called "anonymizers") that attempt to hide Internet activity for the purpose of evading corporate monitoring;
9. Deliberately or carelessly performing an act that will interfere with normal City Schools operation of computers, terminals, peripherals or networks;
10. Deliberately or carelessly installing or running a program intended to damage or to place an excessive burden on City Schools communications systems. This includes, but is not limited to, programs known as computer viruses, Trojan Horses, and worms;
11. Deliberately wasting or overloading computer resources, such as printing large quantities of a document from a workstation;
12. Violating terms of applicable software licensing agreements or copyright laws;
13. Violating copyright laws and their fair use provisions through inappropriate reproduction or dissemination of copyrighted text, images, audio, video, etc.;
14. Using the City Schools Email systems to create, access, or distribute information that is intimidating, sexually suggestive, or otherwise illegal, unprofessional, inappropriate, and/or non-businesslike. Unacceptable electronic communications include, but are not limited to, documents, comments, pictures, slurs, jokes, innuendo, or other forms of communication which contain explicit or implicit references to someone’s age, disability, national origin, race, religion, sex, and/or any other basis prohibited by applicable law. No employee should use vulgarity, obscenities, insults, sarcasm, or other inappropriate communication;
15. Using the City Schools Email system to forward information to any party for the purposes of misrepresentation, unauthorized distribution of confidential information, or any other non-business purpose;
16. Using Email to harass or threaten others (includes sending repeated, unwanted Email to another user);
18. Inappropriate mass-mailing. This includes multiple mailings to news groups, mailing lists or individuals, e.g., spamming, flooding, bombing;
19. Forging the identity of a user or machine in an electronic communication;
20. Transmitting or reproducing materials that are slanderous or defamatory or that otherwise violate existing laws and regulations;
21. Displaying or downloading obscene, lewd or sexually harassing images, text or audio;
22. Attempting to monitor or tamper with another user’s electronic communications or reading, copying, altering or deleting another user’s files or software without the explicit agreement of the user or City Schools’ consent;
23. Using City Schools computing or network facilities to conduct personal or business activities for entertainment or personal gain; and
24. Using City Schools computing or network facilities to engage in activities that do not support student learning, instruction or support processes.
Web Content Standards
1. The worldwide Web is a global database system that provides access to information from around the world. The primary purpose of operating a Web site is for City Schools student users and employee users to share information about curriculum, instruction, authorized activities, and resources that enhance intellectual curiosity and encourage scholastic endeavors or which assist employees in the completion of assigned tasks.
2. To ensure that educational resources are easily accessible to student users and employee users, it is suggested that when users log in to the communications system they fix the City Schools web site as the default home page. Having the City Schools web site as the home page will allow users immediate access to the menu of resources that are available.
3. All subject matter permitted on the City Schools Web page and any and all links and access to other web sites must relate to curriculum and instruction and/or research that is related to the workplace, supervised classroom projects and course work. This administrative regulation prohibits staff and others who have accessibility to the City Schools Web to open, copy, and/or transmit text and graphics from personal and non-work related, non-classroom related home pages.
4. All information developed for a City Schools Web page must adhere to the City Schools Style Guide, and must not contain language and graphic art and/or photographs that are directed to prurient interests, focus on violence, rude behavior, racism, blasphemy, and/or any provocative, anti- social conduct. City Schools Web pages must comply with requirements of the Family Educational
Rights and Privacy Act (FERPA) 20 USC §1232g. A signed consent form must be retained on file in the school and a copy retained on file in the Office of Partnerships, Communications and Community Engagement.
5. No unlawful copies of copyrighted materials may be knowingly produced on or transmitted via City Schools communications systems, including its web server.