San Mateo County – Internet Policy
Revision Date: October 28, 2019
Download Signed/Official version
This memorandum replaces an earlier version of Memorandum F-3, which was last updated on October 27, 2014. In order to ensure countywide compliance and uniformity, all other individual departmental policies regarding the appropriate use of the Internet shall be superseded by this memo.
The purpose of this policy is to outline appropriate use of Internet resources by the County of San Mateo's emplo ye e s, contractors, vendors, in te rns , volunteers, known collectively as Workforce Members. Access to the Internet through the County's network is a privilege and carries the responsibilities of ethical use and good judgement.
Considerable resources have been committed to provide Internet availability. This Internet Usage Policy is designed to help County Workforce Members understand the proper use of those resources and that inappropriate use exposes the County to risks including virus attacks , Internet bandwidth saturation, negative publicity , and potential legal concerns.
This policy applies to all County Workforce Members, all equipment that is owned or leased by the County , and to all connections to the County network inclusive of wired, wireless, mobile, and remote connections . Workforce Members are expected to be familiar with and comply with this policy.
The purpose of Internet access is to provide services and information to be used to support County business activities and to support job functions only.
A. Acceptable Use of the Internet:
The list below is an attempt to provide a framework for activities that fall into the category of acceptable use. This list is, by no means, exhaustive :
- Obtaining information regarding County business, i.e., policy, legislation, public meetings, technical research, etc.
- Transmitting or receiving a file or document that does not fall into the category of unacceptable use.
- Providing information regarding County business to the public, i.e. , meeting agendas, key points of contact, etc.
- Delivery of County services , such as tax payments, health education, and disaster coordination .
- Incidental use of the internet, i.e ., less than ten (10) minutes at a time, for checking bank balances, transit schedules, traffic congestion , map sites for directions, etc.
B. Unacceptable Use of the Internet:
In applying this policy, the evaluation of each case will depend upon particular circumstances and other important factors such as materiality or reasonableness. The ultimate decision as to unacceptable use, however, lies with each Workforce Member's supervisor, as that person should have direct knowledge of the business needs of the individual Workforce Member .
Therefore, County Workforce Members should consult with their supervisor in advance if they have any questions about the appropriateness of Internet use. A supervisor's decision cannot, however, circumvent other County policies and procedures that may restrict personal use beyond the limitations cited in this policy.
The list below is by no means exhaustive but is an attempt to provide a framework for activities that fall into the category of unacceptable use:
- Illegal activities under local , state, federal, or international laws are strictly prohibited.
- Accessing any kind of website to view images or documents that are in violation of the County's Equal Employment Opportunity Policy on Discrimination and Harassment , including sexual harassment. In addition, such violative material, including sexually explicit images and documents may not be viewed, archived , stored, distributed, edited or recorded using the network or computing resources.
- Downloading software from the Internet without prior written approval of the Chief Information Officer (CIO) or designee .
- Introducing malicious software onto the County network and/or jeopardizing the security of the County's electronic communications systems .
- Downloading any executable files or programs which would change the configuration of the user's system by anyone other than department IT staff or staff from ISO.
- Installing or running any programs or services that provide ongoing communications with the Internet which are not approved by the CIO or designee, including but not limited to non-County instant messengers, screen savers, peer-to-peer communications (bitTorrent, etc.), or other on-line services to access the Internet on County computers that do not fulfill legitimate job functions.
- Accessing any on-line gambling, on-line trading or any non-work-related internet sites, including but not limited to on-line auctions, and gaming sites (e.g., gamezilla.com, mpog.com,eBay, casino.com etc.).
- Accessing any streaming media sites which do not fulfill legitimate job functions (viewing full episodes of network television shows, internet radio)
- Conducting any non-County business activity not listed above for a period of longer than 10 minutes.
- Transferring or storing files to any cloud storage platform that has not been approved by the CIO or designee.
- Signing up for Internet accounts using County email address without prior approval of the CIO or designee.
- Personal cloud storage services, such as Dropbox, Google Drive, I Cloud, etc. may not be used for the storage, manipulation, or exchange of County-related data including, but not limited to, any data that has been deemed sensitive or confidential such as that covered by the Health Insurance Portability and Accountability Act (HIPAA), Personal Health Information (PHI), or Personally Identifiable Information (PII).
- Visiting potentially dangerous websites that can compromise the safety of the County's network and computers
C. Personal Use
The County recognizes that use of the County's Internet access resources for personal use may be necessary; therefore, personal use of the County's Internet access resources is permitted subject to this policy. Users, however, should not expect that transmissions made through the County network are confidential.
The use of the County's Internet resources and services for non-work purposes is permitted only in compliance with the following criteria:
- The cost (in time spent using the Internet for non-work activities) to the County must be negligible.
- The use must not hinder productivity or interfere with the County Workforce Member's obligation to carry out his/her duties in a timely and effective manner. Time spent engaged in non-work-related use of County Internet resources is not considered to be County work time.
- The use shall, in no way, undermine the use of County resources and services for official purposes.
- When a Workforce Member uses his or her County email address for registration and/or posting to public forums such as newsgroups, or for the transmittal of electronic mail through the Internet for personal use, that communication must include a disclaimer that the views are those of the County Workforce Member and not the County of San Mateo. Forums should be used with care and not cause any adverse publicity or embarrassment to the County and should neither express nor imply sponsorship or endorsement by the County.
- Use of the Internet must be consistent with local, state, and federal laws regarding obscenity, libel, fraud, piracy (software, film, or music) and those regulating political activities, the marketing of products or services, and addressing other inappropriate activities for example performing unauthorized or illegal actions such as hacking, fraud, or buying/selling illegal goods.
- Internet use shall not result in personal gain (i.e., use of the internet during working hours for outside business activities, posting items for sale, etc.).
4. Management and Administration
The County has software and systems in place that can monitor and record all Internet usage and may monitor as well as report inappropriate Internet use. All sites and downloads are monitored and may be blocked if they are deemed to be harmful to the County network. County Workforce Members shall have no right or expectation of privacy in any Internet activity using County equipment or networks. Supervisors and managers shall have the right to review any Internet activity of any County Workforce Member supervised by them at any time and for any reason and may request restriction of Internet use at any time and for any reason. If the activity to be reviewed goes beyond the department, other department systems and records may be searched with the approval of the head of that department. The County may also restrict access to Internet sites whose content appears to have no purpose related to the business of the County.
The County has other policies that address technology-specific areas including policies on information security, e-mail, and portable computing. Departments may also have internal policies that address these issues. These policies are cumulative and in the event of conflict; the policies providing the County with the greatest level of security apply.
Violators of this policy may be subject to appropriate disciplinary action up to and including employment termination, termination of agreements, denial of service, and/or legal penalties, both criminal and civil. For inappropriate release of Protected Health Information (PHI) or other information related to HIPM, the disciplinary action contained in the Protected Health Information Sanction Policy (Administrative Memos B-27) will apply.