§ 42-56. Computing practices.  

(1)

General principles.

(a)

This policy governs the use of computers, networks, and other computing resources for Garland County. Garland County provides the resources and is committed to computing and network systems that effectively meet the need of its users.

(b)

Individuals who are granted computing accounts or who use computing resources at the county accept the responsibilities that accompany such access. Use of computing resources in violation of the regulations set forth in this policy will be referred to the immediate supervisor for review.

(c)

Computers and networks can provide access to resources within and beyond the county's computer system, including the ability to communicate with other users worldwide. Such open access is a privilege, and requires that individual users act responsibly. Use of computing and network resources should always be legal and ethical, and show restraint in the consumption of shared resources. It should demonstrate respect for intellectual property, ownership of data, system security mechanisms, the right to personal privacy, and to the right of individuals to freedom from intimidation and harassment.

(d)

All federal and state laws, and the county regulations within this policy are applicable to the use of computing resources. These include, but are not limited to, 20 U.S.C. 1232g; the Electronic Communications Privacy Act of 1986, 18 U.S.C. 2510 et seq.; the Arkansas Freedom of Information Act, A.C.A. 25-19-101 et seq.; and state and federal computer fraud statutes, 18 U.S.C. 1030 and A.C.A. 5-41-101 et seq. Illegal reproduction of software and other intellectual property protected by U.S. copyright laws and by licensing agreements may result in civil and criminal sanctions.

(e)

The county's web site is maintained by the county judge's office. No member of the individual departments may produce a web page, electronic bulletin board, or any other such computer site that purports to be an official publication of the county without the express permission of the county judge.

(2)

Administration of computing resources.

(a)

In general.

1.

The county, in accordance with state and federal law and other department policies, may control access to its information and the devices on which it is stored, manipulated, and transmitted.

2.

The county has the responsibility to:

a.

Develop, implement, maintain, and enforce appropriate security procedures to ensure the integrity and confidentiality of individual and institutional information, however stored; and

b.

Uphold all copyrights, patents, licensing agreements, and rules of organizations that supply information resources to the extent that these do not conflict with other applicable laws and policies.

3.

Responsibility for administering the county's computing and network resources rests with the data processing service, as directed by the county judge.

(b)

System administrators.

1.

A system administrator is any person in the data processing service designated to maintain, manage, and provide security for the county's computing resources, including computers, networks, and servers.

2.

System administrators shall perform their duties fairly, in cooperation with the county staff. They shall adhere to this policy and all other pertinent department rules and regulations. They shall respect the privacy of users to the greatest extent possible, and when necessary shall refer issues or instances of inappropriate use of resources to appropriate county officials and/or department heads for review and potential disciplinary action.

(c)

Data collection.

1.

Given the nature of the technology, a wide range of information can be collected by the department staff using system software. For example, software may be configured to provide aggregate information on the number of users logged in, the number of users accessing certain software, etc.

2.

No information shall be routinely collected that is not required by system administrators in the direct performance of their duties, e.g., routine backups for system recovery, investigating error reports, etc.

(d)

Privacy of electronic files.

1.

Users do not own accounts on county computers but are granted the privilege of exclusive use of their accounts. Use of the county's computing resources for storage or transmission of data does not alter any ownership interest of the user in that data. Users are not entitled to privacy regarding their computer communications and stored data therefore, users should not store or transmit data of a personal nature on county computers.

2.

System administrators will access electronic files, including e-mail files, only as necessary to perform their duties. These duties include installation, enhancement, and maintenance of computers, networks, data, and storage systems, actions necessary to maintain the integrity of the computers, networks, or storage systems; adding, removing or modifying user accounts; or actions necessary to protect the rights or property of the county and/or individual departments, and/or users. Authorized personnel may routinely monitor and log usage data, such as network session connection times and end-points, CPU and disk utilization for each user, security audit trails, and network loading. E-mail messages which are rejected due to some error, e.g., defective addressing, may be reviewed to determine the nature of the error, the significance and immediacy of the rejected message, and what corrective action(s) might be necessary. In all cases, the privacy of users shall be protected to the greatest extent possible.

3.

Because the county is a public agency and all files must be available to satisfy potential FOIA requests, care must be taken when applying computer security procedures to protect files. Because of these accessibility requirements as they relate to the county, the use of password protection methods on individual files is prohibited. This includes but is not limited to the procedures included in many PC-based word processing, spreadsheet, and database software that allow the user to apply a password to an individual file to restrict its accessibility. In the event that special protections on files are needed by a user or group of users, the data processing service will assist the user or users in applying security methods that provide the necessary security while still allowing access by authorized personnel in order to satisfy the county's accessibility requirements.

(e)

The Arkansas Freedom of Information Act.

1.

The electronic files, including e-mail files, of county employees are potentially subject to public inspection and copying under the state Freedom of Information Act (FOIA), Ark. Code Ann. 25-19-101 et seq.

2.

The FOIA defines public records to include data compilations in any form, required by law to be kept or otherwise kept, and which constitute a record of the performance or lack of performance of official functions which are or should be carried out by a public official or employee (or) a governmental agency, A.C.A. 25-19-103(1). All records maintained in public offices or by public employees within the scope of their employment are presumed to be public records; however, various exceptions apply, A.C.A. 25-19-105.

(3)

Use of computing resources.

(a)

In general. This section does not cover every situation involving the proper or improper use of the county's computing resources; however, it does set forth some of the responsibilities that a person accepts if he or she chooses to use those resources. The purpose of this section is to establish rules for the benefit of all users and encourage responsible use of computing resources.

(b)

Use without authorization prohibited.

1.

No one shall:

a.

Connect with or otherwise use any county computer, modem, network, or other computing resource without proper authorization;

b.

Assist in, encourage, or conceal any unauthorized use, or attempted unauthorized use, of any County computer, modem, network, or other computing resource; or

c.

Misrepresent his or her identity or relationship to the county to obtain access to computing resources.

2.

No software can be installed on county computers without prior review and approval by the data processing services. This restriction is instituted to provide for adequate network and PC compatibility, reliability, and stability, to protect from computer viruses, and to ensure compliance with federal copyright laws. In general, only software purchased by and licensed to Garland County, public domain software, or software which is copyrighted but distributed freely (e.g., computer magazine utility programs) will be installed.

3.

Access to resources on the Internet is granted on an individual basis with a memo from the user's supervisor within the individual department. A list of users and their level of clearance for usage of programs, internet and e-mail shall be kept by the individual departments and a copy of the list shall be provided to the county judge for use upon request from the quorum court and/or committees. The clearance list will be updated at least yearly and more often if needed. E-mail and Internet usage will be for county purposes only. Users shall not access computer games of any type with county computers. Users shall not access any computer file, the Internet or e-mail without having the clearance to do so.

(c)

Accounts.

1.

All computer resources shall be used in accordance with the general policies and procedures found in this section of the county employee handbook.

2.

Users shall not subvert restrictions associated with their accounts, such as privileges and levels of access.

3.

No one shall give any password for any department computer or network to any unauthorized person, nor obtain any other person's password by any unauthorized means. Users are responsible for the use of their computer accounts and shall not allow others access to their accounts, through sharing passwords or otherwise except as necessary to perform assigned duties (but in no case to unauthorized persons). Users should take advantage of system-provided protection measures to prevent such access. Data processing services, in the performance of their duties, are authorized to request and use the accounts and passwords of other users.

4.

When a user ceases being employed by the county or is assigned a new position and/or different responsibilities within the county, his or her account and access authorization shall be reviewed. A user shall not use facilities, accounts, access codes, privileges, or information for which he or she is not authorized.

(d)

Security and related matters.

1.

No one shall:

a.

Knowingly endanger or compromise the security of any county computer, network facility, or other computing resource or willfully interfere with others' authorized computer usage;

b.

Attempt to circumvent data protection schemes, uncover security loopholes, or decrypt secure data;

c.

Modify or reconfigure or attempt to modify or reconfigure any software or hardware of any county computer or network facility in any way, unless specific authorization has been obtained; or

d.

Use county computer resources and communication facilities to attempt unauthorized access to or use of any computer or network facility, no matter where located, or to interfere with others' legitimate use of any such computing resource.

2.

No one shall attempt to access, copy, or destroy programs or files that belong to other users or to the county except in the performance of assigned duties, nor shall anyone use county computing resources for unauthorized monitoring of electronic communications.

3.

No one shall create, run, install, or knowingly distribute a computer virus, "Trojan horse," or other destructive program, e-mail, or data via any county computer or network facility, regardless of whether demonstrable harm results. No one shall alter, reconfigure, or remove the anti-virus software on any county computer, except in performance of assigned duties.

4.

The county cannot guarantee the privacy of computer files, e-mail, or other information stored or transmitted by computer, including confidential information; moreover, the county may access such information in accordance with this policy. Persons who have access to confidential or sensitive information shall disclose it only to the extent authorized by the Arkansas Freedom of Information Act, and other applicable laws, and only in connection with official county business.

5.

Users shall not knowingly or recklessly perform any act that will interfere with the normal operation of computers, terminals, peripherals, or networks and shall not intentionally waste or overload computing resources.

(e)

Electronic property. No one shall copy, install, use, or distribute through the county's computing resources any photographs, logos, images, graphics, graphic elements, audio, video, software, html markup, data files, or other information in violation of U.S. copyright, trademark, or patent laws or applicable licensing agreements. It is the user's responsibility to become familiar with the terms and requirements of any such laws or agreements.

(f)

User communications.

1.

Users assume full responsibility for messages that they transmit through the County's computers and network facilities.

2.

No one shall use the county's computing resources to transmit any material prohibited by law.

3.

No one shall use the county's computing and network resources to:

a.

Annoy, harass, threaten, intimidate, terrify, or offend another person by conveying offensive language or images or threats of bodily harm;

b.

Repeatedly contact another person to annoy or harass, whether or not any actual message is communicated, and the recipient has expressed a desire for the contact to cease;

c.

Repeatedly contact another person regarding a matter for which one does not have a legal right to communicate (such as debt collection), once the recipient has provided reasonable notice that he or she desires such contact to cease;

d.

Disrupt or damage the work of another person; or

e.

Invade the privacy of another person or threaten such an invasion where such an invasion is not work-related and allowed by this policy. Any form of harassment or discrimination will not be tolerated by Garland County and appropriate disciplinary action will be taken.

4.

When using the county's computing resources, users shall comply with this policy as well as the regulations and policies of news groups, lists, and other public forums through which they disseminate messages.

5.

Users shall not:

a.

Initiate or propagate electronic chain letters;

b.

Engage in spamming or other indiscriminate mass mailings to news groups, mailing lists, or individuals;

c.

Forge communications to make them appear to originate from another person, e.g., spoofing; or

d.

Engage in resource-intensive activities unrelated to the county's functions.

6.

Any person that believes they are the subject of harassing or discriminatory use of the county's computing or network resources shall immediately contact the county judge's office with the details of the alleged policy violation. The county judge or his/her designated agent shall promptly investigate the allegation and forward their conclusion to the personnel committee and any/all elected officials involved for appropriate action.

(g)

Listserv lists. Approval for a listserv list based on the county's computer system and which is available on the Internet must be obtained from the data processing services. If resources are available, such approval requires that the proposed list:

1.

Not be a duplicate of an existing list; and

2.

Serve the mission of the county.

(4)

Enforcement and sanctions.

(a)

System administrators are responsible for protecting the system and users from abuses such as described in this policy. Pursuant to this duty, system administrators may:

1.

Formally or informally discuss the matter with the offending party; or

2.

Refer the matter to the appropriate disciplinary authority.

(b)

Any violation of this policy may result in the revocation or suspension of access privileges as necessary to avert a degradation or interruption of service to the county. As soon as possible, such action will be referred to the appropriate disciplinary authority.

(c)

Any violation of this policy is misconduct for purposes of personnel policies and may be punished accordingly.

(d)

Any offense that violates local, state, or federal laws, or state or county policies, may result in the immediate loss of all department computing and network privileges and shall be referred to the county judge, personnel committee and/or any necessary law enforcement agencies for investigation and discipline.