HomeMy WebLinkAboutAgenda Report - December 2, 2020 C-20AGENDA ITEM
(2,a2D
CITY OF LODI
COUNCIL COMMUNICATION
AGENDA TITLE: Adopt Resolution Approving Network Access and Acceptable Use Policy, and
Code of Conduct for Managing Confidential Information
MEETING DATE: December 2, 2020
SUBMITTED BY: Information Technology Manager
RECOMMENDED ACTION: Adopt resolution approving network access and acceptable use
policy, and code of conduct for managing confidential information
BACKGROUND INFORMATION: Technology is constantly changing as are the ways employees use
technology to perform work functions. An up-to-date acceptable
use policy is a primary part of cyber security awareness and
regulating code of conduct to ensure safe and appropriate use of
the City's network.
The City's original network access policy was adopted December 17, 2008. Since its adoption, how
staff use the City's network and internet has changed and grown. Staff are more reliant on the internet
and network resources to perform basic job duties. An updated network access and acceptable use
policy gives guidance to staff to maintain cyber awareness over the City's network.
The code of conduct for managing confidential information is important to protect and secure
confidential information that could be used to commit fraud or for other illegal activity. Confidentiality
builds trust between employer and employee. Strict data protection rules must be followed when
managing private information as stipulated by California AB 1274. The updated policy helps to ensure
the City is in compliance with this new legislation and employees are aware of their responsibility in
maintaining confidentiality of information obtained through conducting City business.
FISCAL IMPACT: While there is no direct fiscal impact from this item, the impact of a violation
of above policies could result in damage to City's network infrastructure or a
data breech. Costs to repair or replace infrastructure, including business
operations downtime and possible litigation due to improper disclosure of
personally identifiable information are all individually very expensive.
FUNDING AVAILABLE: N/A
Benjamin Buecher, Information Technology Manager
APPROVED: Steges Awa (kov 17,20201035 PST)
Stephen Schwabauer, City Manager
Andrew Keys, Deputy City Manager/Internal Services Director
City of Lodi Final DRAFT
Computer Network and Internet Access Agreement
Disclaimer
The Internet is a constantly growing worldwide network of computers and servers that contain millions of pages of information. Users
are cautioned that many of these pages include offensive, sexually explicit, and inappropriate material. Employees and users (herein
referred to as "Users," or "User") accessing the Internet do so at their own risk and understand and agree that the City of Lodi (herein
referred to as "City,") is not responsible for material viewed or downloaded by users from the Internet. To minimize these risks, your
use of the Internet while using the City's computer network or City issued electronic devises (including laptops, tablets, and mobile
phones) is governed by this policy:
Definitions
Excessive: more than is necessary, normal or desirable; (It is up to departments to determine what constitutes excessive behavior as
pertaining to the actions of an employee.)
Permitted Use of Internet and City computer network
The computer network is the property of the City and is to be used for legitimate business purposes. Users are provided access to the
computer network to assist them in the performance of their jobs. Additionally, certain Users are provided with untethered access to
the Internet through the computer network. All Users have a responsibility to use the City's computer resources and the Internet in a
professional, lawful and ethical manner. Abuse of the computer network or the Internet, may result in disciplinary action, up to and
including termination, and civil and/or criminal liability and penalties.
Computer Network Use Limitations
PROHIBITED ACTIVITIES. Without prior written permission from the City Information Technology Manager, the City's
computer network may not be used to disseminate, view or store commercial or personal advertisements, solicitations, promotions,
destructive code (e.g., viruses, Trojan horse programs, etc.) or any other unauthorized materials. Occasional limited appropriate
personal use of the computer is permitted if such use does not; a) interfere with the User's or any other employee's job performance; b)
have an undue effect on the computer or City network's performance; or c) violate any other policies, provisions, guidelines or
standards of this or any other City policy. Further, at all times Users are responsible for the professional, ethical and lawful use of the
City's computer network.
ILLEGAL COPYING. Users may not illegally copy or disseminate material protected under copyright law or make that material
available to others for copying. You are responsible for complying with copyright law and applicable licenses that may apply to
software, files, graphics, documents, messages, and other material you download or copy from the internet. You may not agree to a
license or download any material for which a registration fee is charged without first obtaining the express written permission of the
City Information Technology Manager.
COMMUNICATION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) / CONFIDENTIAL CITY
INFRASTRUCTURE. Unless expressly authorized to do so, Users are prohibited from sending, transmitting, or otherwise
distributing proprietary information, data or other confidential information belonging to the City. Unauthorized dissemination of such
material may result in disciplinary action up to and including termination of employment, as well as substantial civil and criminal
liability and penalties under state and federal Economic Espionage laws. Any sharing of PII or confidential City information will be
coordinated with the City's Information Technology Division and shared/transmitted in a manner that meets or exceeds NIST 800-53
internet security protocols and levels of encryption.
ACCESSING THE INTERNET. To ensure security, to avoid the spread of viruses & malware, and to maintain the City's Computer
Network and Internet Access Policy, employees may only access the Internet through a computer connected to the City's network and
approved Internet firewall or other security device(s). Bypassing the City's computer network security by accessing the Internet
directly by personal connections such as but not limited to Cellular Networks, Wimax, modems, or proxy avoidance techniques or by
any other means is strictly prohibited and may result in disciplinary action, up to and including termination of employment.
wCITYOFLODI Network Access Policy V.12.2.2020
FRIVOLOUS USE. Network bandwidth and storage capacity have finite limits. Users must not deliberately perform acts that waste
computer resources or unfairly monopolize resources to the exclusion of others. These acts include, but are not limited to, sending
mass mailings not related to City business or chain letters, spending excessive amounts of time on the Internet, playing games,
engaging in online chat groups or other social media, uploading or downloading large files, excessive streaming audio and/or video
files, or otherwise creating unnecessary loads on network traffic associated with non -business-related uses of the Internet.
VIRUS DETECTION. Files obtained from sources outside the City, including storage devices brought from home, files downloaded
from the Internet, newsgroups, bulletin boards, or other online services; files attached to e-mail, and files provided by customers or
vendors, may contain dangerous computer viruses that may damage the City's computer network. Users should never download files
from the Internet, accept e-mail attachments from outsiders they are not expecting, or use storage devices from non -City sources,
without first scanning the material with City -approved virus checking software. If you suspect that a virus has been introduced into the
City's network, notify Information Technology staff immediately.
NO EXPECTATION OF PRIVACY. Employees are issued computers and Internet access to assist them in the performance of their
jobs. Employees should have no expectation of privacy in anything they create, store, post, send or receive using the City's computer
equipment or use of the City's computer network or Internet. The computer network is the property of the City and may be used only
for City purposes as set forth in this policy.
WAIVER OF PRIVACY RIGHTS. User expressly waives any right of privacy in anything they create, store, post, send or receive
using the City's computer equipment, network or Internet access. User consents to allow City personnel access to and review of all
materials created, stored, sent or received by User through any City network or Internet connection or on any City's issued electronic
devises.
MONITORING OF COMPUTER AND INTERNET USAGE. The City has the right to monitor, log, and archive any and all
aspects of its Computer system including, but not limited to, monitoring Internet sites visited by Users, monitoring chat and
newsgroups, monitoring file downloads, and all communications sent and received by users via Email, instant messaging, chat and
social networking. The City has the right to monitor and log all activity performed by Users on the City network in accordance with
normal daily operations.
BLOCKING SITES. The City has the right to utilize hardware and software that makes it possible to identify and block access to
Internet sites containing material deemed inappropriate or unnecessary for use in the workplace. This includes but is not limited to;
Drug Abuse; Hacking; Illegal or Unethical; Discrimination; Violence; Proxy Avoidance; Plagiarism; Child Abuse; Alternative Beliefs;
Adult Materials; Advocacy Organizations; Gambling; Extremist Groups; Nudity and Risque; Pornography, Tasteless; Weapons;
Sexual Content; Sex Education; Alcohol; Tobacco; Lingerie and Swimsuit; Sports; Hunting; War Games; Online Gaming; Freeware
and Software Downloads; File Sharing and Offsite Storage; Streaming Media; Peer-to-peer File Sharing; Internet Radio or TV;
Internet Telephony, Online Shopping; Malicious Websites; Phishing; SPAM; Advertising; Brokerage and Trading; Web -Based
Personal Email; Entertainment; Arts and Culture; Education; Health and Wellness; Job Search; Medicine; News and Media; Social
Networking; Political Organizations; Reference; Religion; Travel; Personal Vehicles; Dynamic Content; Folklore; Web Chat; Instant
Messaging or IM; Newsgroups and Message Boards; Digital Postcards; Real Estate; Restaurant or Dining; Personal Websites or
Blogs; Content Servers; Domain Parking; Personal Privacy; Finance and Banking; Search Engines and Portals; Government and Legal
Organizations; Web Hosting; Secure Sites; or Web -based Applications.
Department supervisors can request restricted sites and content be accessible if the content is relevant and necessary for an employee
to perform his or her duties for the City.
Acknowledgement of Understanding
I have read and agree to comply with the terms of this policy governing the use of the City's computer network. I understand that
violation of this policy may result in disciplinary action, up to and including termination of employment, in addition to civil and
criminal liability and penalties.
Print Name:
Department:
Signature:
Date:
CITYOFLODI Network Access Policy V.12.2.2020
Code of Conduct for Managing Confidential Information Final DRAFT
City of Lodi
Management of Confidential Information
As an employee, your responsibilities with the City may require you to have access to confidential nonpublic information. Such
information may contain personally identifiable material about the City of Lodi, its employees or customers. It is your responsibility
to maintain the confidentiality of information entrusted to you by the City and our customers. You will be held responsible to act on
consumer information as outlined in Fair and Accurate Credit Transactions Act (FACTA). The act stipulates requirements for
information privacy, accuracy and disposal and limits the ways consumer information can be shared.
When dealing with confidential information:
• Never view it for a non -business reason,
• Never use it for personal gain or advantage,
• Never share it without appropriate approval, and
• Never change, update, or manipulate your own account or the account of a family member, friend or coworker.
When collecting and accessing confidential information, make sure that it is appropriately protected and secure. This obligation
continues even after you are no longer employed by the City of Lodi. Revealing nonpublic information that you obtained in the
course of your employment with the City of Lodi is a violation of this Code of Conduct and may be illegal.
(California AB -1274 - https://Ieginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill id=201320140AB1274 )
Safeguard confidential information, keeping it secure, limit access to those who need to know it in order to do their job.
• Never transmit personal or confidential information via Email. Email is not secure.
• Avoid discussing confidential information in public areas.
• Confidential information is not to be shared with a third party without appropriate approval, consult the Information
Technology Division for assistance.
• Never store confidential information on your PC hard drive or portable storage device.
• Use secure folders on the network drive to store confidential information.
• Never access confidential information from a non -secure internet connection outside the City's secure network.
Customer and Employee Confidential Information
Customer information includes any information about a specific customer that can be used to personally identify a customer,
including such things as name, address, Social Security number, phone numbers, contact names and billing data, such as balance
owed, energy usage or account number. Never disclose information about a customer unless:
• Legally required to do so (for example, under a court -issued subpoena); or
• The information is necessary to be disclosed for the City to provide utility services.
Employee information includes information about a specific employee, including such things as name, home address, Social Security
number, personal phone numbers, and date of birth, benefits, images, and performance evaluations.
• Never disclose such information to another employee or a third party without appropriate approval.
• Forward requests for employee information and references to Human Resources.
I understand the willful violation or disregard of this code of conduct may result disciplinary action up to and including the loss of
employment with the City of Lodi.
Print Name
Signature
Department
Date
CITY OF LODI I Management of Confidential Information V.12.2.2020
RESOLUTION NO. 2020-293
A RESOLUTION OF THE LODI CITY COUNCIL APPROVING
NETWORK ACCESS AND ACCEPTABLE USE POLICY, AND CODE
OF CONDUCT FOR MANAGING CONFIDENTIAL INFORMATION
WHEREAS, technology is constantly changing which means they way in which
employees use technology to perform work functions also changes; and
WHEREAS, an up-to-date acceptable use policy is a primary part of cyber security
awareness and regulating code of conduct; and
WHEREAS, the City's Network Access Policy was adopted December 17, 2008. Since
its adoption, the manner in which staff uses the City's network and internet has changed and
grown. Staff is more reliant on the internet and network resources to perform job duties. An
updated Network Access and Acceptable Use Policy gives guidance to staff to maintain cyber
awareness over the City's network; and
WHEREAS, the Code of Conduct for Managing Confidential Information is important to
protect and secure confidential information that could be used to commit fraud or other illegal
activity. Confidentiality builds trust between employer and employee. Strict data protection rules
must be followed when managing private information, as stipulated by California AB 1274.
NOW, THEREFORE, BE IT RESOLVED that the Lodi City Council does hereby approve
the Network Access and Acceptable Use Policy, and Code of Conduct for Managing Confidential
Information; and
BE IT FURTHER RESOLVED, pursuant to Section 6.3q of the City Council Protocol
Manual (adopted 11/6/19, Resolution No. 2019-223), the City Attorney is hereby authorized to
make minor revisions to the above -referenced document(s) that do not alter the compensation or
term, and to make clerical corrections as necessary.
Dated: December 2, 2020
I hereby certify that Resolution No. 2020-293 was passed and adopted by the City Council of the
City of Lodi in a regular meeting held December 2, 2020 by the following votes:
AYES: COUNCIL MEMBERS — Chandler, Nakanishi, and Mayor Kuehne
NOES: COUNCIL MEMBERS — None
ABSENT COUNCIL MEMBERS — Mounce
ABSTAIN: COUNCIL MEMBERS — None 41
JENNIF R CUSMIR
City Clerk
2020-293