Summary
This policy outlines the rules and responsibilities for users of electronic
mail (email) provided by the state.
Goals
This policy is designed to:
- reinforce that existing standards and policies regarding professional
conduct also apply to computer usage.
- ensure that state employees use information technology resources in
an efficient and effective manner.
- protect state data and computer systems from intentional misuse.
- ensure that state data and records are professionally managed.
Applicability
This policy applies to all state employees, interns, contractors and all
other users of state email systems except for those at state colleges and
universities. Email systems include any email address provided by the State
of Rhode Island to a user.
Policy Statements
- Ethics and Professional Conduct
Users shall:
- use email to communicate for business purposes,
- check email regularly (generally daily),
- identify themselves in a professional manner.
Users shall not:
- send threatening, harassing, demeaning, obscene, profane or otherwise
offensive messages,
- conceal or misrepresent their identity in a message,
- use email for political, profit or illegal activities,
- use the email system following termination of employment.
Personal use of email is permissible provided it does not:
- interfere with work responsibilities,
- promote political, religious, profit making business,
- increase state costs.
- Efficiency and Cost Effectiveness
Users shall not:
- send chain mail, "spam" or otherwise wasteful email,
- send attachments which overload the network,
- intentionally send viruses, worms or other applications or files which
overload or otherwise jeopardize the integrity of the system.
- Security and Privacy
Users shall:
- understand that anything transmitted over the Internet is subject
to interception, reading copying, or modifying by others.
Users shall not:
- use email to release information to third parties without written
or policy approval,
- have any expectation of privacy while using email
- use another persons email account.
- Information Access and Retention
Users shall reguarly:
- remove personal messages and attachments,
- regularly transfer messages of official record to an organized, secure,
and accessible filing system. This may include coordination with agency
records officer(s) to ensure records retention requirements are met.
- remove other messages which are not part of an official record.
Roles and Responsibilities
Users - responsible for reading, understanding and adhering to this
policy.
Managers - are responsible for the effective utilization of technology
by subordinates and compliance with policy standards. Reports of misconduct
will be brought to the attention of the appropriate agency and Human Resources
authority(ies) for corrective action. Minor transgressions will be handled
at the lowest possible level. Incidents that involve ethical, security or
privacy issues or are disruptive to a large user-group must be reports to
Human Resources and IT staffs.
Human Resources Division - responsible for the overall communication
and enforcement of this policy, and subsequent revisions, to state employees.
Also responsible for ensuring that the policy is consistent with other personnel
policies adopted by the State and for recommending revisions to the policy
as changes in working conditions may warrant.
Information Technology Division - responsible for the components of
this policy that pertain to the efficient use of information technology and
resources. Also responsible for assisting the Human Resources staff with the
effective communication and enforcement of the policy.
State Archivist & Public Records Administrator - responsible for the
portions of this policy that pertain to records retention and for assisting
in the enforcement of compliance to those portions.
State Police, Division of Computer Crime - responsible for investigating
criminal activity involving the use of computers.
Compliance
The state reserves the right to examine email for system performance monitoring
and to investigate potential abuse of the State's information technology
resources. Email users will be held accountable for any breaches of policy,
security or confidentiality resulting from the use of this technology. Violations
may result in disciplinary actions. Abuse or misconduct can be reported
(by employees, supervisors, IT staff, the public or others) to the appropriate
agency authority for remedial action. Violations will be handled through
the applicable union contracts, personnel rules, and state and federal statutes.
Depending on the nature and severity of the abuse, violations will be subject
to appropriate disciplinary action, up to and including termination. Criminal
or civil action may be initiated in appropriate instances.
Exemptions
There are two exemptions to this policy.
1) The Colleges and Universities are bound by the policies adopted by the
Board of Higher Education. (URI
Policies)
2) The Department of Corrections does not allow for any personal use of
email. (DOC policy contact)
Agencies may choose to add to this policy, in order to enforce more restrictive
requirements, provided that the additions to this policy are filed with,
and approved by, the Chief Information Officer.
Appeals
Appeals to the findings and enforcement actions recommended by the Human
Resources Division will follow the same procedures as other appeals to the
decisions made by Human Resources.
Authority
- Ethics and Professional Conduct
- -- State Personnel Rules 6.02 Conduct of State Employees. "It is the
duty of every employee to so conduct himself/herself inside and outside
his/her office as to be worthy of the esteem a public employee must
enjoy. . ."
- §34-14-1 Code of Ethics -- Declaration of Policy. "It is the policy
of the State of Rhode Island that public officials and employees must
adhere to the highest standards of ethical conduct, respect the public
trust and rights of all persons, be open, accountable and responsive,
avoid the appearance of impropriety, and not use their position for
private gain or advantage…."
- Efficiency and Cost Effectiveness
- The Information Resources Management Board § 29-8 et. seq. § 29-8-10.
. .
(a) Providing . . .policy direction. . .for the executive branch of state
government and public universities. . .
(c) defining, maintaining, and publishing a timely information resources
management architecture. . . and implementing processes and procedures
to ensure compliance. . .
- Security and Privacy
- § 29-8-10. (n) Recommending procedures and legislation to ensure the
privacy of individuals, with particular emphasis on the potential for
invasion of individual privacy.
- Information Access and Retention
- § 38-1-10. Disposal of records. No public official may mutilate, destroy,
sell, loan, or otherwise dispose of any public record without the consent
of the public records administration program of the secretary of state.
- §38-2. Access to Public Records Act, especially §38-2-2 (4)(i) "Public
record" or "public records" shall mean all documents, papers, letter,
maps, books, tapes, photographs, films, sound recordings, magnetic or
other tapes, electronic data processing records, computer stored data
(including electronic mail messages, except specifically for any electronic
mail messages of or to elected officials with or relating to those they
represent and correspondence of or to elected officials in their official
capacities) or other material regardless of physical form or characteristics
made or received pursuant to law or ordinance or in connection with
the transaction of official business by any agency.
Related Documents
Statewide Information Technology Policies
A
Rhode Island Government Website