Chapter 3.95
HI-DESERT WATER DISTRICT INFORMATION TECHNOLOGY (IT) POLICY

Sections:

3.95.010    Purpose.

3.95.020    Background.

3.95.030    General computer usage policies.

3.95.040    E-mail policies.

3.95.050    General Internet policies.

3.95.060    Website policies.

3.95.065    Internet and social media policies.

3.95.070    Software policies.

3.95.080    Telephone and cellular phone policy.

3.95.090    Cell phone stipend policy.

3.95.100    Legal mandate.

3.95.110    Glossary.

3.95.010 Purpose.

This policy governs the conditions under which all employees operate or use the district’s information technology, computing systems and networks including e-mail and the Internet. This policy should be understood in the broadest possible sense and applies to district network usage even in situations where nondistrict hardware is used for access.

The purpose for the policy is to ensure that all employees have the maximum access possible to ways of generating, storing, and transmitting information in all forms while maintaining the traditional and essential principles of freedom of expression, respect of the rights of other members of the community, and respect for the laws of the larger society in which we exist.

IT equipment takes on two primary forms:

A. Computer Related Tools. This includes, but is not limited to, such things as desktop and laptop PCs, servers, printers, scanners, modems, Internet access, e-mail, and the software that makes such tools functional.

B. Communications Related Tools. This includes, but is not limited to, equipment such as radios, telephones, cellular phones, voicemail, pagers and fax machines.

IT equipment has played an increasing role in a majority of district staff’s daily tasks. The district’s policy is to provide computer and communications equipment to those employees who need it to perform their job responsibilities. These tools are meant to be used on official district business. While this policy is subject to interpretation by the district, clarification of any sections of the policy may be obtained from a supervisor or the IT department. [Res. 10-13 Add. C § 1; Res. 10-12 Exh. A § 1].

3.95.020 Background.

A. Appropriate Use. Access to networks and computer systems owned by the district imposes certain responsibilities and obligations on district employees and is granted subject to district policies; contractual agreements; and local, state, and federal laws. Appropriate use should always be legal, ethical, reflect honesty, reflect community standards, and show restraint in the consumption of shared resources. It should demonstrate respect for intellectual property; ownership of data; system security mechanisms; and an individual’s right to privacy and to freedom from intimidation, discrimination, harassment, and unwarranted annoyance. Appropriate use of computing and networking resources includes, but is not limited to, instruction, independent study, authorized research, communications, and other official work of the district organization.

B. Authorized users are those who have been given specific permission to use a particular computing or network resource owned or operated by the district. This chapter establishes rules and prohibitions that define acceptable use of these systems.

C. Unacceptable use is prohibited, and is grounds for loss of computing privileges, as well as discipline under district rules, policies and procedures and/or legal sanctions under federal, state, and local laws.

Employees and other users of the Internet and e-mail can create criminal and civil liability for themselves and the district by using those systems in an offensive, defamatory or illegal manner and in such event employees and other users of the Internet and e-mail are advised that the district will from time to time monitor systems activities. In that regard, the district may conduct reviews of the content of messages and files, and websites visited on the Internet, including random reviews, when in the exercise of its business judgment, the district determines that it would be prudent to do so.

By using any of these systems, users agree that they will comply with these policies. [Res. 10-13 Add. C § 2; Res. 10-12 Exh. A § 2].

3.95.030 General computer usage policies.

A.    1. Acknowledgement. All users of district computing systems must read, understand, and comply with the policies outlined in this chapter or any future amended document. A signed statement acknowledging awareness of these policies and any amendments will become part of each employee’s personnel file. A copy of such acknowledgement is included as an appendix to the resolution codified in this chapter.

2. Authorized Use. Authorized use of district-owned or operated computing and network resources, which include, but are not limited to, personal computers, servers, electronic mail, Internet, intranet, dial-in access and remote computing, is use consistent with the policies and procedures established by the Hi-Desert Water District in this chapter.

3. District’s Rights. These computer systems, facilities, and accounts are owned and operated by the district. The district reserves all rights, including termination of service without notice, to the computing resources, which it owns and operates. These procedures shall not be construed as a waiver of any rights of the district, nor shall they conflict with applicable acts of law.

The district may control access to its information and the devices on which it is stored, manipulated, and transmitted, in accordance with the laws of California and the United States and the policies of the district. The district reserves the right to access all information stored on all district computers and electronic or telecommunications equipment for any reason.

4. Users shall have no expectation of privacy of any information sent over or stored on the system.

5. Network Administrator Rights. A network administrator, under the guidance of the information technology manager (i.e., the person responsible for the technical operations of the district’s computer network), may access others’ files or accounts for the maintenance of networks and computer and storage systems, such as to create backup copies. The network administrator may also access others’ files or accounts to assist in investigating allegations of misconduct based on reasonable suspicion, violation of district policy or procedure, or violation of local, state, or federal law. If policy violations are discovered, they will be reported immediately to the appropriate supervisor and/or human resources.

6. California Public Records Act. The California Public Records Act (CPRA), Government Code Section 6250 et seq., requires the district to make all public records available for inspection and to provide copies upon request. A public record is any writing (which includes electronic documents) relating to the conduct of the public’s business prepared, owned, used, or retained by the district. The CPRA includes a number of exceptions from the disclosure requirement. Any information on the district’s information system may be subject to disclosure under the CPRA. If there is some doubt, the employee should contact his or her supervisor for advice as to whether the information is a public record.

7. Relation to Other Policies. All district employees have the right not to be harassed or discriminated against through the computer or network usage of others. District policies and procedures on harassment, discrimination, publicity, and other related policies apply to use of district-owned or operated computing and network resources no matter the medium used.

8. Employee Privileges. The following individual privileges, all of which currently exist at the district, empower each authorized user to be a productive member of the district community:

a. Use of district-provided:

i. Computer hardware.

ii. Computer software.

iii. Computer networks and Internet.

iv. E-mail, both internal and external.

v. Training in applications necessary for the performance of assigned duties.

It must be understood that privileges are conditioned upon acceptance of the accompanying responsibilities. Users may not, under any circumstances, transfer or confer these privileges to other individuals. Others shall not use any account assigned to an individual without written permission from the information technology manager. The authorized user is responsible for the proper use of the system, including any password protection.

9. Violations. Violations of these policies will be dealt with in the same manner as violations of other district policies and may result in disciplinary review. In such a review, the full range of disciplinary sanctions is available including the loss of computer use privileges, dismissal from the district, and legal action. Appeals should be directed through existing procedures established for employees. Violations of some policies may constitute a criminal offense.

10. Suspension of Privileges. The district may suspend computer and network privileges of an individual for reasons relating to the violation of district policies, contractual agreements, or local, state, or federal laws. This includes but is not necessarily limited to instances of employee termination, investigations of computer misconduct or when the employee is deemed to represent a direct threat to the computer system. Access will be promptly restored when safety and well-being can be reasonably assured, unless access is to remain suspended as a result of formal disciplinary action imposed by the district.

11. Acquisitions. All hardware and software acquisitions will be reviewed and approved through information technology.

B. User Responsibilities. All users have the following responsibilities:

1. Report Unauthorized Access. To report any discovered unauthorized access attempts or other improper usage of district computers, networks, or other information processing equipment. If a user observes or receives a report of a security or abuse problem with any district computer or network facilities, including violations of this policy, the user must: take immediate steps as necessary to ensure the safety and well-being of information resources, and advise the supervisor and the IT manager.

If necessary, the IT manager will temporarily disable any offending or apparently compromised computer accounts and/or temporarily disconnect or block offending computers from the networks.

2. Privacy. With the exception of subsection (A) of this section, routine computer behavior is to respect the rights of privacy for all, including, but not limited to, files of personal information and programs, no matter on what medium they are stored or transmitted. No user should look at, copy, alter, or destroy anyone else’s personal files without explicit permission (unless authorized or required to do so by law or regulation). Simply being able to access a file or other information does not imply permission to do so.

3. Ethical Behavior. To behave ethically, and comply with all legal restrictions regarding the use of information that is the property of others. No material or verbiage should be put into the district’s information technology systems that could not be displayed in an open public forum, with the exception of district-sanctioned confidential material.

4. Information Integrity. To be aware of the potential for and possible effects of manipulating information, especially in electronic form, and to verify the integrity and completeness of information that is compiled or used.

5. Security and Backups. Due to the need to maintain appropriate backup of all district data, this type of data should not be stored on personal hard drives. All district data is required to be stored on the network drives and will be backed up by the network administrator or information technology manager. Data stored on personal hard drives will not undergo proper and mandatory backup and therefore may be lost.

6. Outside Networks. Many of the district computing systems provide access to outside networks, both public and private, which furnish electronic mail, information services, bulletin boards, conferences, etc. Users are advised that they may encounter material that may be considered offensive or objectionable in nature or content. Users are further advised that the district does not assume responsibility for the contents of any of these outside networks.

The user agrees to comply with the acceptable use guidelines for whichever outside networks or services they may access through district systems.

The user agrees to follow proper etiquette on outside networks. Documents regarding etiquette are available through the respective network administrator(s) and through specific individual networks.

7. Investigative Activities. If a user is contacted by a representative from an external organization (district attorney’s office, FBI, etc.) who is conducting an investigation of an alleged violation involving district computing and networking resources, the user must inform their supervisor immediately. The user must refer the requesting agency to their supervisor who, under the authority of the general manager and/or human resources manager, will contact the district attorney for guidance regarding the appropriate actions to be taken. The department head will simultaneously inform the information technology manager.

C. Prohibited Activities.

1. Game Playing. District computing and network services are not to be used for recreational game playing.

2. Passwords. Computer accounts, passwords, and other types of authorization are assigned to individual users and must not be shared with others. Users are responsible for any use of their accounts. Users may not run or otherwise configure software or hardware to intentionally allow access by unauthorized users. The IT manager reserves the right to change passwords if deemed necessary by the general manager.

3. Termination. When a user is terminated, access will be terminated at the time of termination. If a user is assigned a new position and/or responsibilities within the district, the user’s access authorization will be reviewed. No user may use facilities, accounts, access codes, privileges, or information for which appropriate authorization has not been obtained.

4. Special Access. Special access to information or other special computing privileges is to be used in performance of official duties only. Information that a user obtains through special privileges is to be treated as private and confidential.

5. Harassment/Discrimination and Other Prohibited Behavior. No member of the district staff may, under any circumstances, violate district policies and procedures on harassment, discrimination, and other related policies through use of district-owned or operated computing and network resources. An employee, who uses the district’s computing systems to harass or make defamatory remarks, shall bear full responsibility for his or her actions. Further, by using these systems, users agree that individuals who transmit such remarks shall bear sole responsibility for their actions. Users agree that district’s role in managing these systems is only as an information carrier, and that they will never consider transmission through these systems as an endorsement of said transmission by the district.

6. Willful Damage. Harmful activities such as, but not limited to, the following, are prohibited: creating or propagating viruses; disrupting services; damaging files; and intentionally destroying or damaging equipment, software, or data belonging to the district. Further, users may not obtain unauthorized extra resources; deprive other users of authorized resources; gain unauthorized access to systems by using knowledge of a special password, loopholes in computer security systems, or another user’s password; or gain unauthorized access to resources used during a previous position within the district. Sending electronic communications anonymously or under an assumed name is prohibited.

7. Suggestive Material. The district specifically forbids sexually suggestive material including computer software, photographs, cartoons, pictures or jokes.

8. Copyright. Users are prohibited from using, inspecting, copying, and storing copyrighted computer programs and other material, in violation of district policy on intellectual property and copyright laws. Computer software protected by copyright is not to be copied from, into, or by using district computing facilities, except as permitted by law or by the contract with the owner of the copyright. This means that computer and microcomputer software may only be copied in order to make backup copies, if permitted by the copyright owner. The number of copies and distribution of copies may not be done in such a way that the number of simultaneous users in a department exceeds the number of original copies purchased by that department.

9. Licenses. No software may be installed, copied, or used on district resources except as permitted by the owner of the software and the express permission of the information technology manager. In all cases, the Hi-Desert Water District regulates the addition of software to the system. Software subject to licensing must be properly licensed and all license provisions (installation, use, copying, and number of simultaneous users, terms of license, etc.) must be strictly adhered to pursuant to the contractual agreements and applicable laws.

10. Political Campaigns. The district does not permit use of district-owned or operated computers and network resources for activities that might be construed as political campaigning.

11. Commercial Activities. The district does not permit use of district-owned or operated computer and network resources for commercial advertising.

12. Outside Work. Computing facilities, services, and networks may not be used in connection with compensated outside work or for the benefit of organizations or individuals not directly related to the district, except in the cases of incidental use or other use subject to arrangements between the user and the user’s supervisor. [Res. 10-13 Add. C § 3; Res. 10-12 Exh. A § 3].

3.95.040 E-mail policies.

A. The term “e-mail” as used here includes in-house electronic mail, both via the PC system and Internet mail. E-mail is to be used only for district business as outlined below.

District business includes communication on district programs, meetings, issues, etc. Anything that is funded by the district and to which district staff are assigned to coordinate, manage, implement, etc., is considered district business. Examples of public service announcements include those concerning emergencies, lost items and district-sponsored events.

The district, as provider of access to the Internet and e-mail, reserves the right to specify how the district’s network resources will be used and administered to comply with this policy. It is important to realize that the message content sent from the district account reflects upon the district (positively or negatively) to those who receive and/or otherwise access the message.

The district has created an approved e-mail signature which is to be used by all employees when creating or responding to e-mail. No other electronic signatures are authorized when conducting district business.

Employees may be subject to disciplinary actions for using these resources in a manner other than for their intended purposes.

It is not possible for any Internet access provider to fully manage the types of information accessible by its systems and users, especially with regard to content limitations. Nonetheless, the district reserves the right to restrict access to any data source if/when, in its sole discretion and after appropriate review, the district determines such a source to be problematic. Such restrictions do not constitute an implication of approval of other non-restricted sources. Without exhausting all the possibilities, the following are examples of inappropriate use of e-mail:

1. Exposing others willingly or unwillingly, either through carelessness or intention, to material which is offensive, obscene or in poor taste. This includes information which may create an intimidating, offensive or hostile work environment.

2. Any use that may, for a reasonable person, create or further a hostile attitude or give offense on the basis of race, color, religion, national origin, citizenship, ancestry, marital status, gender, disability, age, veteran status or sexual orientation.

3. Communications of confidential district information to unauthorized individuals within or outside of the district.

4. Sending messages or information which is in conflict with applicable law or district policies, rules or procedures.

5. Theft or unauthorized copying of electronic files or data.

6. Initiating or sustaining chain letters or mass mailings.

7. Intentional misrepresentation of one’s identity for improper or illegal acts.

8. Any form of non-secular material or information.

B. Management Right. Management has the right to access all e-mail files created, received or stored on district-funded systems and such files can be accessed without prior notification.

C. Individual Responsibility. The user agrees that, in the unlikely event that someone does transmit, or cause to be transmitted, a message that is inconsistent with district policy or is of misleading origination, the person who performed the transmission will be solely accountable for the message, not the district, which is acting solely as the information carrier.

D. Confidential Information. All employees are required to protect the integrity of the district’s confidential information as well as the confidentiality of others. Employees must exercise a greater degree of caution in transmitting confidential information on the e-mail system than with other communication means because of the reduced effort required to redistribute such information. Confidential information should never be transmitted or forwarded to other employees inside the district who do not have an authorized need to know the information. To reduce the chance that confidential information may inadvertently be sent to the wrong person, avoid misuse of distribution lists when sending information and make sure that any lists used are current. Review each name on any list of recipients before transmission to ensure that all recipients have a need to know the information. If you are unsure whether information is confidential, consult your supervisor. Some types of information which can be confidential include, but are not limited to:

1. Information from a person’s personnel file.

2. Personal information about other employees, such as home addresses and phone numbers.

3. Information relating to litigation or administrative hearings of a criminal or civil nature.

4. Information which, if released, would give a competitive advantage to one competitor or bidder over another.

5. Information related to location or price of property the district might buy.

6. Private correspondence of elected officials.

7. Trade secrets, commercial or financial information of outside businesses.

8. Information related to the regulation of financial institutions or securities.

9. Anyone’s Social Security number.

10. Personal information about another district employee or the employee’s family.

11. Certain information the district obtains from businesses in regard to environmental audits.

E-mail messages that contain confidential information should have a confidentiality legend in all capital letters at the top of the message in a form similar to the following:

THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION OF THE HI-DESERT WATER DISTRICT. UNAUTHORIZED USE OR DISCLOSURE IS PROHIBITED.

E. Messages to Counsel. All messages to and from legal counsel seeking or giving legal advice should be marked with the following legend in all capital letters at the top of the message:

CONFIDENTIAL ATTORNEY/CLIENT PRIVILEGED INFORMATION

F. Encryption. Encryption is a method of protecting data files from unauthorized access (e.g., pass-wording documents) above and beyond the network file security systems established by IT. If employees need to use encryption to protect their data files above and beyond the security systems provided by IT, those employees are required to make the passwords or other keys to unlock such encryption techniques available to their supervisor upon request. [Res. 18-17 § 2 (Att. A); Res. 10-13 Add. C § 4; Res. 10-12 Exh. A § 4].

3.95.050 General Internet policies.

The Hi-Desert Water District encourages its departments to use the Internet to disseminate information to the public and to carry out official business when such business can be accomplished consistent with the following Internet policies and guidelines. Although the use of the Internet is governed by all of the foregoing policies, there are some special additional policies and guidelines that need to be presented. Use of the Internet includes both gathering of information by employees as well as publishing information for use of other agencies and the general public.

Specific departments may have unique requirements and are encouraged to develop policies to cover those issues. Any such policy additions must be reviewed by the IT manager and, if approved, issued as an amendment to this policy. The law and associated policy regarding the use of Internet, e-mail and voice mail are continually evolving. Accordingly, review of the policies and guidelines will occur with regularity, and changes shall be made as required. Managers are responsible for their respective employees’ use of the Internet, and for the contents of their department’s information presented using these media.

A. Official District Business. Use the Internet to accomplish official district business consistent with the district’s mission. Official district business conducted via the Internet shall comply with all statutory requirements as well as standards for integrity, accountability, and legal sufficiency. Thus, official district business conducted via the Internet should meet or exceed the standards of performance for traditional methods (such as meetings, use of telephone, etc.).

B. Access. Employees’ access to the Internet will be based on individual department needs. It is inappropriate for employees to use these resources for personal use, private gain, to state as district positions those which are not officially endorsed by the district, illegal purposes or for inappropriate use as defined in these policies and guidelines.

C. Incidental Personal Use. Internet and e-mail access is provided by the district to facilitate the performance of district work. Personal use should be incidental and intermittent, similar to the use of district telephones. It should not interfere or conflict with business use or job performance, should clearly indicate that it is personal, not district, usage, and is subject to regulation for cost controls required by our district business. Incidental personal use of the Internet should be limited to recognized off-work hours. Any messages sent or material placed on the World Wide Web of a personal nature from a district computer must carry a message that this transmission is personal in nature and is not endorsed or supported by the district. Should employees make incidental use of e-mail to transmit personal messages, such messages will be treated no differently than other messages, and may be accessed, reviewed, copied, deleted, or disclosed. Employees should not expect that a message will never be disclosed to or read by others beyond its original intended recipients.

D. Information Management. Disseminate information that is current, accurate, complete, and consistent with district policy. Information released via the Internet is subject to the same official district policies for the release of information via other media (such as printed documents), so that the information disclosed avoids potential problems with copyrights, trademarks, and trade secrets. Information accuracy is particularly important on the Internet. Where paper-based information is often not current, information presented electronically is much easier to keep current. Constituents expect this information to be not only current but often to be the first available.

E. Privacy and Security. Protect confidential and proprietary information entrusted to the district. Questions regarding confidential or proprietary information should be directed to the manager or his/her designee. District management has the right to monitor and log all transactions in or out of the system.

F. Hacking. Hacking is the unauthorized attempt or entry into any other computer. Never make an unauthorized attempt to enter any computer. Such an action is a violation of the Federal Electronic Communications Privacy Act (ECPA) 18 U.S.C. § 2510.

G. Virus Protection. Downloading a file from the Internet can bring viruses with it. Report any virus notifications to the IT manager immediately.

H. Copyrights and Licenses. Almost all data and software is subject to the federal copyright laws. Care should be exercised whenever accessing or copying any information that does not belong to you. Software that requires purchase or reimbursement for its use, such as shareware, requires strict adherence to the terms and conditions specified by the owner unless written permission for unrestricted use has been obtained. When in doubt, consult your manager.

I. Contractual Agreements. Employees, unless specifically authorized to do so by management, and only if such practices are validated under applicable law, are prohibited from entering into any contractual agreements or making statements that may be interpreted as contractual via any Internet site. [Res. 10-13 Add. C § 5; Res. 10-12 Exh. A § 5].

3.95.060 Website policies.

The external (or public) Hi-Desert Water District World Wide Web site is a fundamental communication tool for providing critical district information to HDWD customers and the world. The goal of the Hi-Desert Water District website is to encourage increased user participation in district government and to help create a more vibrant community for residents and visitors alike. The internal (intranet) websites provide fundamental and critical information to all employees to assist in accomplishing the district’s mission. Toward that end, the development and use of the district’s sites are guided by the website policy:

A. Official Use. The district’s website is for official use only. Managers will be held responsible for the content of their department’s portion of the website, for ensuring that the information provided relates to their department’s official duties and responsibilities, is appropriate and tasteful, and that its use is for official and not for personal purposes. All information disseminated through the district’s website must be related to the official duties and responsibilities of employees and district departments.

B. Vendors. To preserve the public nature of the district’s website and to avoid any perception that the district endorses or provides favorable treatment to any private person or business enterprise (hereinafter collectively referred to as “vendor”), no corporate or commercial logos or links to vendor sites will be allowed on the district’s external website.

C. Domain Names. It is the district’s intent to provide electronic access to its information through a logical single point of entry. For the Internet, this logical point of entry is the district’s officially registered domain name of www.hdwd.com and each district department or district organization is defined as a subarea within the official domain. The registration of an individual domain name for a district department or a district-related organization is discouraged because each separate domain name fragments the single logical point of entry, would lead to public confusion, and would contribute to administrative, maintenance and mail delivery problems. In addition, statistics would be more difficult to compile.

If a specific domain name is required for a district department, a request should be submitted to the information technology manager who will bring it to the district management for review. Upon approval, the IT manager would process the registration request.

D. California Public Records Act. The California Public Records Act applies to information processed, sent and stored on the Internet. Confidential information should not be posted on the district’s external website. Each manager must approve all posted information. For questions regarding the California Public Records Act, contact the district attorney.

E. Political Campaigns. No district employee or official may use any other district departmental website for campaign-related purposes. Such campaign-related purposes include, but are not limited to, the following: statements in support or opposition to any candidate or ballot measure; requests for campaign funds or references to any solicitations of campaign funds; and references to the campaign schedule or activities of any candidate. No official district website may link to any private website related to a candidate’s campaign for elective office, but it may link directly to the home page of the office of the county clerk’s election-related pages where general election and candidate information can be found.

F. Voter Information. To encourage participation in and heighten voter interest regarding district elections, the office of the county clerk will be responsible for providing candidate, ballot and voter information on its website and will seek ways to provide similar election-related information via that site. [Res. 10-13 Add. C § 6; Res. 10-12 Exh. A § 6].

3.95.065 Internet and social media policies.

A. Internet. Access to the Internet has been provided to staff members for the benefit of Hi-Desert Water District (HDWD; the district) and its customers. It allows employees to connect to information resources around the world. Every staff member has the responsibility to maintain and enhance the organization’s public image and to use the Internet in a productive manner. Employees accessing the Internet are representing the district. Employees are responsible for seeing that the Internet is used in an effective, ethical, and lawful manner. To ensure that all employees are responsible, productive Internet users and are protecting HDWD’s public image, the following guidelines have been established:

1. Unacceptable Use of the Internet. All existing HDWD policies apply to employee use of computers, electronic communications, electronic information, and the Internet. This includes policies that deal with misuse of district assets or resources. It is a violation of HDWD policy to use computers, electronic communications, electronic information, or the Internet, in a manner that is: discriminatory, harassing, or obscene; constitutes copyright or trademark infringement; violates software licensing rules; is illegal; or is against HDWD policy. It is also a violation of policy to use computers, electronic communications, electronic information, or the Internet to communicate confidential or sensitive information or trade secrets.

While it is not possible to provide an exhaustive list of every type of inappropriate use of the Internet, all users should be aware that appropriate use of the Internet includes, but is not limited to, the following rules:

a. Never use an account assigned to another user;

b. Never make an unauthorized attempt to enter any computer;

c. Never post, send, or provide access to any confidential employer materials or information;

d. Never post or send publications of discriminatory, offensive, harassing, defamatory, or confidential remarks about other employees;

e. Never access or send sexually suggestive material;

f. No gambling;

g. No trademark, copyright and licensing stipulation infringements;

h. No proprietary and confidential information;

i. No solicitation, according to HDWD’s policy;

j. No personal sites; and

k. No threatening or inappropriate blogs.

2. Communications. Each employee is responsible for the content of all text, audio, or images that they place or send over the Internet. Fraudulent, harassing, or obscene messages are prohibited. No messages should be transmitted under an assumed name. Employees may not attempt to obscure the origin of any message. Information published on the Internet should not violate or infringe upon the rights of others. No abusive, profane, or offensive language is transmitted through the system.

3. Monitoring of Communications and Passwords. HDWD reserves the right to inspect all district property to ensure compliance with its rules and regulations, without notice to the employee and at any time, not necessarily in the employee’s presence. HDWD computers and all electronic communications and electronic information are subject to monitoring and no one should expect privacy regarding such use. HDWD reserves the right to access, review, and monitor electronic files, information, messages, text messages, e-mail, Internet history, browser-based webmail systems, and other digital archives and to access, review, and monitor the use of computers, software, and electronic communications to ensure that no misuse or violation of HDWD policy or any law occurs. Email may be monitored by the district and there is no expectation of privacy. Assume that e-mail may be accessed, forwarded, read, or heard by someone other than the intended recipient, even if marked as private.

Employee passwords may be used for purposes of security but the use of a password does not affect the district’s ownership of the electronic information or ability to monitor the information. HDWD may override an employee’s password for any reason.

All passwords created by the user or issued to the user are for the purpose of communication and are not to be shared, given, or otherwise disclosed to any other person. Passwords must not be shared and will be changed periodically by the technology services staff to ensure security. All security features contained within the district’s electronic communications systems such as passwords, codes, or delete functions will not prevent the district from accessing employees’ business or personal electronic communications, stored or otherwise, on the electronic communications systems.

4. No Right of Privacy. HDWD respects the individual privacy of its employees. However, employee privacy does not extend to the employee’s work-related conduct or to the use of HDWD-provided equipment or supplies. Employees should be aware that the terms of this policy limit their privacy in the workplace.

The district’s electronic communications systems, electronic communications, and electronic storage are HDWD’s property and are intended for HDWD business. All electronic communications and electronic storage within these systems are the property of HDWD, regardless of the content, including any personal communications. The district reserves the right to monitor the electronic communications systems for any reason, including the right to review, audit, and disclose all matters sent over and/or stored in the electronic communications systems.

As a result, employees should be aware that no electronic communications transmitted on the electronic communications systems, or electronic storage contained within the systems, is private or confidential. Employees should have no expectation of privacy with respect to any use, including storage, business or personal, of the district’s electronic communications systems.

Employees should be aware that electronic communications and/or electronic storage can be copied, modified, and/or forwarded to others without the express permission of the original author. Therefore, employees must use caution in the storage, transmission, and dissemination of electronic communications outside of HDWD and must comply with all state and federal laws. Electronic communications and/or electronic storage of the district may be recognized as official records in need of protection/retention in accordance with the laws of California. All email and Internet messages are subject to state and federal laws, including but not limited to the California Public Records Act, open meeting laws, and the federal Electronic Communications Privacy Act.

The California Public Records Act (CPRA), Government Code Section 6520, et seq. requires the district to make all public records available for inspection and to provide copies upon request. A public record is any writing (which includes electronic documents) related to the conduct of the public’s business prepared, owned, used, or retained by the district. The CPRA includes a number of exceptions from the disclosure requirement. Any information on HDWD’s information system may be subject to disclosure under the CPRA. If there is some doubt, the employee should contact his or her department manager for advice as to whether the information is public record. All public records must be retained in accordance with HDWD’s record retention policy.

B. Social Networking.

1. Hi-Desert Water District (HDWD; the district) views social networks such as web based discussion or conversation pages and other forms of social networking such as Facebook, Twitter, Youtube, etc., as significant new forms of public communication. As such, we hold all of our employees who engage in social networking to the same standards we hold for any public communications. Therefore, all employees have an obligation to the district to ensure that any public communication they make, including social networking communications, must not negatively impact the reputation of the district or bring disrepute in any way to the district, its partners, customers, suppliers, etc. Further, only a select group of employees are authorized to publicly speak on behalf of HDWD. Violations of this policy will result in discipline, which may include termination, depending on the severity of the situation and its impact on the district. Additionally, engaging in social networking during your workday can negatively impact your productivity and work performance. Therefore, it is your responsibility to regulate your social networking so that it does not impact your productivity or cause performance issues. Identified below are general guidelines and examples of prohibited communications. Please note that this list contains examples only and is not intended to be, nor is it, an exhaustive list of prohibited communications. The absence of, or lack of explicit reference to, a specific site does not limit the extent of the application of this policy. Where no policy or guideline exists, employees should use their professional judgment and take the most prudent action possible. Consult with your manager or supervisor if you are uncertain.

2. General Guidelines and Examples of Prohibited Communications:

a. Do not mention HDWD employees, member districts, clients, customers, or partners in an official capacity without their express consent. Information published on social networks or blog(s) should comply with the HDWD’s confidentiality and disclosure of proprietary data policies.

b. You may not use the HDWD logo on your posts unless given written consent by the general manager.

c. You are responsible for what you write or present on social media. You can be sued by other employees, competitors, members, and any individual that views your social media posts as defamatory, pornographic, proprietary, harassing, libelous, or creating a hostile work environment.

d. Do not link to HDWD’s website or post HDWD material on a social media site without written permission.

e. All HDWD policies that regulate off-duty conduct apply to social media activity including, but not limited to, policies related to illegal harassment, code of conduct, noncompetition, protecting confidential and/or proprietary information. Violation of this policy may lead to discipline up to and including termination. [Res. 14-15 Att. A].

3.95.070 Software policies.

A. Without prior written authorization from the IT department, users may not do any of the following:

1. Copy software for use on their home computers.

2. Provide copies of software to any independent contractors or clients of the district or to any third person.

3. Install software on any of the district’s workstations or servers.

4. Download any software from the Internet or other online service to any district workstations or servers.

5. Modify, revise, transform, recast, or adapt any software.

6. Reverse-engineer, disassemble or de-compile any software.

Users who become aware of any misuse of software or violation of copyright law should immediately report the incident to management.

Employees may not illegally copy material protected under copyright law or make that material available to others for copying. Users are responsible for complying with copyright law and applicable licenses that may apply to software, files, graphics, documents, messages, and other material downloaded or copied. Software for which a registration fee is charged may not be downloaded without prior approval from the IT manager.

B. Software Authorized for Use on District-Owned Computers.

1. Software procured through normal purchase procedures and used in compliance with any licensing restrictions. Software may not be reproduced or used on more than one computer by more than one person at a time, unless authorized by the terms of the license.

2. Software written in-house or through consulting arrangements specifically for district purposes.

C. Software Not Authorized for District Use without the Prior Approval of the IT Department.

1. Shareware.

2. Software electronically copied from a bulletin board.

3. Software obtained as a gratis product, such as games, accompanying a normal purchase.

4. Software from other organizations, friends, or where the source is not known.

The Software Publisher’s Association or the Business Software Alliance, or any other authorized person or entity, to assure compliance, may perform audits at any time.

Following this practice will help prevent the spread of computer viruses and protect the district and employees from possible civil and criminal proceedings.

All software purchased by the district remains the property of the district. Data on district computers is the property of the district. That which is developed by employees while they are employed may not be taken with them when they leave the district without permission of management.

Any unauthorized software on district computers may be removed at the IT department’s discretion. [Res. 10-13 Add. C § 7; Res. 10-12 Exh. A § 7].

3.95.080 Telephone and cellular phone policy.

An employee shall only use a cellular/wireless communication device when it is safe to do so.

An employee using a cell phone while driving must adhere to all laws in the California Vehicle Code.

An employee shall only use a cellular/wireless communication device that is specifically designed and configured to allow hands-free listening and talking, and is used in that manner while driving.

An employee may use a digital two-way radio that utilizes a wireless telephone that operates by depressing a push-to-talk feature and does not require immediate proximity to the ear of the user, when driving certain vehicles, as defined in the California Vehicle Code.

Text messaging is prohibited at all times when operating a vehicle.

Employees charged with traffic infractions as a result of the use of a cell phone will be responsible for paying any fines or other associated costs. This would include the usage of a personal or business cell phone while in the company vehicle.

Employees are not to engage in the use of a cellular phone while at any work site during which the operation of a cellular phone will be a distraction to the user and/or may create an unsafe work environment. Such work sites include but are not limited to: road repair, maintenance and construction, operating or repairing energized equipment such as electrical panels, motors, or energized circuits. [Res. 10-13 Add. C § 8; Res. 10-12 Exh. A § 8].

3.95.090 Cell phone stipend policy.

A. Cellular Telephone Usage. The Hi-Desert Water District (“district”) understands that cellular phones and other mobile communications devices are an efficient and important method of conducting business. Such communication devices can help provide efficiency in the provision of district services; help ensure the safety and security of district personnel and others; and help to protect district property. The general manager of the district or his or her designee shall determine whether and to what extent each position’s duties require a cell phone and are eligible for stipend reimbursement. A current “Position List and Stipend Levels” (the “list”) is included below. The district maintains the right to change this list at any time, with or without notice.

B. Stipends. The district will not purchase cell phones for use by employees for district-related business. Rather, the district will provide a stipend to an employee for the use of his or her cell phone for district-related business. The stipend, as set forth below, is based on the business requirements of the district. The stipend will be given to the employee responsible for service provider payments. Verification that the phone and plan in question belongs to the employee may be required at the district’s discretion. Employees receiving stipends must provide cell phones at their own expense and must, upon the district’s request, submit copies of all call records for incoming and outgoing calls occurring during any hour at which the employee is scheduled to work. By accepting the stipend, the employee agrees that he or she maintains no reasonable expectation of privacy regarding call logs for calls made during those work hours.

The levels of cell phone stipends are as follows (as of 7/1/2013). Phone stipends will be subject to an annual cost-of-living adjustment:

Level A = $26.07 per month, or $12.03/paycheck.

Level B = $41.71 per month, or $19.25/paycheck.

Level C = $67.75 per month, or $31.27/paycheck (phone must be email-capable).

C. Taxable Compensation. The stipend will be included on each paycheck (per the amounts listed above). The stipend is taxable compensation.

D. Reimbursement for Damaged Phone. If a personal cell phone (that is in use for district business) is damaged by a work-related activity and rendered unusable, then a replacement cell phone’s cost will be reimbursed at 50 percent of the total retail cost actually paid, with a maximum cap of $100.00 annually or as approved by the general manager. In order to obtain this reimbursement, proper documentation, including incident report and receipt of purchase, will be required. A reimbursement request must be made within 30 days of the damage to the original cell phone. Failure to submit a timely reimbursement request may result in denial of the requested reimbursement.

E. Expectation of Privacy. As stated in the employee-signed stipend agreement, an employee accepting a stipend for the use of his or her personal cell phone during district hours is not entitled to an expectation of privacy as to the records of incoming or outgoing calls made during scheduled work hours. Therefore, the records will indicate numbers dialed and the number of each caller. Each employee will be required to provide such records at any time and for any reason upon the district’s request. Additionally, employees must be advised that records related to personal cell phone usage for district business may be disclosed under the California Public Records Act, as well as other laws applicable to the disclosure of public records.

F. A current “Position List and Stipend Levels” (the “list”) is included below. The district maintains the right to change this list at any time, with or without notice.

POSITION LIST AND STIPEND
LEVELS 

Position

Stipend Level

General Manager

C

Assistant General Manager – Admin and Operations

C

Public Information/Board Secretary

C

HR and Risk Manager

C

Chief Financial Officer

C

District Services Administrator

C

Production Foreman

C

Construction Supervisor

C

Chief Plant Operator

C

Controller

C

Billing/Customer Services Manager

C

Water Quality Technician I/II

C

Water Distribution Operator III, IV

A or C

Water Distribution Operator I, II

A

Purchasing Manager

C

Lead Field Service Technician

C

Lead Plant Operator

C

Wastewater Treatment Plant Operator I, II, III

A

Field Service Technician

B

Financial Business Analyst

A

Equipment Operator

A

Pipelayer

A

Administrative Assistant

A or C

Lead Collection System Technician

C

Collection System Technician

A

Billing Technician I and II

A

[Res. 20-27].

3.95.100 Legal mandate.

This policy and procedure shall not be construed as a waiver of any rights of the district. The systems have the ability to read your mail, your own account, and the network administrator account. While reasonable attempts have been made to ensure the privacy of your accounts and your electronic mail, this is no guarantee that your accounts are private. E-mail messages to recipients on systems outside of the district pass through systems and networks not managed by the district. The privacy and confidentiality of such messages is, therefore, not assured. In addition, some delivery methods and networks impose legal restrictions regarding the nature of messages allowed. Users are expected to comply with all such regulations. [Res. 10-13 Add. C § 9; Res. 10-12 Exh. A § 9].

3.95.110 Glossary.

“Domain name” is the way to identify and locate an address on the Internet. The domain name, also called the fully qualified domain name or FQDN, is a computer’s name in text form, for example:

ci.la.ca.us. The domain name is used to send e-mail, make FTP requests, etc. Before any message is sent on the Internet, the domain name is converted internally to a numerical address, an Internet protocol address, which is what computers on the Internet deal with directly.

“Electronic mail (e-mail)” may include noninteractive communication of text, data, images or voice messages between a sender and designated recipient(s) by systems utilizing telecommunications links. It may also include correspondence transmitted and stored electronically using software facilities called e-mail, facsimile, or messaging system; or voice messages transmitted and stored for later retrieval from a computer system.

“Hacking” means attempting to break into another system on which you have no account or authorization.

“Internet” means a worldwide network of networks, connecting informational networks communicating through a common communications language, or protocol.

“Mailing list” means a service that sends e-mail to everyone on a list whenever e-mail is sent to the service, permitting a group of users to exchange e-mail on a particular topic.

“MIME” means a protocol which lets Internet users attach nontext files to e-mail messages. Stands for “multipurpose Internet mail extension,” and lets users send mail in any format including graphic images, formatted documents, and audio, video and compressed data files.

“Policy” means primary objectives of the Hi-Desert Water District as contained in this chapter.

“Standards” means departmental directions or instructions describing how to achieve policy; mandatory statement of direction.

“Users” means the public and district employees.

“Vendors” means any private person or business enterprise. [Res. 10-13 Add. C; Res. 10-12 Exh. A].