All computer information is considered restricted unless you have received permission to use it. Accessing or attempting to access confidential data is strictly prohibited. Confidential information should only be used for its intended purpose. Using confidential information for anything other than its intended use is prohibited without prior approval from your department director.
A. Handling Confidential Information
Any document that contains unique personal identifiers, such as social security numbers, bank account numbers, passwords, etc., must be considered CONFIDENTIAL. Store all confidential and sensitive data on the network drives only. Confidential information may not be stored on portable devices or media without the express consent of your department director. The network drives are more secure than removable media or hard drives on individual workstations or laptops. The following are some activities that are prohibited under normal circumstances when dealing with confidential information:
• Leaving your computer unattended and logged on except in the case of Public Safety vehicles where access to the vehicle is limited by other security measures.
• Leaving mobile devices unlocked.
• Sending confidential information over the Internet, Intranet, dial-up modem lines, or other unsecured communication lines without approval from your department director. Remember, email is an unsecure form of data transfer. Do not send any confidential or sensitive data in an email either in the body or as an attachment.
• Storing confidential or sensitive data on a workstation or mobile device. Workstations and mobile devices are easily stolen. If stolen, all data contained therein is also stolen.
• Leaving printed reports containing confidential data in an unsecured location (for example, lying on your desk, in a recycle bin, or in your in/out box). When you are not working with such reports, they must be kept in a locked location.
• Printing to a printer in an unsecured area where documents may be read by others. If you observe a document at a shared printer or any other location, do not read it without permission.
B. Encryption
Encryption and encryption utilities are prohibited without the approval of your department director. If you need to send confidential or proprietary information over the Internet or other public communication lines or if you need to transport this information on a laptop, flash drive, or other portable storage device you must work with the IT Department on the specific mechanism/ software used for the encryption and obtain approval from your department director prior to using.
(Ord. 23-1853, passed 5-3-23)