The URL can be used to link to this page

Home My WebLink AboutDraft Email Policies & Procedures suggested changes 2019 (Joel Gagnon version) Town of Danby DRAFT-suggested changes Email Policies and Procedures xx add Effective: November 17, 2014 xx remove Revised: 1. General Policies The town legally owns all emails that employees and officials create and receive in the process of conducting business on behalf of the town and its constituents. Employees and officials have no promise of personal privacy when using email on behalf of the town. 1.1 Ownership of Email All email users of town email accounts will acknowledge that they understand the town’s policy on email ownership each time they log into the town’s system. Email users should do not use personal email to conduct town business except in emergencies or when they cannot access a town email account.  Town officials and employees who do not have offices in a town facility or who must work after hours may sometimes conduct town business on home computers. These individuals must recognize that all town-related emails are public records that are covered by the Records Retention and Disposition Schedule MU-1 and by this town email policy, and are subject to disclosure under FOIL, a court action, or an audit. 1.2 Roles and Responsibilities The management of email is the responsibility of town officials at all levels and includes everyone who uses email to conduct town business. Below are the individuals who have specific responsibilities for managing the town’s email. These responsibilities are indicated throughout this policy under each main subject heading and are also listed at the end under “Summary of Responsibilities.” a). Town clerk, who is by law the town’s records management officer (RMO), and who also functions as the records access officer. b). Town attorney, whose services are retained by the town under contract. c). Town supervisor and town board. d). Town bookkeeper or deputy town supervisor. e). Town computer support vendor (Digital Towpath). f). Records advisory board, whose members are consisting of one town board member, the town clerk, town historian, and legal counsel. g). Email users, who can be anyone using email to conduct business as a town staff, member or elected or appointed officials, andor paid service providers using email for town business. 1.3 Training No employee will have use of a town email account without appropriate initial and ongoing training. Training will include established email use and management policies. Training will occur immediately after employment or appointment and thereafter on a regular basis. New employees will not have access to and use of a town email account until they are trained on the town’s policies and procedures for managing email. Ongoing training will be offered after upgrades, transitions to new email programs, and on an as-needed basis (at the request of an employee or official, or if correction is required). Section 10 describes training expectations. The town clerk will arrange for training which will cover the following topics: a. identifying records and general records management practices b. responsibilities of employees in records and email management c. appropriate use of town email accounts d. how to write and communicate effectively via email e. responding to legal actions and FOIL requests Employees who do not attend ongoing email use and management training are at risk of forfeiting their email use privileges. 1.4 Policy Review and Updating To ensure that his policy is current and relevant, it will be reviewed according to a set schedule and updated as needed by the Records Advisory Board. The records advisory board will review this policy in March 2015. After the first review (March 2015), the policy will be reviewed at least annually. Suggested mModifications are canmust be presentedreported to the town board for approval. 2. Maintaining the Email Management System The technical maintenance of the system will be a coordinated effort involving several key players with defined roles and responsibilities. 2.1 Town Supervisor and Town Board Ensures an adequate budget for maintaining the email management system. Promotes, supports, and enforces this and other records management policies. 2.2 Town Clerk as Records Management Official (as RMO) Ensures that appropriate state retention requirements are complied with applied to all system documentation and associated records (use logs, group address books, master password register). Ensures that the current and future systems and all future enhancements meet federal and state records requirements. 2.3 Town Computer Support Vendor (Digital Towpath)  Maintains the technical capabilities of the email management system through scheduled upgrades and migration. Implements user profiles to allow town officials and employees to access the email and other records management applications. 2.4 Legal Counsel Reviews and approves contracts with vendors to ensure they are consistent with town law and with the town’s internal procurement practices. 2.5 Town Bookkeeper Maintains an inventory of all computer hardware and software as part of the town’s fixed assets inventory. 3. Access to Email Access to email must be possible for the full retention period of the email but subject to strict controls to ensure against unauthorized or inappropriate access. Users are limited to access to their own emails, unless they can demonstrate a need for access to the emails of another individual (for example, if individuals are working on a collaborative project or share a job function, and/or in the event of a planned or emergency absence occurs, as described in 8.4). Users may file emails in their personal email accounts in any manner that is convenient to them. In the email archives, however, emails are filed first by department, and then by retention and disposition rather than by subject area or document type. Town staff and officials must rely on a search engine to find individual emails. To enhance searching, email users must assign intelligible subject lines to all outgoing emails , . Users are encouraged to usinge consistent, meaningful logical terminology that mirrors file titles in the town’s conventional paper filing system. The town clerk, as RMO, and the Computer Support Vendor have access to all town email records in the email archive and can allow access to legal counsel and others on an as-needed basis. Access to certain emails relating to law enforcement investigations, court actions, and personnel matters may be restricted by law to specific individuals in town government. The town clerk will maintain a list of types of emails to which access must be restricted. The town clerk, as records access officer, will respond to all FOIL requests involving email. The Computer Support Vendor (Digital Towpath) is responsible for ensuring access to email records for the duration of their retention periods. 4. Retention and Disposition The system will manage the retention and disposition of sixty-day email automatically, and support the retention and disposition process for permanent and general emails. Certain circumstances (legal proceedings, Freedom Of Information Law[FOIL] requests, audits, staff departures) will require that the town be prepared to suspend or supersede retention and disposition procedures. 4.1 Managing Retention and Disposition The town clerk, as RMO, is responsible for advising on all email retention and disposition, of issues associated with email, including the retention and destruction of backups. Working with the RMO, the Computer Support Vendor ensures that appropriate technical measures are in place will use appropriate technical measures to preserve permanent and 6 year emails, destroy emails that have passed their retention periods, and halt the destruction of email, if needed. The Computer Support Vendor will transfer records that have passed their retention periods onto CDs and arrange for the physical destruction of that storage mediaum. Legal counsel will initiate is responsible for initiating the process of halting the destruction of email- records in response to an impending legal case or other need. records, including email and email system backups, in response to an impending legal case or some other need. Legal counsel must alert the town clerk/ or RMO, who will contact the Computer Support Vendor to halt the destruction process. Retention and disposition is tied to the town’s classification system for email records. Email users classify, and the system tags, emails as either permanent, general (6 year), or short term (60 day) records when they receive or send an email. The town clerk can apply a retention period that is not part of the classification system, in isolated instances, when appropriate. 4.2 Backups The town creates backups of its email system as a disaster management strategy only. Backups are not intended to be archival copies of permanent records. 4.3 Suspending Retention The town is aware of its has a legal obligation to suspend all retention and disposition activities in the event of an impending lawsuit, a legal investigation or ongoing fiscal or program audit. In this case emails may be retained even after their retention periods have expired. Emails may be retained once their retention periods have expired if needed for an impending or ongoing fiscal or program audit or a legal investigation. 4.4 Destruction The system identifies the email records that must be destroyed after 6 years. The Computer Support Vendor is responsible for destroying obsolete records, with prior approval from the town clerk. The Computer Support Vendor will transfer records that have passed their retention periods onto CDs and arrange for the physical destruction of that storage media. 4.54Staff Departure If a staff member or official separates departs from the town, the town clerk must place a hold on the email account of that individual within _____ days of user’s departure until their account and computer can be reviewed for record content. This requirement may be waived when enough notice is provided in advance by the departing staff member so that the individual can appropriately deal with the records and is able to demonstrate this to the town clerk. Any town emails maintained on a home computer by a former employee must be transferred to the town clerk for review and disposition. 5. E-discovery Town staff and officials must be aware that all email messages, including personal communications, may be subject to discovery proceedings in legal actions, and all must know the appropriate response to an impending legal action. Legal counsel will work with the town clerk to establish internal procedures for preserving evidence relating to imminent or ongoing legal actions. These procedures are subject to review by the town’s records advisory board. If a staff member or official becomes aware of potential litigation, it is his or her responsibility to notify legal counsel immediately. The town attorney will determine what action, if any, needs to be taken. Legal counsel will work with the presiding judge and opposing counsel to narrow the parameters of a records search as much as possible so as not to overburden the town’s technical infrastructure. In the event of an extended legal proceeding, the town clerk, working with the town’s Computer Support Vendor, must ensure that records of potential relevance to the case remain accessible for the full extent of the proceeding, which may require moving relevant email records offline to storage media or a detachable drive. 6. Appropriate Use Appropriate use will be handled and enforced as a serious security issue. Violation of the town’s appropriate use policy can threaten the town’s computer system, make the town vulnerable to legal action, and cause irreparable damage to the town’s reputation. 6.1 Responsibility for Appropriate Use and System Security. All users of the town’s email are expected to know the difference between appropriate and inappropriate use of email. This appropriate use policy applies to anyone who is sending or receiving email as a representative of the town. 6.2 Inappropriate Uses of Email Email is provided as a tool to assist town employees and officials in their day-to-day work, facilitating communication with each other, our constituency, and other stakeholders. It is intended for official communication only, and it is everyone’s responsibility to limit personal use of the system. It is not acceptable to use the Town of Danby’s email for: a. activities unrelated to official assignments or job responsibilities b. any illegal purpose c. transmitting threatening, obscene, or harassing materials or messages d. distributing confidential town data and information e. interfering with or disrupting network users, services, or equipment f. private purposes, such as marketing or business transactions or advertising of products or services g. installing copyrighted software or computer files illegally h. promoting religious or political causes i. unauthorized not-for-profit business activities j. private advertising of products or services k. any activity meant to foster personal financial gain l. modifying, obtaining, or seeking information about files or data that belong to other users, without explicit permission to do so 6.3 Enforcing Appropriate Use The town has the right and responsibility to: a. log network use and monitor file server space utilization by users b. limit the personal use of email and emphasize to users that they have there is no promise of personal privacy c. restrict listserve membership to those listserves that are directly related to the job and the work of the town d. post key points of acceptable use onscreen when users log on to the email system e. add an automatic disclaimer with the “basic principles of appropriate use” at the end of all outgoing messages f. make clear that misuse will be addressed through disciplinary action or termination, if necessary, and that messages relating to or in support of illegal activities will be reported to the appropriate authorities The town governing board will review alleged violations of the email appropriate use policy on a case- by-case basis. Violations of the policy that are not promptly remedied may result in termination of Internet and email services for the person at fault. 7. Technical Security The town’s Computer Support Vendor has primary responsibility for overseeing the technical security of the town’s email management system, but the security of the town’s system requires the cooperation of all email users. Technical security is effected ensured through a system of controls that include anti- virus software, firewalls, filters, and passwords. 7.1 System Security Features The Computer Support Vendor is responsible for providing and maintaining up-to-date anti-virus software, firewalls, spam filters, and logs to identify unusual activity and to protect the overall system from malicious email messages and other forms of sabotage. 7.2 Handling Suspect Emails In the event that email Any user who receives users receive unsolicited email (spam) or email with unexpected and suspect attachments, they must delete these emails and report them to the town clerk, who will confer with the town’s computer vendor to assess the security risk. Under no circumstances should users open suspect email attachments. Users should exercise similar care when linking to external websites from unsolicited messages. 7.3 Reviewing Filtered Emails Employees and officials have the opportunity to review filtered emails to see whether any should be restored to their mailboxes, along with any attachments. If work-related emails from the same source are consistently blocked, the user should contact the Computer Support Vendor to determine whether emails from that source can enter the user’s account unimpeded. 7.4 Passwords All users must use passwords to access their email. As a general rule, passwords are not shared. they must not share their passwords with other town officials or employees. In cases of planned or emergency absences, other personnel may be allowed to access the absent person’s email, with prior approval from the town clerk. Users will also be required to change their passwords periodically. The Computer Support Vendor will alert users when it is time to initiate the password change. 8. Preservation Except where indicated, the town will apply all preservation standards described in this section to both the permanent and general (6 year) email records, to ensure that even non-permanent records are accessible for their full retention periods in spite of rapidly changing technology. 8.1 Storing Long-term Email End users will identify and isolate all records with a long-term retention period by indicating whether email records are permanent or general (6 year) before saving or closing messages. The system will move permanent and general emails to the archiving server on receipt. The Computer Support Vendor will ensure that email categorized as “general” is destroyed after six (6) years and that permanent email is transferred from the email archive server onto temporary storage media for six (6) years. 8.2 Software Upgrades The town clerk, with assistance from the Computer Support Vendor, will monitor new versions of email software to determine whether an upgrade is necessary, balancing the need to ensure accessibility for the full retention period against data loss that may occur with each data migration. 8.3 Format Standard The town has adopted the Digital Towpath format as its long-term format standard for permanent and general email records to ensure accessibility for the full retention period and to facilitate any future migrations. 8.4 Backups and Long-term Preservation Backups of the email system are to be used for disaster recovery purposes only, not for retention purposes. Data on backups are not indexed and are in a proprietary compression format, making it less likely that the data will be accessible long-term. 8.5 Media Integrity The town will ensure the ongoing integrity of media used to store long-term and permanent emails. Questions Questions regarding town email use can be directed to the Town Clerk. 9. Training All town employees and officials will be trained in established email use and management policies. Training will occur immediately after employment or appointment and thereafter on a regular basis. Training will be provided within the first 14 days of employment or appointment, to all employees on an annual basis, and when the policy is revised. The town clerk will provide or arrange for training that will cover the technical aspects of the email system and the records management responsibilities of email users. Employees who do not attend ongoing email use and management training are at risk of forfeiting their email use privileges. Training will address the following topics: a. identifying records and general records management practices b. responsibilities of employees in records and email management c. the cost to the town and the individual of not managing email d. use of the town email application e. appropriate use of their town email account f. how to write and communicate effectively via email g. responding to legal actions and FOIL requests Training materials can also be obtained by contacting the town clerk for a copy. Summary of Responsibilities 1. Town Clerk a. ensures the maintenance of all necessary system documentation and associated records for the mandated retention period. b. ensures the current email management system and future enhancements meet federal and state records requirements. c. works with individual email users to clarify and provide ongoing training on classifying emails. d. periodically audits the system to ensure appropriate classification. e. allows access to emails in the email archives to legal counsel and others on an as-needed basis. f. responds to all FOIL requests involving email. g. advises on retention and disposition issues associated with email. h. ensures that records involved in a protracted legal case remain accessible for the full extent of the proceeding. 2. Town Supervisor and Town Board a. ensures an adequate budget for maintaining the email management system. b. promotes, supports, and enforces the email and other records management policies. c. reviews alleged violations of the email appropriate use policy on a case-by-case basis and adopt disciplinary measures as needed. 3. Town Attorney a. reviews and approves contracts with vendors to ensure they are consistent with town law and with the town’s internal procurement practices. b. initiates the process of halting the destruction of records in response to an impending legal case. c. works with the town clerk to establish internal procedures for preserving evidence relating to imminent or ongoing legal actions. d. works with the presiding judge and opposing counsel to define the parameters of a records search. 4. Town Bookkeeper a. maintains an inventory of all computer hardware and software as part of the town’s fixed assets inventory. 5. Computer Support Vendor a. maintains the technical capabilities of the email management system through scheduled upgrades and migration. b. implements user profiles to allow town staff and officials to access the email and other records management applications. c. ensures access to email records for the duration of their retention period. d. ensures that appropriate technical measures are in place to preserve permanent and general emails, completely and appropriately destroys emails that have passed their retention periods, and halts the destruction of email, if needed. e. has primary responsibility for ensuring the technical security of the town’s email management system. 6. Records Advisory Board a. reviews this policy annually and modifies it as needed to ensure that it is up to date. b. reviews the classification system to ensure that it continues to reflect actual email use. c. reviews procedures for responding to an e-discovery action. 7. Email Users a. acknowledges they understand that the town owns all emails and that they have no expectation of personal privacy when using the system. b. does not use personal email accounts to conduct town business, except in emergencies or when they cannot access a town email account. c. classifies email immediately on receipt or before transmission, identifying and deleting non-record emails and choosing one of 3 categories to assign to the email records. d. assigns intelligible subject lines to all outgoing emails. e. notifies legal counsel immediately on becoming aware of potential litigation that may involve email messages. f. knows and acknowledges, each time they log in, the appropriate and inappropriate use of email. g. undergoes training when beginning to work for the town and on an as-needed basis. Town Board Resolution 114 of 2014, passed November 17, 2014