309 – Electronic Media Technology Usage
The Harris County Sheriff’s Office (HCSO) provides modern tools to facilitate the accomplishment of its objectives to all of its employees through the use of information technology. These tools include computing or network hardware and software applications including the use of electronic mail (e-mail) and access to the Internet. These resources are county property, and their use will be limited for that purpose only. All employees share an obligation to ensure security for all information technology data, equipment, and processes used on these resources.
This policy applies to the use of all county-owned information technology resources, any personal technology resource connected to a county-owned system, or any media used on a county-owned system, whether personal or county-owned.
Information technology resources will not be used to create or transmit any offensive or disruptive messages. Among those which are considered offensive are messages which contain sexual innuendo, racial slurs, gender-specific comments, or any other comment that offensively addresses someone’s age, sexual orientation, religious or political beliefs, national origin, or disability.
Information technology resources are reserved solely for conducting HCSO business. They may not be used for personal business.
Information technology resources are county property, and all messages composed, sent, or received on these resources are, and remain, the property of Harris County or the HCSO. No message composed, sent, or received on these resources is the private property of any employee.
The HCSO reserves and intends to exercise the right to review, audit, intercept, access, and disclose all messages created, received, or sent on a HCSO information technology resource. See HCSO Department Policy #317 – WEB Presence/Social Media
The willful wasting of HCSO information technology resources shall be considered inappropriate use. Wastefulness includes, but is not limited to: sending e-mail chain letters, sending jokes, sending games, sending non-work related PowerPoint presentations or slide shows, the downloading or playing of games from or on the Internet, the downloading or exchanging of music files either from the Internet or via e-mail, unlawful copying of software, movies, or music files, and the willful creation and execution of programs or jobs designed to create heavy network traffic.
No user of these resources has any right to an expectation of privacy in its use. The confidentiality of any message should not be assumed. Even when a message is erased, it is still possible to retrieve and read that message.
Employees shall not use a code, access a file, or retrieve any stored information unless authorized to do so. Employees should not attempt to gain access to another employee’s messages without that employee’s permission. Employees should treat information obtained through an information technology resource as privileged and not for public discussion unless otherwise instructed. [CALEA Standard 82.1.1 & 82.1.6 c]
Employee computer accounts are provided by the HCSO in the employee’s name for the employee’s exclusive use only. Passwords will not be shared and will be changed at least every 30 days. In certain cases, shared accounts may be used, but only if created by the Network Support Division staff. In such cases, all employees using the shared account are jointly responsible for the security of the password and access to the account. The password will not be shared outside the group using the shared account. [CALEA Standard 82.1.6 c]
Information technology resources may not be used to promote or solicit on behalf of any commercial venture, religious or political cause, outside organization, charitable event, or other non-work-related solicitation.
Only employees assigned to the Network Support Division, Systems Division, and Law Enforcement Operations Support shall make changes to the HCSO computer network or any county-owned computer system. The term “changes” refers to any modification to wiring or computer connection, the relocation of computing hardware, installation of software, or any change to the setup parameters of a computing device. Exceptions to this policy must be in writing from the respective employee’s bureau commander and based upon the written recommendation of the HCSO local area network (LAN) administrator.
Information technology resource security is the responsibility of the Network Support Division. The use or possession of any software or hardware device designed to bypass or “hack” into the HCSO network is not allowed. Any willful or deliberate act to bypass security to gain access to the HCSO network will be considered a violation of this policy.
The use of portable electronic devices (PEDs), having become so pervasive in our society and by our employees, must be regulated for security reasons within the confines of the HCSO network environment.
For purposes of this policy, PEDs include, but are not limited to: laptop computers, cellular or personal communication devices, audio, video, data recording, or playback devices such as USB (flash) drives, camera phones, MP3 players, iPods, USB-attached Internet phones, scanning devices, and personal digital assistants (PDAs) such as Blackberry, PalmPilot, Pocket, and mobile personal computers.
Personnel authorized the use of a PED will adhere to the following guidelines:
- All supervisors, Network Support Division, and Law Enforcement Operations Support, whether sworn or civilian, shall be allowed to use PEDs on the HCSO network without a letter from the Sheriff or his or her designee but must abide by all of the following guidelines.
- The device serial number must be registered with the Network Support Division for LAN access or Law Enforcement Operations Support for mobile device access before it can be granted access to the HCSO network.
- Members of the Network Support Division and Law Enforcement Operations Support may, at their discretion, also request to inspect any personally-owned PED prior to granting access to the HCSO network for the existence of up-to-date patches and anti-virus software.
- Employees shall only use devices that support encryption for the transport of work-related data.
- Exceptions to this policy for use of PEDs by non-supervisory personnel must be in writing from the Sheriff or his or her designee and based upon the written recommendation of the HCSO LAN administrator or the mobile device administrator.
- The use of any PED with a capability of wireless or LAN connectivity designed exclusively for playing games is not allowed.
- Employees shall not store or transport files containing Social Security numbers on a PED.
- Employees shall not store or transport files containing personal information about other employees on a PED.
- Employees shall not store or transport files or data that are of an offensive nature on a county-owned or issued PED unless the files or data are required for training or in the performance of duty.
- Employees shall not store or transport sensitive intelligence data on a PED unless previously authorized by the Sheriff or his or her designee.
- Employees will not use PEDs in a manner that is unsafe while driving to or from a duty assignment.
- Employees shall not use PEDs for transporting medical information regulated by the Health Insurance Portability and Accountability Act (HIPAA).
- PEDs will not be used as a permanent storage substitute for the resources that are currently available to all employees on the HCSO network. Employees should understand that a PED, because of its small size, is a device that can be easily misplaced or stolen. Employees should view the work-related data transported on these devices as short-term or temporary storage without backup.
- PEDs connected to a HCSO computer, whether issued by the HCSO or personally-owned, will be inventoried and audited each time they are attached to a HCSO computer resource and must adhere to all mandates set forth in this policy.
- Employees should be aware that the use of all PEDs is restricted in certain areas or work assignments, such as when inside the secure jail environment or when an employee is assigned to a federal task force. Employees should further be aware that when their work assignment includes work with other agencies, there may be other policies or guidelines for the use of PEDs set forth by the respective agencies that must also be followed.
- Employees shall not attach any PED designed to create a self-contained computing environment to bypass HCSO network security measures and policies on HCSO computer resources. [CALEA Standards 11.4.4 & 41.3.7]
- County-owned and issued PEDs are business tools, and employees are expected to use them responsibly. Each employee shall be responsible for the safekeeping, care, and custody of the equipment assigned to him or her and for compliance with this directive. Employees shall not store county-owned PEDs in plain sight in the cabins of county-owned or personal vehicles when away from the vehicle for an extended period of time. Exceptions to this are when a PED or accessory has been professionally mounted in a vehicle by members of the HCSO Law Enforcement Operations Support or when extenuating circumstances exist in the performance of duty when rapid exit of a county vehicle is necessary.
- Network Support Division and Law Enforcement Operations Support personnel are authorized to use either encrypted or non-encrypted PEDs as required to perform their job-related functions.
Employees will be allocated space on file servers for the storage of work-related documents only. Employees shall not store non-work-related items on HCSO information technology resources.
Only software and data disks purchased and licensed to Harris County or the HCSO shall run on the information technology resources. Exceptions to this rule must be in writing and approved by the HCSO Finance Office and Harris County Commissioners Court and must include the written recommendation of the HCSO LAN administrator. [CALEA Standard 11.4.4]
The HCSO reserves the right to limit permanently or restrict any persons access to or usage of HCSO information technology resources to copy, remove, or otherwise alter any information or system that may undermine the authorized use of the information technology resources. Furthermore, the HCSO may limit or restrict access and usage as described above with or without notice to the user in order to protect the integrity of the HCSO information technology resources against unauthorized or improper use and to protect authorized users from the effects of unauthorized or improper use.
The Network Support Division and Systems Division shall continually audit the HCSO computer network for verification of all passwords, access codes, or access violations. Violation of any provision of this policy may result in the application of disciplinary sanctions up to and including termination.
This policy has been revised on the below listed dates:
April 21, 2009
March 15, 2012
December 3, 2020