Acceptable Use Policy
Acceptable Use Policy (AUP)
State of Delaware
Students in State of Delaware public schools are considered state network users. Students are issued a login, password, and email in compliance with Department of Technology & Information (DTI) state network security standards.
Students in the Milford School District are asked to sign the AUP once in elementary, middle, and high school. Should students refuse to sign, access to technology within the school may be denied.
Students who do not adhere to the AUP are subject to disciplinary action as outlined in the student code of conduct.
This is to certify that I have read and agree to abide by the guidelines set forth within the State Acceptable Use Policy. As an employee or student of the State of Delaware, I fully intend to comply with this policy realizing that I am personally liable for intentional misuse or abuse of the State's communications and computer systems. If I have any questions about the policy, I understand that I need to ask my teacher or administrator for clarification.
Technology-based solutions and communication devices are woven into all aspects of our professional and personal lives. Often, business and individuals have struggled to determine the appropriate use of technology. This State policy defines the acceptable use of various technologies in our professional lives in service to the State of Delaware.
There is an endless array of technology services and products for State organizations to consume, and the number and type of available options is ever-growing and expanding. It is not reasonable that this policy keeps pace with frequent technology changes in real time, or that it can specifically list and address every possible service, product, or use-case scenario. One goal of this policy is to provide guidance and information as a framework to consider when making technology-related decisions. Another goal is to provide explicit examples of choices or actions that are not acceptable. As individuals involved in the affairs of State government, our jobs must be conducted with integrity, respect, and prudent judgment.
A. COMPLIANCE WITH ALL LAWS AND REGULATIONS
All State of Delaware employees/students must comply with all applicable federal, state and local laws and government regulations. This includes compliance with agency requirements within the State organization.
B. POLICY STATEMENT
1. You are responsible for exercising good judgment regarding appropriate use of State data and resources (email, web sites, Internet services, etc) in accordance with State policies, standards, and guidelines. The State uses internet content management tools designed to restrict access to unauthorized internet sites. However, while these tools limit prohibited usage, sites that violate acceptable use remain accessible and users must therefore remain vigilant when using the Internet. Alternatively, agencies with business requirements to use filtered sites may request that access. Appendix C includes website categories typically blocked and the process for requesting changes. State of Delaware data or resources may not be used for any unlawful or prohibited purpose. State resources may not be used for personal or inappropriate use, nor for pursuing activities not specifically identified as work required except as noted under Personal Use in Appendix A. Also, Appendix A has a non-exclusive list of specific activities that are prohibited.
2. You must ensure through practice or technical means that non-public information remains within the control of State at all times. Conducting State business that results in the inappropriate release of data or the storage of non-public State information on personal or non-State controlled environments, including devices maintained by a third party with whom the State of Delaware does not have a contractual agreement, is prohibited. This also specifically prohibits the use of an e-mail account that is not provided by the State of Delaware or its customer and partners, for government business. Appendix A has additional details.
3. You acknowledge and understand that all uses of the State’s resources is subject to monitoring and there is no right to privacy when using State resources. Appendix B has more information related to monitoring.
4. Each network user is required to read and understand this policy and sign the appropriate acknowledgement statement. Each organization must have their staff review this policy annually. The signed acknowledgement statement must be maintained by each organization. Network users, who do not sign the Acceptable Use Policy Acknowledgement Statement, will be denied access to the State’s Communications and Computer Systems.
5. State information and records could be subject to the Freedom of Information Act.
6. You are responsible for ensuring secure practices are utilized when conducting business with or on behalf of the State. Personally owned devices, when interacting with or for the State, are considered on temporary duty assignment to the State for the duration of the activity. The State retains the right to access any State records or materials developed for State use even on personally owned devices. In that regard, both personally owned devices (smart phones, tablets, home computers, etc.) and State owned devices are mandated to comply with State security policies and practices. Appendix A has more details:
C. IMPLEMENTATION RESPONSIBILITY
DTI and/or the organization’s technical staff will implement this policy during the course of normal business activities, including business case review, architectural review, project execution and the design, development, or support of systems.
D. ENFORCEMENT and WAIVER
DTI will enforce this policy during the course of normal business activities, including business case and architectural review of proposed projects and during the design, development, or support of systems. This policy may also be enforced by others during the course of their normal business activities, including audits and design reviews.
If there is ambiguity or confusion regarding any part of this policy, contact your supervisor or Agency/School District or Affiliate IRM. Agency/School District or Affiliate IRM’s can contract DTI by sending an email to eSecurity@state.de.us
State Communications and Computer Systems – State of Delaware communications and computer systems are any equipment, hardware, software or networks (including wireless networks) owned, provided or used by or on behalf of State of Delaware that store or transmit voice or non-voice data. This includes telephones, cellular/wireless telephones, voice mail, computers, e-mail, facsimiles, pagers, and State Intranet or Internet access (including when accessed through personal computers).
Appendix A – Specific activities that are prohibited
Prohibited activities with email include, but are not limited to, sending, or forwarding:
• Jokes or language, that may be considered discriminatory, harassing, unlawful, defamatory, obscene, offensive, insensitive, or otherwise inappropriate, this includes but is not limited to, messages about age, race, gender, disability, sexual orientation, national origin, or similar matters.
• Pornographic or sexually explicit materials.
• Chain letters.
• Information related to religious materials, activities or causes, including inspirational messages.
• Auction-related information or materials unless sanctioned by State of Delaware.
• Games or other software or copyrighted materials without a legitimate business or instructional purpose (and then only according to the rights and licenses granted by the owner of the games, software, or copyrighted material).
• Messages that disparage other governments, companies, or products.
• Large personal files containing graphics or photographs or video or audio files.
• Materials related to personal commercial ventures or solicitations for personal gain (for example, messages that could be considered pyramid schemes).
• Information related to political materials, activities or causes unless sanctioned or permitted by the State of Delaware.
• Unauthorized or inappropriate mass distribution of communication.
• Any other materials that would be improper under this policy or other State of Delaware policies.
• Expressing personal opinion as an authoritative response.
• Using background images, animation, excessive colors/formatting, quotes, sayings verses, etc.
• Sending to non-authorized individuals, accounts, or services via an auto-forwarding feature.
• Sending confidential, Secret or Top Secret with encryption unless a secure connection is already established.
• Utilizing State email for events, organizations, orders, or communications not directly related to the agency or the State.
Prohibited use of the Internet includes, but is not limited to, accessing, sending or forwarding information about, or downloading (from):
• Sexually explicit, harassing or pornographic sites.
• “Hate sites” or sites that can be considered offensive or insensitive.
• Auction or gambling sites.
• Non-State of Delaware business-related chat sies.
• Underground or other security sites which contain malicious software and/or instructions for compromising State of Delaware security.
• Games, software, audio, video, or other materials that we are not licenses or legally permitted to use or transmit or that are inappropriate, or not required by, State of Delaware business or instruction.
• Offensive or insensitive materials, such as sexually or racially oriented topics.
• Intentional importation of viruses.
• Registering Internet domain names of the State of Delaware business/school district or those of third parties without authorization from DTI.
• Excessive personal surfing, utilizing streaming services for personal use such as listening to music or watching video, and downloading of music or video files
• Authorized personal use that interferes with your work responsibilities or business/instructional operations.
• Any other materials that would be improper under this policy or other State of Delaware policies.
Prohibited use of State resources includes, but is not limited to:
• Sending emails to non-authorized individuals or accounts or services via an auto-forwarding feature.
• Use of Cloud Services (e.g., File Storage/Sharing services like DropBox or Google Drive) for Top Secret, Secret and Confidential data, unless the contract includes cloud computing terms and conditions approved by DTI.
• Use of non-DTI approved Cloud Services for document sharing of Public data.
• Sharing of passwords and/or accounts
• Sharing of Federal Tax Information (FTI0 on any social media/networking sites.
• Sharing data classified as Top Secret, Secret and Confidential without proper approval.
• Sharing data that may be detrimental to the State.
• Sharing an unprofessional message or image when utilizing State email, messaging tools, websites, social media, etc.
State systems are intended for primarily business/instructional purposes, but limited (incidental and occasional) personal use may be permissible when authorized by your management and it does not:
•Interfere with work responsibilities or business/instructional operations.
•Involves interests in personal or outside business and/or other non-authorized organizations and activities such as selling or soliciting personal property/items, promoting commercial ventures, charitable, religious or political activities.
•Violate any of the standards contained in any Delaware code or policies.
•Lead to costs to the State. Excessive personal surfing, utilizing streaming services for personal use such as listening to music or watching video, and downloading of music and video files are specifically forbidden.
Personally Owned Devices
The Delaware Information Security Policy state on page 39 that “Any electronic equipment (PC, Laptop, iPad, iPod, etc.) that is not owned by the State cannot connect from an internal source (inside the firewall) to the State’s network.
Appendix B – State of Delaware Monitoring
State communications and computer systems, including but not limited to, computer networks, data files, email, and voice mail, may be monitored and/or accessed by the State to ensure the integrity of the technology, protect against fraud and abuse, detect unauthorized access or use, and for other business purposes. Although the Department of Technology and Information (DTI) does not randomly monitor message or network transactions, DTI may without notification or approval, monitor, access and review any and all communications originating from the State of Delaware or delivered to the State of Delaware – employees should have no expectation of privacy in regard to use of these services. This is in accordance with 19 Del. C. chapter7.
When DTI learns of a possible inappropriate use, DTI will immediately notify the agency/school district or affiliate responsible, which must take immediate remedial action and inform DTI of its action. In instances where agencies/school districts or affiliates do not respond in a timely or reasonably appropriate manner, are “repeat offenders”, or if criminal activity is suspected, DTI will work directly with the proper authorities, and follow their guidance in determining appropriate action.
Any inappropriate use of State communications and computer systems may be grounds for discipline up to and including dismissal based on the just cause standard set forth by Merit Rules, Student Discipline Policy Code, or collective bargaining agreement, whichever is applicable to the subject employee/student. Exempt employees shall be subject to appropriate discipline without recourse, except as provided by law.
In an emergency, in order to prevent further possible unauthorized activity, DTI may temporarily disconnect that agency or affiliate. If this is deemed necessary by the DTI staff, every effort will be made to inform the agency or affiliate prior to disconnection, and every effort will be made to reestablish the connection as soon as it is mutually agreed upon.
Any determination of non-acceptable usage serious enough to require disconnection will be promptly communicated to the Senior Manager at the agency or affiliate by the DTI Executive Team.
Unauthorized activity or non-acceptable usage determined at the agency/school district or affiliate may be subject to remedial action being taken in accordance with the acceptable use policy of that agency/school district or affiliate as well as those actions outlines above. The remedial action outlined in agency/school district or affiliate policies may differ from the remedial action as outlined in this policy.
DTI provides access to the state, national and international resources to its clients through connections with networks outside of Delaware. In general, it is the responsibility of those networks to enforce their own acceptable use policies. DTI will make every attempt to inform its clients of any restrictions on use of networks to which it is directly connected as such information is made available by the network provider.
DTI accepts no responsibility for traffic that violates the acceptable use policy of any directly or indirectly connected networks beyond informing the client that they are in violation if the connected network so informs DTI.
Appendix C - Internet Content Filtering
The State uses internet content management tools designed to restrict access to unauthorized internet sites. Internet sites may be restricted for several reasons such as the site is insecure, contaminated with virus or malware, places unconstrained demands on limited State resources or contains inappropriate content. This solution is not 100% effective.
Internet websites are categorized by web filters providers and the State limits access to certain categories deemed inappropriate.