DATE: January 27, 2012
SUBJECT: Personal Use of Government Information Technology Resources
1. PURPOSE. This Directive defines acceptable personal use of Government information technology (IT) resources by Department of the Treasury employees. The Directive defines the minimum standards that apply to employees’ use of Government IT resources.
2. SCOPE. This Directive applies to all bureaus, offices, and organizations in the Department of the Treasury, including the offices of inspectors general within the Department. The provisions of this Directive shall not be construed to interfere with or impede the authorities or independence of the Department’s inspectors general.
3. POLICY. It is the policy of the Department of the Treasury to:
a. allow employees the privilege to use Government IT resources for non-Government purposes when such use involves minimal additional expense to the Government and does not overburden any of the Department’s IT resources;
b. permit limited personal use to employees during non-duty time for periods of reasonable duration and frequency of use;
c. grant use that does not adversely affect the performance of official duties or interfere with the mission or operations of the Department, bureaus or offices;
d. ensure that Government IT resources are not used for downloading, accessing or using illegal, inappropriate, and/or unauthorized content, including illegal content downloads (e.g., MP3s or movies) using file sharing programs, and downloading un-trusted, unapproved, or malicious software;
e. authorize use that does not violate the Office of Government Ethics (OGE) Standards of Ethical Conduct for Employees of the Executive Branch found at 5 Code of Federal Regulations (CFR) Part 2635, the Supplemental Standards of Ethical Conduct for Employees of the Treasury Department found at 5 CFR Part 3101, Employee Responsibilities and Conduct 5 CFR 735, the Department of the Treasury Employee Rules of Conduct found at 31 CFR Part 0, or the Hatch Act, 5 U.S.C. 7321 et seq.; and
f. hold employees accountable in accordance with Executive Order (EO) 13513, Federal Leadership on Reducing Text Messaging While Driving, issued on October 1, 2009. Treasury employees shall not engage in text messaging (a) when driving Government-owned, Government-leased, or Government-rented vehicles, or when driving privately-owned vehicles while on official Government business, or (b) when using electronic equipment supplied by the Government while driving.
4. RESPONSIBILITIES.
a. The Treasury Deputy Assistant Secretary for Information Systems and Chief Information Officer (DASIS/CIO) has Department-wide responsibilities to manage IT, including IT security, and to formulate Departmental policies on IT. The Office of the CIO will disseminate additional policy appropriate to this subject and provide, as necessary, assistance to Treasury offices and bureaus in its implementation.
b. The Heads of Bureaus and Offices, the Assistant Secretary for Management and Chief Financial Officer, the Inspector General, the Treasury Inspector General for Tax Administration, and the Special Inspector General for Tax Administration are responsible for ensuring this policy is disseminated to employees and modified, as needed, with guidelines specific to the organization considering factors such as its mission, the sensitivity of its systems and information, and labor management agreements where applicable.
c. Managers should ensure that employees are informed of appropriate uses of Government IT resources as a part of their introductory training or orientation, or the initial implementation of this policy.
d. Employees shall follow rules and regulations and be responsible for their personal and professional conduct. This includes adhering to Appendix B, Specific Guidance. The OGE Standards of Ethical Conduct state, "Employees shall put forth honest effort in the performance of their duties" (5 CFR 2635.101 (b)(5)). In addition, the Office of Personnel Management (OPM) regulations provide that "An employee shall not engage in criminal, infamous, dishonest, immoral, or notoriously disgraceful conduct, or other conduct prejudicial to the Government" (5 CFR 735.203).
5. GUIDANCE.
The personal use of Government IT resources requires responsible judgment, supervisory discretion and compliance with applicable laws and regulations. Appendix A, Definitions, contains definitions related to personal use and Appendix B, Specific Guidance, contains guidance applicable to this policy.
Employees must be aware of information technology security issues, which are addressed in the Department of the Treasury TD P 85-01, Treasury IT Security Program, found at the Office of Cyber Security’s website.
In addition, employees must be aware that their rights to privacy do not change even during limited periods of personal use. An individual has no right to privacy, nor should they have an expectation of privacy while using any Government IT resource at any time.
6. AUTHORITIES.
a. 5 CFR Part 2635, Office of Government Ethics, Standards of Ethical Conduct for Employees of the Executive Branch
b. 5 CFR Part 3101, Supplemental Standards of Ethical Conduct for Employees of the Department of the Treasury
c. 31 CFR Part 0, Department of the Treasury Employee Rules of Conduct
d. 5 CFR Part 735, Office of Personnel Management, Employee Responsibilities and Conduct
e. Executive Order 13513, Federal Leadership on Reducing Text Messaging While Driving
f. Hatch Act, 5 U.S.C. 7321, et seq.
7. REFERENCES.
a. Federal CIO Council, Recommended Executive Branch Model Policy/Guidance on "Limited Personal Use" of Government Office Equipment including Information Technology, May 19, 1999
b. TD 74-01, “Motor Vehicle Fleet Management”
c. TD P 85-01, Treasury IT Security Program
d. This directive supplements policies and requirements contained in the references cited above. The directive is not self-contained and must be read in conjunction with the cited references and any applicable collective bargaining agreements.
8. CANCELLATION. TD 87-04, “Personal Use of Government Information Technology Resources,” dated December 21, 2005, is superseded.
9. OFFICE OF PRIMARY INTEREST. Office of the Deputy Assistant Secretary for Information Systems and Chief Information Officer, Office of the Assistant Secretary for Management and Chief Financial Officer.
/S/
Dan Tangherlini
Assistant Secretary for Management
and Chief Financial Officer
Appendix A – Definitions
Appendix B – Specific Guidance
Appendix A
Definitions
a. Employee non-duty time means times when the employee is not otherwise expected to be addressing official business. Employees may, for example, use Government IT resources during their off-duty hours such as before or after a workday (subject to local office hours), lunch periods, authorized breaks, or weekends or holidays (if their duty station is normally available at such times). The use of Government IT resources during the aforementioned periods should be determined and/or agreed to by the employees and the organization’s managers.
b. Government IT resources includes but is not limited to: office and telephone equipment, personal computers and laptops, related peripheral equipment and application software, library resources, telephone equipment and services (including phone sets, cell phones, BlackBerry™ devices, pagers, Palm PilotsTM, and voice mail), fax machines, photocopiers, Internet connectivity and access to Internet services, and e-mail but does not include the use of franked or official envelopes and stationery, including mailing labels.
c. Information technology means any equipment or interconnected system or subsystem of hardware or application software that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data.
d. Minimal additional expense means an employee's limited personal use of Government IT resources is confined to those situations where the Government is already providing resources or services and the employee’s use of such resources or services will not result in any additional expense to the Government, or the use will result in fair wear and tear, or the use of small amounts of electricity, ink, toner or paper. Examples of minimal additional expenses include making a few photocopies, using a computer printer to print out a few pages of material, making occasional brief personal phone calls (within Department policy and 41 CFR 101-35.201), infrequently sending personal e-mail messages, or limited use of the Internet for personal reasons.
e. Limited personal use means activity by employees that is conducted during personal time in the course of the business day is considered an “authorized use” of Government property as the term is used in the Standards of Conduct for Employees of the Executive Branch (5 CFR 2635.101 (b) (9) and 2635.704 (a)). Employees are specifically prohibited from the pursuit of private commercial business activities or profit-making ventures using Government IT resources. The ban also includes employees using the Government IT resources to assist relatives, friends, or other persons in such activities (e.g., employees may not operate or participate in the operation of a business with the use of the Department’s IT and Internet resources).
f. Privilege, in the context of this policy, means that the Department is extending the opportunity to its employees to use Government property for limited personal use in an effort to create a more supportive work environment. However, this policy does not create the right to use Government IT resources for non-Government purposes. Nor does the privilege extend to modifying the equipment used, including loading personal software, copying existing software, or making configuration changes. Bureau and office-specific exceptions may be necessary, for example, to accommodate traveling staff members with a valid need to load money management software for keeping track of travel expenses.
g. File Sharing Technology also known as Peer-to-Peer (P2P), generally refers to any software or system allowing individual users of the Internet to connect to each other and trade computer files. These systems are usually highly decentralized and are designed to facilitate connections between persons who are looking for certain types of files. While there are many appropriate uses of this technology, a number of studies show the vast majority of files traded on P2P networks are pornography and copyrighted music. Data also suggests P2P is a common avenue for the spread of computer viruses within IT systems, and has been known to dominate a disproportionate segment of an organization’s available bandwidth.
h. Text Messaging is reading from or entering data into any handheld or other electronic device including but not limited to cell phones, handheld devices, or navigational tools for the purpose of: SMS texting, e-mailing, instant messaging, obtaining navigational information, electronic data retrieval, and electronic data communication. SMS stands for short message service. SMS is also often referred to as texting, sending text messages or text messaging. The service allows for short text messages to be sent from one cell phone to another cell phone or from the web to another cell phone.
i. Push Technology describes a style of Internet-based communication where the request for a given transaction is initiated by the publisher or central server. It is contrasted with pull technology, where the request for the transmission of information is initiated by the receiver or client.
Appendix B
Specific Guidance
1. Specific Provisions on the Limited Personal Use of Government Information Technology Resources
Under this model guidance, employees are authorized limited personal use of Government IT resources. This personal use must not result in loss of employee productivity or interference with official duties. Moreover, such use should incur only minimal additional expense and network time to the Government in areas such as:
a. communication infrastructure costs (e.g., telephone charges, telecommunications traffic);
b. use of consumables in limited amounts (e.g., paper, ink, toner);
c. general wear and tear on equipment;
d. minimal data storage on storage devices; and
e. minimal transmission impacts with moderate e-mail message sizes with small attachments.
2. Inappropriate Personal Uses
Employees are expected to conduct themselves professionally in the workplace and to refrain from using Government IT resources for activities that are inappropriate. Misuse or inappropriate personal use includes but is not limited to:
a. the creation, copying, transmission, or retransmission of greeting cards, video, sound or other large file attachments that can degrade the performance of the entire network. "Push" technology on the Internet and other continuous data streams would also degrade the performance of the entire network and are considered inappropriate use, which could cause congestion, delay, or disruption of service to any Government system;
b. accessing pornography or hacker sites, regardless of the security risks or the lack of a risk to the Department;
c. using Government systems as a staging ground or platform to gain unauthorized access to other systems;
d. the creation, copying, transmission, or retransmission of chain letters or other unauthorized mass mailings regardless of the subject matter;
e. using Government IT resources for activities that are illegal, inappropriate, or offensive to fellow employees or the public. Such activities include, but are not limited to: hate speech, or material that ridicules others on the basis of race, creed, religion, color, sex, disability, national origin, sexual orientation, or genetics;
f. the creation, download, viewing, storage, copying, or transmission of sexually explicit or sexually oriented materials;
g. the creation, download, viewing, storage, copying, or transmission of materials related to all gambling (legal and illegal), illegal weapons, terrorist activities, and any other illegal activities or activities otherwise prohibited;
h. downloading, copying, and/or playing of computer video games;
i. the use for commercial purposes or in support of "for-profit" activities or in support of outside employment or business activity (e.g., consulting for pay, sales or administration of business transactions, sale of goods or services);
j. engaging in any partisan political activity prohibited by the Hatch Act, engaging in any outside fund-raising activity, endorsing any product or service, or participating in any lobbying activity;
k. use for posting agency information to external news groups, bulletin boards or other public forums without authority. This includes any use that could create the perception that the communication was made in one's official capacity as a Government employee, unless appropriate agency written approval has been obtained or the use is not at odds with the agency’s mission or positions;
l. any use that could generate more than minimal additional expense to the Government (e.g., subscribing to unofficial LISTSERV or other services that create a high-volume of e-mail traffic);
m. the unauthorized acquisition, use, reproduction, transmission, or distribution of any controlled information including computer software and data, that includes privacy information, copyrighted material (beyond fair use), material subject to other intellectual property rights, proprietary data, or export controlled software or data; and
n. the downloading of files, such as music or other inappropriate material for the purpose of forwarding them to another individual. This activity, also known as “file sharing” or Peer to Peer (P2P), is considered outside the scope of limited personal use. Furthermore, engaging in P2P creates a substantial computer security risk in that it may facilitate the spread of computer viruses.
3. Proper Representation
It is the responsibility of employees to ensure that they are not giving the false impression that they are acting in an official capacity when they are using Government IT resources for non-Government purposes. If there is an expectation that such a personal use could be interpreted to represent an agency, then an adequate disclaimer must be used. One acceptable disclaimer is –"The content of this message is mine personally and does not reflect the position of the U.S. Government or the Department of the Treasury."
The OGE Standards of Ethical Conduct states, "…an employee shall not use or permit the use of his Government position or title or any authority associated with his public office in a manner that could reasonably be construed to imply that his agency or the Government sanctions or endorses his personal activities" (5 CFR 2635.702 (b)). In addition, 5 CFR 2635.704 concerning the use of Government property, 5 CFR 2635.705 use of official time and 31 CFR 0.213 concerning general conduct should be reviewed.
4. Access Management
Employees have no inherent right to use Government IT resources. Therefore, all bureaus and offices will establish appropriate controls to ensure that the equipment is used appropriately.
5. Privacy Expectations
Executive Branch employees do not have a right, nor should they have an expectation, of privacy while using any Government IT resources at anytime, including accessing the Internet or using e-mail. To the extent that employees wish that their private activities remain private, they should avoid using Government IT resources such as their computer, the Internet or e-mail. By using Government IT resources, Executive Branch employees give their consent to disclosing the contents of any files or information maintained using this equipment. In addition to access by the Department, data maintained on Government IT resources may be subject to discovery and Freedom of Information Act requests.
By using Government IT resources, consent to monitoring and recording is implied with or without cause, including (but not limited to) accessing the Internet or using e-mail. Any use of Government telecommunications resources is made with the understanding that such use is generally not secure, is not private, and is not anonymous.
6. Sanctions for Misuse
Unauthorized or improper use may result in loss of use or limitations on the use of the IT resources, disciplinary or adverse actions, termination, criminal penalties and/or the employee’s being held financially liable for the cost of improper use.
7. Implementation and Use
This policy is intended to be model guidance for the Department. Therefore, each bureau and office must assess its individual needs and responsibilities as they relate to mission, security, budget, workload, public contact, etc., in determining the extent to which this policy is established and implemented.