Employee Use of CDC Information Technology Resources

The purpose of this issuance is to establish the policy for employee use of Information Technology (IT) resources at the Centers for Disease Control and Prevention (CDC).¹ This policy applies to all CDC IT resources regardless of location (i.e. office, home, field locations, etc.).

II. BACKGROUND

The mission of CDC requires its employees to have access to electronic mail (e-mail), Intranet, Internet and other IT resources (such as the CDC local area network, voice mail, telephones, faxes, pagers, copy machines, etc.) to support the conduct of official programmatic and administrative duties. Use of these systems of communication is intended for official purposes. However, CDC employees may use CDC IT resources for limited personal use under certain circumstances.

III. POLICY

Employees are permitted limited use of e-mail, Intranet, Internet and other IT resources (e.g., voice mail, telephones, faxes, pagers, and copy/print machines) for personal needs if the use is incidental, involves minimal additional expense to the government, is performed on the employee's personal time, does not interfere with the mission or operations of the agency, and does not violate federal laws or the following provisions of this policy.

Employees are also permitted use of these resources for personal needs during duty hours, insofar as such use is for professional enhancement related to the mission of CDC.

IV. AUTHORITY

Generally, employees may use government equipment for official purposes only, or as authorized by the government. As set forth in this policy, incidental personal use of CDC IT resources by employees during personal time is considered to be an "authorized use" of government property as that term is used in the Standards of Ethical Conduct for Employees of the Executive Branch.

V. PROCEDURES

1. Prohibited Uses

Use of CDC IT systems and resources are subject to federal laws and regulations governing such, including, but not limited to:

• Anti-Lobbying Statutes
• Copyright Act
• Freedom Of Information Act
• OMB Circular A-130, Management of Federal Information Resources
• Privacy Act
• Standards of Ethical Conduct for Employees of the Executive Branch

With respect to these laws and regulations, prohibited uses include:

• Lobbying Congress on behalf of causes, individuals, or organizations.

• Promoting or conducting political activities.

• Accessing or using information inappropriately which is protected by the Privacy Act, or other federally mandated confidentiality provisions, and/or by OMB Circular A-130, Management of Federal Information Resources.

 
• Making personal use of e-mail, Intranet, Internet or other IT resources to advertise, trade (including buying or selling stocks), give away, solicit, or provide goods or services, except under circumstances and conditions that are specifically authorized by CDC, (e.g., through SHARE announcements or CDC-sanctioned bulletin boards).

 
• Violating copyrights or software licensing agreements.

Employees, including managers and supervisors, shall avoid any use of CDC IT resources and systems that demeans other employees, groups, individuals, and organizations, or causes unnecessary costs, congestion, delay, or disruption of service to any government systems or equipment, including:

• Disseminating, intentionally accessing, or storing offensive or disparaging information, including hate literature, pornographic or sexually explicit images, or racist literature. (This restriction does not apply to the conduct of behavioral or other scientific research and communications that may be authorized by an employee's parent organization).

• Sending, or contriving to send, anonymous messages.

 
• Overriding or avoiding security and integrity procedures and devices.

 
• Using hardware and/or software, or downloading software, that is not authorized by CDC, IRM technical standards, or by the employee's parent organization. (Note: A parent organization may use a blanket authorization in this regard).

• Subscribing to mail lists or list servers that are not related to official CDC business, nor to professional enhancement in support of CDC's mission.

 
• Participating during duty hours in unauthorized chat rooms not related to CDC business or to professional development.

 
• Transmitting chain letters.

 
• Conducting or participating in fund drives or charitable events not authorized by CDC. (Use of e-mail for authorized charitable events, e.g., Combined Federal Campaign, is permitted).

 
• Subscribing to push technology services that are not related to official CDC business or to professional enhancement. This refers to subscription type services that send information to personal computers automatically and routinely as a result of prior registration by the user. Examples of such services include:weather reports, sports news, and stock market updates. Permitted push technology services are those that provide information on CDC business or professional enhancement topics such as medical, health, or technology related subjects.

 
• Creating, receiving, transmitting, or storing classified (national security) information.

 
• Using telephones or faxes for long distance personal use, except as may be specifically authorized in federal travel regulations or other policies.

 
• Establishing personal web sites or bulletin board systems.

 
• Using CDC logos to misrepresent personal materials as falling under official CDC auspices.

 
• Intentionally misrepresenting, either implicitly or explicitly, personal views or comments in electronic forums or e-mail as agency policy or position. (Note: if there is reasonable expectation that a personal communication could be interpreted as official business, then a disclaimer shall be used. For example, "My personal opinion is...," or "While not speaking on behalf of the CDC, I think....".).

Executive Branch employees, including CDC employees, do not have a right to nor expectation of privacy while using any government equipment at any time, including: accessing the Internet (e.g., participating in a "chat" room or forum), using e-mail, or during authorized personal use. To the extent that employees prefer their personal information resources to remain free of access by supervisors and managers they should avoid use of CDC IT resources and systems.

Except in the legitimate performance of their duties, CDC policy prohibits system administrators, agency officials, and supervisors from violating or overriding the privacy of an employee with respect to the information that the employee receives, stores, or transmits. Nevertheless, due to technical, administrative, or legal reasons, system administrators, agency officials, and/or supervisors may be authorized to access information, files, materials and messages which reside in hardware or software used by employees. Authorizations must be documented and made available to employees as soon as possible after authorized access occurs; and their acknowledgment of the event noted on the Authorization for Single Instance Access to Employee Information Resources form found as an exhibit to this policy.

4. Monitoring, Compliance, and Disciplinary Action

CDC has the capability and the authority to evaluate the performance and use of its IT resources and will routinely monitor their use. Individuals who abuse these resources, knowingly interfere with the operation of IT systems, or otherwise fail to comply with the provisions of this policy are subject to disciplinary action, including loss of associated privileges.

VI. REFERENCES

A. 5 CFR 2635,	Section 101, Basic Obligation of Public Service,
	Section 704, Use of Government Property,
	Section 705, Use of Official Time.

 
 

B. 17 USC, COPYRIGHTS, Sections 106-110, Exclusive Rights and Limitations.

C. 18 USC 1913, Lobbying With Appropriated Moneys.

D. 45 CFR 5, Freedom of Information Regulations.

E. 45 CFR 5b, Privacy Act Regulations.

F. 41 CFR 101-35.201, Telecommunications Management Policy, Authorized Use of Long Distance Telephone Services.

G. CDC Printing Management Manual Guide CDC-1, Reproduction of Copyrighted Materials, 12/10/97.

H. OMB Circular A-130, Appendix III, Security Of Federal Automated Information Resources.

¹ References to CDC also apply to ATSDR.

Originally Posted at: http://basis1.cdc.gov/BASIS/masompb/POLICIES/POLICIES/DDD/90