Internet Reporting
Number: ENT-SEC-091
Established for: State of Montana Information Technology Enterprise
Steve Bender, Acting Director
Department of Administration
Jeff Brandt, Acting Chief Information Officer
Information Technology Services Division
Department of Administration
October 2004
Policy - Requirements
SCOPE
This policy applies to all computers that reside on the inside of the State's Internet firewall, including all state agencies as well as local government entities. This policy does not apply to colleges and universities, the Commissioner of Higher Education Office, or public access computers in libraries.
PURPOSE
The Department of Administration Information Technology Services Division (ITSD) has the responsibility to insure that the state's telecommunications systems are used in the most effective and secure manner. To do so, ITSD believes that employees must understand the appropriate use of Internet resources. ITSD also finds that allowing access to certain types of web services or sites does not lead to effective and secure use of the systems. Therefore, ITSD adopts the following policy.
The purpose of this policy is to describe the steps to be taken to respond to requests for Internet reporting. This policy is to be used for all requests for Internet reporting, regardless of the agency or individual that is making the request.
DEFINITIONS
Agency - Any State or local agency, or other entity that uses the State's Internet services.
Internet Reporting - 1) The ongoing analysis of overall Internet usage conducted by ITSD, or 2) a report by ITSD of an employee(s) access of web site(s).
REQUIREMENTS
Reporting of Internet access activity may be provided for the following reasons.
- Capacity Management. ITSD will analyze Internet traffic to ensure there is adequate bandwidth to meet user needs, including adequate response times and within budgeted costs of providing the Internet services. ITSD staff, during the course of their analysis, will report any access to a site or class of sites that does not appear to be work related and that is of sufficient volume that may be a potential capacity issue to ITSD management.
- Agency Request. Agencies can request a report of Internet sites accessed by an employee(s) of the agency. Agency requests must be in writing from the agency head using the form entitled Request for Agency Communications Records (see Appendix A). The request should be directed to ITSD's Policy and Planning Services Bureau Chief.
- Public Request. Requests for Internet access records of an individual employee by the public will not be honored without the approval of agency head.
- Involvement of Law Enforcement. A request from law enforcement for Internet access records cannot be honored without the appropriate court order (search warrant, etc.). This does not preclude ITSD or any other agency from contacting law enforcement as part of an investigation initiated by the agency. Agency legal counsel should be consulted whenever a court order is served or an investigation involves contact with law enforcement.
Background - History on the creation of or changes to this policy
This policy was created by the Policy & Planning Services Bureau of the Information Technology Services Division. The policy was distributed to the Information Technology Manager's Council, Information Technology Advisory Council and the SummitNet Executive Council for comment prior to adoption.
This policy was updated by ITSD in 2004 because of the dissolution of the Council.
Guidelines - Recommendations, not requirements
All entities that use the state's network that are not included within the scope of this policy are encouraged to adopt a similar policy.
References - Laws, rules, standard operating procedures and applicable policies
2-17-302, MCA; ARM 2.13.102; ARM 2.13.107; MOM 3-0130; MOM 3-0620; Internet Acceptable Use Policy, SummitNet Acceptable Use Policy, Transmission Privacy Policy, User Responsibilities Policy.
Appendix A - Request for Agency Communications Records