Policy Reference

Category Security and Privacy
Approval Date  01-29-2009
Scope All Personnel

Purpose

To inform employees that the City reserves the right to search all City owned data resources and of employees obligations to protect relevant information as necessary to comply with appropriate laws, regulations and policies.


Policy

  1. City Computer Users should have no expectation of privacy with regard to any electronic data, files or electronic communications unless the information is protected per appropriate local, state or federal laws and regulations. (401.2)   Refer to the Electronic Mail policy for further information specific to the use of email.
  2. Use of the City's computer resources is subject to all federal, state and local law.   Information stored in computer resources is subject to disclosure as public record.
  3. When questions regarding public access of electronically stored data arise, the Law  Department should be consulted.
  4. Employees should reference the "Confidentiality Policy" of the City Personnel Policies for further information.
  5. Employees should refer to Department specific procedures related to the processing of confidential information including specific methods for retention or destruction when appropriate.
  6. Employees should ensure that no more than the minimum amount of privacy-related data is displayed (or printed) as defined by the specific purpose or use of the data
  7. Department requests for employee access to data must restrict, when possible, the user rights of employees and supervisors to ensure the structures (folders, tables, fields, data organization methods) are able to be maintained in-tact and to remain protected.

Compliance

  1. Missouri Sunshine Law
  2. Information privacy procedures should exist to describe the privacy program with respect to awareness and compliance. SM4.2.3(c), The Standard of Good Practice for Information Security
  3. Whenever the Primary Account Number (PAN) is displayed, the PAN should be masked. The maximum number of digits displayed should be either the first six or the last four. § 2.2, Payment Card Industry (PCI) Payment Application Data Security Standard, Version 1.1