|
Legal
Counsel > Frequently Asked Questions > Electronic Communication Policy
(November 2005)
1.5.1 Statement of Policy
These policies (as outlined below) on electronic communication
pertain to the churchwide organization of the Evangelical Lutheran
Church in America (hereafter, ELCA), a Minnesota nonprofit
corporation. These policies do not pertain to any other expressions
or entities related to this church.
The Evangelical Lutheran Church in America (ELCA) is committed to
providing an environment that encourages the use of computers and
electronic communications as essential tools to support the ELCA’s
mission and ministry. In utilizing the ELCA’s computers and
electronic communications systems including, but not limited to,
electronic mail and access to the Internet, it is important for all
people using these systems (hereafter, Users) to be aware of the
ELCA’s policy regarding responsible use.
It is the responsibility of each User to ensure that this technology
is used for proper business purposes and in a manner that (1) is
responsible, professional, and legal; (2) does not compromise the
confidentiality of proprietary or other sensitive information; (3)
does not compromise the security of the ELCA’s computer resources;
and (4) is consistent with good stewardship and the mission and
ministry of the ELCA.
1.5.2 Acquisition and Use
of Computer Resources
A. Computer Resources. The term computer resources includes, but is
not limited to: all hardware (including, but not limited to personal
computers, printers, scanners, servers, hand-held personal digital
assistants), software, computer systems, data, information,
electronic mail, instant messages, Intranet and Internet services,
and related systems.
B. Acquisition of Computer Resources. All computer resources for the
ELCA shall be purchased by Information Technology (IT), or with the
written approval of the director for IT by the unit. Requests for
computer resources shall be submitted to IT, with a Computer
Equipment Request Form signed by the budget director of the unit
requesting the purchase. The form is available on the ELCA Intranet.
Requests will be approved only if the computer resources involved
are necessary to carry out the mission and ministry of this church,
as determined by the requesting unit director, in consultation with
the director for IT. All purchases in excess of $5,000.00 must be
approved by the Capital Budget Committee.
C. Ownership of Computer Resources. All computer resources provided
to Users by or through the ELCA are assets of and owned by the ELCA.
All User data, information, programs, electronic mail, graphic
works, literary works, documentation, and other material created,
received, sent, or stored using ELCA computer resources, whether or
not designated as private or confidential, are assets of and owned
by the ELCA, not the individual User.
D. Access. Whether and to what extent an individual is provided ELCA
computer resources shall be determined by the director of the unit
in which the individual is employed or otherwise associated in
consultation with IT. The extent to which an individual is provided
access will be determined by the duties of the individual’s
position.
Requests for access to computer resources shall be forwarded to IT
using the User Security Profile Form. The form is available on the
ELCA Intranet. Requests for access must be received at least three
business days in advance of the need.
The ELCA may terminate or restrict an individual’s access to ELCA
computer resources at any time and for any reason. The decision to
restrict or terminate an individual’s access may be made by the
individual’s supervisor, unit director, the director for Information
Technology, or the Executive for Administration. Access of a User
will be terminated immediately at the end of the User’s relationship
with the ELCA. All e-mail subsequently sent to a former User’s
account will be undeliverable unless the User’s former unit requests
another individual (Proxy User) to receive e-mail sent to the
account. Requests for a Proxy User will be granted where there is a
business need to continue the former User’s account. Proxy User
requests should be submitted to IT by e-mail. Upon the termination
of a User’s access all computer resources in the possession of the
User are to be returned to Information Technology.
Information Technology annually will audit and update the User
Access lists.
E. Systems Security. Information Technology is responsible for
assessing the security risks and needs of ELCA computer resources
along with developing and implementing appropriate security
(Security Protocols). Without limiting the foregoing, the Security
Protocols shall require IT to track and record security incidents
and address security issues related to: (1) access; (2)
preservation, back-up, and recovery of data; (3) virus and other
system attacks; and (4) the environmental, fire protection,
redundancy, reliability, and controlled access requirements
necessary to protect ELCA computer resources. IT shall annually
conduct a computer resource risk assessment and update the Security
Protocols accordingly. A report of this annual assessment and
recommended updates shall be provided to the Cabinet of Executives.
All Users are required to comply with the Security Protocols
developed and implemented by IT.
It is the responsibility of every User to protect ELCA computer
resources from unauthorized access, modification, destruction, or
disclosure. If a User is uncertain whether a particular use will
jeopardize the security of any ELCA computer resource, the User must
contact IT before engaging in such use. Users must immediately
advise the IT Help Desk of any known or suspected security threat to
any ELCA computer resource. Without limiting the foregoing, Users
shall pay particular attention to the following:
1. Unattended Terminals.
An active terminal should not be left
unattended for any extended period of time, for example, overnight
or while the User is away from the office for several hours.
2. Passwords. Individual passwords for computers are confidential.
Each User is responsible for activity performed using the User’s
password. No User should attempt to obtain access to another User’s
documents or computer resources without prior authorization. Only
the User, the ELCA’s officers, general counsel, IT director, or the
User’s supervisor and unit director can authorize access to the
User’s documents or computer resources. If an unauthorized person
gains access to a User’s account, the User should contact IT
immediately.
3. Virus Protection. All files originating from a source outside the
ELCA, including files obtained over the Internet, must be checked
for possible computer viruses before being downloaded onto an ELCA
computer. The virus-checking software on each ELCA computer will
ordinarily perform this check automatically. If the virus checking
software detects a virus, the User will receive a virus warning
message. If this occurs, the User is prohibited from using their
computer until given permission to do so by an IT technician. If a
User suspects that a file may pose a virus risk, the User should
contact IT before downloading the file.
4. External Network Connections.
Only authorized personnel working
at sites administered by the churchwide organization may establish
Internet or other external network connections. Because other
connections may cause unauthorized access to the ELCA’s systems and
information, they are strictly prohibited. Prohibited connections
include, but are not limited to, the establishment of hosts with
public modem dial-ins, World Wide Web Home Pages and File Transfer
Protocol (FTP).
5. Data Backup. All Users should save important data and information
to their designated location on the ELCA network to assure it is
protected, preserved, and recoverable in the event of a computer
resource failure. The network is backed-up to assist in data
recovery in the event of a computer resource failure. Other
locations to which data and information may be saved, such as PC
hard drives, are not. Users who save data and information to
locations other than their designated location do so at their own
risk. Users without access to a network servers, including deployed
staff, should contact Information Technology for assistance with
data backup.
6. Data and File Security. Guidelines for the protection of ELCA
data are located on the Intranet in the policy for remote access or
out-of-the-office use. [currently under development]
F. No Privacy. Users do not have a personal privacy right in any
matter created, received, sent, or stored on ELCA computer
resources, whether or not the matter is designated as private or
confidential. The ELCA reserves the right to monitor its computer
resources and to read and copy all files or data contained on any
computer resource including, but not limited to, e-mail messages,
internet access records, and personal file directories, at any time
and without prior notice. The ELCA reserves the right to access all
computer resources for the purpose of supporting the mission and
ministry of this church, assuring compliance with statutory
requirements, as well as internal policies supporting the
performance of internal investigations, and assisting with the
management of the ELCA’s information systems.
G. Software License Restrictions and Trademark and Copyright Laws.
Most proprietary software licenses have legal restrictions
prohibiting unauthorized use and copying. Software may not be
loaded, downloaded, or received on any ELCA computer, including
software available on the Internet, unless it is approved in advance
by the IT director. Only personnel authorized by the IT director
may: (1) load, download, or receive software onto any ELCA computer
resource; (2) connect any hardware or other equipment to any ELCA
computer resource; or (3) move or change any ELCA computer
equipment. IT shall maintain a file of all software licenses. If an
individual is authorized to load, download, or receive software by
IT, that individual shall be responsible for forwarding the software
license to IT.
Users should always be careful with regard to programs or messages
that prompt them to automatically download update programs for their
computers. Users should never install programs or updates unless
directed by IT to do so. Information Technology has a standard
configuration installed on all ELCA computer equipment. When updates
are needed, they are tested to ensure both usability and
compatibility with existing applications before being automatically
installed on Users’ workstations. Users are notified by IT via
e-mail when updates have been installed. Users should notify IT if
an update to an application is necessary. The patch will be tested
and before deployment following IT’s standard procedure.
Information posted, viewed, or downloaded from the Internet may be
protected by copyright or piracy laws. Reproduction of protected
information is permitted only if such reproduction is (1)
permissible under applicable trademark, copyright and piracy laws,
or (2) based on express permission given by the trademark or
copyright owner filed in the unit using the information or material.
It is each User’s responsibility to comply with applicable
trademark, copyright, and piracy restrictions. If you have any
questions, contact the ELCA legal department before downloading,
copying, transmitting, or reproducing any graphic works, data,
software, or other information or material.
H. Prohibited Uses. It is the responsibility of each User to use
ELCA computer resources in a manner consistent with the mission,
ministry, and good stewardship of this church. Without limiting the
foregoing, Users shall not use ELCA computer resources in any way
that:
1. violates any law, statute, regulation, or ordinance;
2. violates any policy or procedure of the ELCA;
3. jeopardizes the security of any ELCA computer resource;
4. jeopardizes the tax exempt status of the ELCA, synod or
congregation, or any affiliate listed under the ELCA Group Ruling
for federal income tax exemption;
5. violates the legal rights of any person or entity;
6. creates unauthorized contractual liability for the ELCA;
7. gives the impression a User is representing, giving opinions,
making statements or commitments on behalf of the ELCA, unless
authorized to do so by the ELCA;
8. results in the transmission or receipt of obscene, pornographic,
discriminatory, harassing, defamatory, or political or partisan
campaign material;
9. interferes with the use of ELCA computer resources or the
computer resources of another person or entity;
10. involves personal financial gain, lotteries, gambling, or
raffles;
11. is inconsistent with norms of professional and business conduct;
and
12. reflects adversely on the ELCA.
If any User has a question or concern about the use or restriction
on use of a computer resource, the User should discuss the matter
with their supervisor, their unit executive director or director, or
the director of IT.
1.5.3 Responsible Use of
the Internet
A. The Internet is for work-related purposes. The ELCA’s connection
to the Internet is principally for work-related purposes through
e-mail and access to the Worldwide Web. Unauthorized use of the
Internet is prohibited. Unauthorized use includes, but is not
limited to: (1) posting, viewing, downloading, or otherwise
transmitting or receiving offensive, defamatory, pornographic, or
sexually explicit material; (2) gambling; (3) engaging in computer
“hacking” or other related activities; (4) attempting to disable or
compromise the security of information on any computer; or (5) any
illegal activity.
B. Participation in work-related Internet discussion groups is
permitted with certain restrictions. Users are responsible for
ensuring that all information they share in work-related Internet
discussion groups is accurate, and that any personal opinions they
express are clearly identified as “personal” and not the opinion of
the ELCA. Such participation is allowed to the extent that it (1)
does not reflect adversely on the ELCA and (2) is consistent with
all the ELCA’s standards and policies. Defamatory statements or
written attacks are strictly prohibited.
C. Take precautions when providing information. A User should never
provide confidential, proprietary, or restricted information about
the ELCA, its employees, synods, congregations, members, or vendors
without proper ’prior written consent by the ELCA.
D. Take precautions when obtaining information. Information obtained
from the Internet is not subject to quality controls and should be
verified by an independent source before being relied upon.
E. The ELCA may monitor Internet usage. The ELCA reserves the right
to monitor Internet usage at its discretion in the ordinary course
of business.
F. Users should be aware
of the Web Site Terms of Use and Web Site Privacy Policy. The
ELCA Web Site Terms of
Use provide important information on use of the ELCA web site
contents, posting and linking policies and other information for
third party users. The ELCA Web Site
Privacy Policy
describes practices with regard to personal data collected through
the web site.
1.5.4 Responsible Use of
E-mail
A. E-mail defined. For purposes of these policies, the term “e-mail”
is any electronic message sent in any form from one computer to
another including, but not limited to: (1) electronic mail; (2)
electronic messages sent to chat rooms; (3) bulletin boards; (4)
list servers; and (5) instant messaging.
B. E-mail is for business purposes.
The purpose of e-mail is to
facilitate business communications among ELCA Users and to enable
ELCA Users to carry out the duties of their positions.
C. E-mail correspondence is the property of the ELCA. All e-mail
correspondence is the property of the ELCA, whether or not related
to personal or confidential matters. The ELCA reserves the right to
monitor its e-mail system, including a User’s mailbox, at its
discretion in the ordinary course of business. The existence of
“passwords” and “message delete” functions do not restrict or
eliminate the ELCA’s ability or right to access electronic
communications. In certain situations the ELCA may be compelled to
access and disclose messages sent over its e-mail system.
D. Offensive, demeaning, harassing, defamatory, illegal, or
disruptive e-mail is prohibited. E-mail should conform to the same
standards of propriety and respect as any other verbal or written
business communication. Sending or forwarding offensive, demeaning,
harassing, defamatory, illegal or disruptive messages is prohibited.
This includes, but is not limited to, messages that are inconsistent
with the ELCA’s “Conduct in the Work Place” policies. Users who
become aware of or receive prohibited e-mail should notify the
ELCA’s director for human resources. Inappropriate use of e-mail may
be grounds for discipline, up to and including termination of
employment.
E. Users are responsible for eliminating inappropriate e-mail.
When
receiving e-mail from outside sources, Users have the responsibility
of immediately deleting all e-mail that falls below the ELCA’s
standards as articulated above, including all pornographic, obscene,
offensive, partisan political, and sexually explicit communications.
Users also have the responsibility of ensuring that the prohibited
e-mail is not seen by others. If the sender is a person known to the
User, the User has responsibility of informing the senders of the
e-mail that such communications are prohibited from ELCA premises
and equipment and should not be sent in the future.
F. Sending broadcast messages.
1. Internal Broadcast Messages. Broadcast messages to the ELCA group
may be sent with prior approval of the user’s unit director.
2. External Broadcast Messages. Only the Executive for
Administration or the ELCA Secretary can authorize a User or unit to
send other unsolicited broadcast messages including, but not limited
to, broadcast messages to any grouping of synods, regions,
congregations, and rostered persons.
G. Creation and Operation of List Servers, Bulletin Boards, and Chat
Rooms. A User may establish a list service, bulletin board, or chat
room using ELCA computer resources with the permission of the User’s
unit director and IT. The User shall be responsible for ensuring
that the list server, bulletin board, or chat room is operated as
specified by IT. The ELCA may terminate—at any time, for any reason,
and without notice—the operation of a list server, bulletin board,
or chat room operated using ELCA computer resources.
H. Deletion, Retrieval and Permanent Destruction of E-mail. Once
e-mail is 41 days old, it is deleted automatically unless it has
been archived by the User. Deleted e-mail will not be recovered for
Users. In some cases, e-mail may have been backed up to an
electronic tape by IT. Backups are erased annually. Retrieval of an
e-mail from backup will be authorized by the director for IT only
when legally required.
1.5.5 Web Site
Development, Content and Security
The ELCA churchwide office has developed
Web-site development
protocols. These protocols are
designed to ensure all ELCA churchwide office Web sites are of a
high quality, secure, legal, and technically compatible with the
ELCA churchwide office Web site. All ELCA churchwide unit Web sites
are required to be developed in compliance with these protocols.
This applies even if third party providers are hosting, developing,
designing, and/or assisting in churchwide unit Web sites.
A. Development of New Sites or Redesign of Existing Sites.
When new
unit Web sites are designed or existing sites are substantially
redesigned, the ELCA Web Manager must be consulted before work
begins. The Web Manager will review the plans with the unit to
identify items that must be checked with the protocols for quality
and legal compliance and will consult IT as appropriate. Users must
complete the ELCA Web Development Checklist (Checklist),
available
online. Upon completion of the unit
site, the unit must submit the completed Checklist that will assure
that all qualitative and legal requirements have been met. The final
permission for posting will be granted by the Web Manager after
receiving the completed Checklist.
B. Collecting Information from Web-site Visitors. Soliciting
personal information from visitors to a Web site, especially
children, can raise a number of legal issues. Accordingly, before
any such solicitation including surveys can be placed on ELCA
churchwide unit Web sites, it must be approved by the Web Manager
and the ELCA legal department. In addition, surveys must be approved
by Research and Evaluation.
C. Online Financial Transactions. Online financial transactions,
including credit card transactions, raise a number of legal and
security issues. Accordingly, all Web sites involving the exchange
of financial information or financial transactions, may only be
posted after completion of the forms available from the Office of
the Treasurer related to online financial transactions.
D. Independent Contractor Web-site Development Contracts. Units may
desire to use independent contractors to develop part or all of a
particular Web site. The creation of a Web site involves a myriad of
legal, technical, artistic, and content issues and concerns. In
order to protect the ELCA and ensure that all ELCA churchwide
organization Web sites are consistent with the ELCA electronic
communications policy and the protocols, the ELCA has developed a
standard Web-site development contract (Development Contract). If a
Unit wants to contract with an independent contractor, it must
consult with the ELCA Web Manager. The contract must then be
approved by the Internet Services Committee.
E. Approval of Content for Units Involved in State or Federally
Regulated Activities. Some units are involved in activities subject
to state or federal regulations. It is the responsibility of the
unit director to ensure that all content placed on any Web site
operated by the unit is in compliance with any applicable state or
federal regulation. If a unit director has any questions, the unit
director should contact the legal department before posting the
page.
F. Questions about Developing a Web site.
All questions about
developing Web sites should be directed to the Web Manager in
Communication Services.
1.5.6 Maintenance of Date
(to be completed)
1.5.7 Compliance Required
All Users must comply with the ELCA’s Electronic Communications
Policy. Violation of any of the terms of this policy may result in
discipline, up to and including termination of employment.
|
frequent
questions