Library: Policy
OKDHS:2-37-13. Official Social Networking and Social Media (SNSM) business use by Oklahoma Department of Human Services (DHS) employees
Revised 8-1-14
(a) Purpose. Official SNSM business use by DHS employees, units, offices, or programs is intended to:
-
(1) educate the public about the DHS mission and goals;
-
(2) officially interact with citizens, stakeholders, and clients;
-
(3) connect with media, other agencies, and the general public in times of crisis; and/or
-
(4) assist with emergency, disaster, or crisis communications.
(b) Authorization. Official SNSM business use by DHS employees, units, offices, or programs may only occur with prior Office of Communications written authorization.
-
(1) The Office of Communications is responsible for overseeing DHS key messages communicated through SNSM. To obtain authorization to use SNSM there is:
-
(A) verification the technology is on the list of technologies approved by the Office of Management and Enterprise Services (OMES);
-
(B) an identified employee to moderate comments, when commenting features are enabled, as part of his or her accountabilities listed on OMES Form HCM-111, Performance Management Process (PMP); and
-
(C) approval by the respective DHS office or program director.
-
-
(2) When the Office of Communications approves the official SNSM business use:
-
(A) office or program staff ensures the site is monitored, ensuring compliance with state law and DHS policy; and
-
(B) the Office of Communications reviews content prior to posting and reserves the right to restrict or remove any content deemed in violation of DHS standards or applicable laws.
-
-
(3) The Office of Communications and Community Relations director maintains a log of all SNSM services DHS employees use for official business purposes.
-
(4) Conducting official state business on personal SNSM accounts is prohibited.
(c) Ethics and code of conduct. When SNSM is used for official business, DHS employees must:
(1) follow state and agency policies and guidelines pertaining to email and computer usage including, but not limited to, policies regarding solicitation, obscenity, harassment, pornography, sensitive information, and malware;
(2) follow ethics rules and statutes;
(3) follow the State of Oklahoma Information Technology Accessibility Standards.
(4) follow the State of Oklahoma Social Networking and Social Media technology toolkits, when published by OMES;
(5) ensure user names, comments, photos, videos, posts, and all content are in good taste and appropriate for a professional environment;
(6) respect copyright laws and reference sources appropriately, identifying any copyrighted or borrowed material with citations and links;
(7) disclose DHS affiliation;
(8) not disclose DHS information its employees are required by law to keep confidential;
(9) respect the privacy and opinions of colleagues, commenters, and others;
(10) ensure material is accurate, truthful, and without error;
(11) ensure comments comply with the State of Oklahoma Social Networking and Social Media Standard Commenting Policy;
(12) avoid personal attacks, online fights, and hostile personalities;
(13) refrain from posting content that could compromise the safety or security of the public or public systems, solicitations of commerce, promotion or opposition of any person campaigning for election to a political office, or promoting or opposing any ballot proposition;
(14) refrain from posting content that promotes, fosters, or perpetuates discrimination on the basis of race, creed, color, age, religion, gender, marital status, with regard to public assistance, national origin, physical or mental disability, or sexual orientation; and
(15) refrain from conducting online activity that may violate applicable local, state, or federal laws or regulations.
(d) Security. The DHS Security and Emergency Management administrator reviews selected SNSM service providers, clients, and associated plug-ins to identify potential security vulnerabilities prior to use.
-
(1) To maintain DHS network username and password securities, DHS employees must:
-
(A) never transfer sensitive information, such as usernames, passwords, Social Security numbers, and account numbers;
-
(B) never engage in peer-to-peer file sharing through the DHS network;
-
(C) follow guidelines pertaining to email attachments when transferring files through SNSM; and
-
(D) configure his or her SNSM in such a way that messages are not received from unauthorized users in order to prevent vulnerability to denial of service (DoS) attacks.
-
(e) Escalation. In the event a virus, malware, or other suspicious activity is observed on the user’s machine, the employee immediately contacts the DHS Service Center (Help Desk) to determine the cause.
-
(1) When confirmation of a virus or other non-DHS authorized application is present, the Help Desk attempts to clean the machine using authorized DHS programs and procedures. When cleaning is unsuccessful:
-
(A) the user immediately shuts down the computer without further use, including saving or moving data;
-
(B) the Help Desk arranges for the machine’s recovery; and
-
(C) access to the machine after infection confirmation is prohibited.
-
(f) Monitoring. DHS employees log all official SNSM business use in a location other than the SNSM site.
-
(1) Logging at a minimum includes the:
-
(A) name of the user;
-
(B) date and time of use; and
-
(C) user activity.
-
-
(2) Users may not expect privacy. Supervisors may request or be provided employee Internet usage reports from the Security and Emergency Management administrator.
(g) Records management and open records.
-
(1) SNSM communications are subject to the Office of Records Management and the Child Internet Protection Act (CIPA) requirements. Content, comments, and replies posted on official OMES Web 2.0 or SNSM technology are subject to the Oklahoma Open Records Act. Information disseminated using SNSM technology is subject to re-print in newspapers, magazines, or in other online media formats.
-
(2) SNSM content created or received by DHS personnel may meet the definition of a record as defined by state Statute and retained as required:
-
(A) whether conducted during work hours or personal time;
-
(B) regardless of whether the communication device is publicly or privately-owned; and
-
(C) when the transaction is DHS official business.
-