COMMENT DUE DATE:
July 27, 2012
DATE:
July 17, 2012
Casey White or Sheree Powell, Office of Communications (405)521-3027
Dena Thayer OIRP Programs Administrator (405)521-4326 Nancy Kelly, OIRP Policy Specialist (405)522-6703
RE:
Non-APA WF 12-M
The proposed policy is Non-APA . This proposal is not subject to the Administrative Procedures Act
The proposed effective date is August 1, 2012.
OKDHS:2 ADMINISTRATIVE COMPONENTS
Subchapter 37. Communications
OKDHS:2-37-12 through 2-37-15 [ISSUED]
(Reference APA WF 12-M)
SUMMARY:
Social media regulations are issued to provide guidance to Oklahoma Department of Human Services staff and to comply with Office of State Finance requirements.
SUBCHAPTER 37. COMMUNICATIONS
OKDHS:2-37-12. Purpose and scope of social media
(a) Purpose. OKDHS:2-37-12 through 2-37-15 address:
(1) Oklahoma Department of Human Services (OKDHS) Social Networking and Social Media (SNSM) technology intended for interaction with the public through external communication;
(2) technology intended to promote internal communication among OKDHS employees; and
(3) guidance for OKDHS employees on the personal use of social media.
(b) Scope.
(1) OKDHS employees may utilize social media within the guidelines and limitations of this policy. When social media sites are accessed for any reason, including personal use, OKDHS employees are subject to:
(A) OAC 340:1-1-20 regarding confidentiality;
(B) OKDHS:2-45 regarding information security;
(C) OKDHS:2-1-7 regarding disciplinary action;
(D) OKDHS:2-1-26.1 regarding the Fair Labor Standards Act;
(E) records retention rules;
(F) Oklahoma Information Security Policy, Procedures and Guidelines per http://www.ok.gov/OSF/documents/StateOfOklahomaInfoSecPPG_osf_12012008.pdf; and
(G) OSF social networking and social media standards per http://www.ok.gov/OSF/Information_Services/Social_Media/, which includes:
(i) State of Oklahoma Social Networking and Social Media;
(ii) State of Oklahoma Social Networking and Social Media Development Methodology; and
(iii) State of Oklahoma Social Networking and Social Media Guidelines.
(2) Any employee found to have misused or abused a SNSM service or violated this policy may be subject to disciplinary action, up to and including termination of employment.
(3) OKDHS employees must not use their OKDHS user name or password in the personal use of social media.
OKDHS:2-37-13. Official business use of social media by OKDHS employees
(a) Purpose. Official business use of social media by an OKDHS employee, unit, office, or division is intended to promote and market the OKDHS mission and goals; officially interact with citizens, stakeholders, and clients; connect with media, other agencies and the general public in times of crisis; and/or assist with emergency, disaster or crisis communications.
(b) Authorization. Official business use of social media by any OKDHS employee, unit, office, or division may only occur with prior written authorization from the Office of Communications.
(1) The Office of Communications is responsible for overseeing the OKDHS brand identity and key messages communicated through social media.To obtain authorization to use social media there must be:
(A) verification the technology is on the list of technologies approved by the Office of State Finance (OSF) Information Services Division;
(B) an identified employee to moderate comments, if commenting features are enabled, as part of his or her accountabilities listed on OPM-111, Performance Management Process (PMP); and
(C) approval by the respective OKDHS division director.
(2) Once the Office of Communications approves the official business use of social media:
(A) division staff must ensure the site is monitored, assuring compliance with state law and OKDHS policy; and
(B) the Office of Communications must review content prior to posting and reserves the right to restrict or remove any content deemed in violation of OKDHS standards or applicable laws.
(3) The Office of Communications Director will maintain a log of all social media services used by OKDHS employees for official business purposes.
(4) Personal social media or social networking accounts are prohibited for conducting official state business.
(c) Ethics and Code of Conduct. When social media are used for official business, OKDHS employees must:
(1) follow all state and agency policies and guidelines pertaining to e-mail and computer usage, including, but not limited to, policies regarding solicitation, obscenity, harassment, pornography, sensitive information, and malware;
(2) follow all ethics rules and statutes;
(3) follow the State of Oklahoma Information Technology Accessibility Standards per http://www.ok.gov/OSF/documents/isd_itas.doc
(4) follow the State of Oklahoma Social Networking and Social Media technology toolkits, when published by the OSF;
(5) ensure user names, comments, photos, videos, posts, and all content are appropriate for a professional environment and selected in good taste;
(6) respect copyright laws, reference sources appropriately, and identify any copyrighted or borrowed material with citations and links;
(7) disclose affiliation with OKDHS;
(8) not disclose information OKDHS and its employees are required to keep confidential by law;
(9) respect the privacy and opinions of colleagues, commenters, and others;
(10) ensure material is accurate, truthful and without error;
(11) ensure comments comply with the Commenting Policy, found in the State of Oklahoma Social Networking and Social Media Standard;
(12) avoid personal attacks, online fights, and hostile personalities;
(13) refrain from posting any content that could compromise the safety or security of the public or public systems, solicitations of commerce, or promotion or opposition of any person campaigning for election to a political office or promoting or opposing any ballot proposition;
(14) refrain from posting any content that promotes, fosters, or perpetuates discrimination on the basis of race, creed, color, age, religion, gender, marital status, with regard to public assistance, national origin, physical or mental disability or sexual orientation; and
(15) refrain from conducting any online activity that may violate applicable local, state or federal laws or regulations.
(d) Security. The OKDHS information security officer must review selected social media service providers, clients, and associated plug-ins to identify potential security vulnerabilities prior to their use.
(1) To maintain security of OKDHS network usernames and passwords, OKDHS employees must:
(A) never transfer sensitive information such as usernames, passwords, social security numbers and account numbers;
(B) never engage in peer-to-peer file sharing through the OKDHS network;
(C) follow guidelines pertaining to e-mail attachments when transferring files through social media; and
(D) configure their social media in such a way that they do not receive messages from unauthorized users in order to prevent vulnerability to denial of service (DoS) attacks.
(e) Escalation. In the event a virus, malware, or any other suspicious activity is observed on the user’s machine, the employee must immediately contact the OKDHS Service Center (Help Desk) to determine the cause of the situation.
(1) If confirmation of a virus or other non-OKDHS authorized application is present, the Help Desk will attempt to clean the machine using authorized OKDHS programs and procedures. If the cleaning is unsuccessful:
(A) the user must shut down the computer without any additional use, including saving or moving of data from the machine;
(B) the Help Desk arranges for the recovery of the machine; and
(C) access to the machine after confirmation of infection is prohibited.
(f) Monitoring. OKDHS employees must log all official business use of social media in a location other than the social media site.
(1) Logging should at a minimum include the following information:
(A) name of user;
(B) date and time of use; and
(C) user’s activity.
(2) Users should have no expectation of privacy. Supervisors may request or be provided reports of Internet usage by employees from the Information Security Officer as needed to monitor use.
(g) Records Management and Open Records.
(1) All Social Networking and Social Media communications are subject to the requirements of the Office of Records Management and the Child Internet Protection Act (CIPA). All content, comments and replies posted on any official OSF Web 2.0 or SNSM technology are subject to the Oklahoma Open Records Act.Information disseminated using SNSM technology is subject to being re-printed in newspapers, magazines or online in any other online media format.
(2) Social computing content created or received by OKDHS personnel, whether during work hours or on personal time, and regardless of whether the communication device is publicly or privately owned, may meet the definition of a record as defined by State statute, when the content is made or received in connection with the transaction of the official business of the agency and should be retained as required.
OKDHS:2-37-14. Internal use of social media by OKDHS employees
(a) OKDHS employees may use approved internal social media technology to promote employee engagement, collaboration, information sharing, and productivity.Approved activities include information sharing for employee recognition councils, fundraising, volunteerism, photo sharing, and division or county office information sharing and collaboration.Such social media sites are:
(1) not reviewed and approved by the Oklahoma Office of State Finance;
(2) subject to the approval of supervisors;
(3) subject to state law and OKDHS policy; and
(4) hosted within the OKDHS network.
(b) A list of approved technologies are posted on the OKDHS InfoNet for employee access and maintained by the Office of Communications.
OKDHS:2-37-15. Personal use of social media by OKDHS employees
(a) Oklahoma Department of Human Services (OKDHS) employees may use personal social media.
(1) Only minimal and occasional use of personal social media is permitted during work hours.
(2) OKDHS employees exercise caution when posting to personal social media sites.By virtue of their position, they must consider whether published personal content may be misunderstood as expressing an official OKDHS position.
(3) When posting or commenting about human services and/or the state of Oklahoma on personal social media accounts, it is recommended that employees post a disclaimer as a permanent part of any personal social media profile, such as, "The postings on this site are my own and may not necessarily reflect or represent the opinions of my employer."
(4) Employees are responsible for all social media activity, including their postings on the sites and pages of others.
(5) Employees must comply with division directives regarding the issuance of invitations to friend or acceptance of invitations to friend individuals with whom the employee has a professional relationship by reason of OKDHS duties.
(b) Inappropriate or unbecoming usage of social media by an OKDHS employee may be grounds for disciplinary action per OKDHS:2-1-7.
(c) Employees must:
(1) use a personal email address, not an OKDHS email address, for all personal social media accounts;
(2) ensure personal use of social media, including the language and topics of comments and posts, does not interfere with work commitments and accountabilities;
(3) never pretend to be someone else or use an anonymous profile when posting about human services, OKDHS or state of Oklahoma business; and
(4) obtain written permission from the OKDHS Office of Communications to use the OKDHS logo on personal social media accounts.
(d) Any social media activity by an OKDHS employee can become part of an official investigation.
