Table of Contents:

1.0 Effective Date

The effective date of the policy is January 4, 2000.

2.0 Overview

Access to the departmental electronic networks is provided as a resource for employees to support attainment of NRCan's mission and overall business line objectives. By encouraging effective and innovative use of the departmental electronic networks within NRCan, the Department enables its employees to explore new avenues of communication and share information with colleagues and with the public, reach out to wide audiences to spread NRCan policies, foster better public education, promote existing partnerships with the provinces and territories, and find ways to identify new partnerships. One of these networks, the Internet, is a vast and rapidly growing network of networks that links millions of users and a like number of computers around the world. This linkage enables Internet users to easily access and share a wealth of information on an increasingly wide variety of topics on a worldwide basis. The departmental electronic networks, therefore, represent a valuable resource for NRCan and its employees as a source of research and technical information, communication, public relations and departmental visibility.

Although the departmental electronic networks represent such a valuable resource, they also expose NRCan and its employees to potential harm if not used appropriately. Therefore, all aspects of the departmental electronic networks must be carefully managed to ensure that NRCan's image is properly protected, its legal risks are minimized and that access to and use of departmental electronic networks by NRCan employees and other authorized individuals is suitable for departmental purposes.

3.0 Definitions

For the purpose of this policy, the following definitions apply:

Acceptable use implies use by employees and other authorized individuals for conducting business on behalf of NRCan (refer to section 7.1).

Electronic networks are groups of computers and computer systems that can communicate with each other. Without restricting the generality of the foregoing, these networks include the Internet, networks internal to an institution and public and private networks external to an institution.

Monitoring is the recording and analyzing of the information and control transactions that take place on the electronic networks.

Unacceptable activity is any activity that violates departmental or Treasury Board policy (refer to section 7.3).

Unlawful activity includes criminal offences, contraventions of non-criminal regulatory federal and provincial statutes, and actions that make an employee, an authorized representative or the Department liable to a civil lawsuit (refer to section 7.2).

4.0 Purpose

The purpose of this policy is to clearly communicate NRCan's expectations of acceptable use of the departmental electronic networks, and to provide information and examples about unacceptable or unlawful activity which is not permitted. Its purpose is to ensure that departmental business is not compromised due to deliberate misuse of the departmental electronic networks and to protect the Government of Canada against legal risks caused by deliberate misuse.

5.0 Policy Statement

Use of the NRCan electronic networks by employees or others (as defined under section 6.0) is permitted for conducting business related to departmental programs and services, and for personal use only when such use is on personal time, is not for financial gain, and does not add to NRCan's costs. As such, the departmental electronic networks are to be used in a manner consistent with this policy and with Treasury Board's Policy on the Use of Electronic Networks. Any violations of these policies will not be tolerated and will be dealt with quickly, fairly and decisively.

6.0 Application

This policy applies to all NRCan employees and others who have been provided a departmental account to access the electronic networks, including specified period employees and students, bargaining agents, contract workers⁽¹⁾, volunteers, emeritus scientists, and visiting scientists. It extends to situations away from the workplace such as telework or remote access, including home PCs, during or outside working hours, where the departmental electronic networks are used.

7.0 Policy Requirements

7.1 Acceptable Use

The following examples of "acceptable use" of the departmental electronic networks include but are not limited to:

• supporting the business lines of NRCan;
• conducting one's work according to one's accountability and mandate in NRCan;
• communicating and sharing non-classified or non-protected² work related information with public service professionals, the public, and professional contacts;
• obtaining computer programs or non-commercial software to augment certain business tasks;
• supporting one's career development;
• making personal use on personal time as long as such use is in compliance with this policy; and
• making use of the Internet for any of the above.

Furthermore, NRCan employees are permitted to create individual home pages:

• that must relate to departmental programs and services;
• that must contain a disclaimer that the information and views expressed on the home page do not necessarily reflect the views of NRCan; and
• that must link to the main NRCan site or to the employee's sector home page and must be registered with the sector Webmaster.

7.2 Unlawful Activity

Unlawful activity is prohibited. For the purpose of this policy, "unlawful activity" is interpreted broadly to include actions that could result in sanctions of different kinds in a court of law. This includes criminal offences or failure to observe statutory requirements. The Department has a responsibility to report suspected illegal activity, via the Audit and Evaluation Branch, to the appropriate law enforcement agency.

The following examples of "unlawful activity" on the departmental electronic networks considered as "criminal offences" include but are not limited to:

• possessing, downloading or distributing any child pornography;
• infringing on another person's copyright without lawful excuse;
• causing a statement to be read by others that is likely to injure the reputation of any person by exposing that person to hatred, contempt or ridicule, or that is designed to insult the person;
• sending electronic messages, without lawful authority, that cause people to fear for their safety or the safety of anyone known to them;
• disseminating messages that promote hatred or incite violence against identifiable groups;
• distributing, publishing or possessing for the purpose of distributing or publicly displaying any obscene material;
• hacking and other crimes related to computer security, which include gaining unauthorized access to a computer system; trying to defeat the security features of the electronic networks; spreading viruses with the intent to cause harm; destroying, altering or encrypting data without authorization and with the intent of making it inaccessible to others with a lawful need to access it; and interfering with others' lawful use of data and computers; and
• making use of the Internet for any of the above, including downloading child pornography; publishing obscene material; or various other offences, for example, fraud, extortion, bribery or illegal gambling.

The following examples of "unlawful (though not criminal) activity" on the departmental electronic networks, in violation of federal and provincial statutes, include but are not limited to:

• violating another person's copyright or unauthorized use of trade-marks and patents;
• uploading or downloading commercial software in violation of its copyright;
• spreading false allegations or rumours that would harm a person's reputation;
• disclosing sensitive information without authorization which includes disclosing personal information, business trade secrets, or sensitive government information;
• unlawfully destroying, altering or falsifying electronic records;
• privacy infractions such as reading someone else's e-mail or intercepting e-mail in transit; and
• making use of the Internet for any of the above, including violating another person's copyright; disclosing or collecting personal information without authorization; or posting inaccurate information that causes harm or results in damages.

7.3 Unacceptable Activity

Unacceptable activity is prohibited. The following examples of "unacceptable activity" on the departmental electronic networks, in violation of Treasury Board and departmental policies, include but are not limited to:

• sending classified or protected² information on unsecured networks, unless it is sent in encrypted form;
• accessing, without authorization, sensitive information held by the government;
• causing congestion and disruption of networks and systems, through such means as sending chain letters and subscribing to list server electronic mail unrelated to a work purpose;
• sending abusive, sexist or racist messages to employees and other individuals;
• making excessive (implies an amount or degree too great to be reasonable or acceptable) public criticisms of governmental policy;
• representing personal opinions as those of NRCan;
• attempting to defeat information technology security features through such means as using someone else's password, user-identification or computer account; or disclosing one's password, network configuration or access codes to others; and
• making use of the Internet for any of the above, including intentionally interfering with the normal operation of any departmental Internet gateway; or using the Internet for private business, personal gain or profit, or political activity.

Furthermore, it is an "unacceptable activity" to use the departmental electronic networks to access or download Web sites or files, or send or knowingly receive electronic mail messages or other types of communication:

• that incite hatred against identifiable groups contained in personal messages; or
• whose main focus is pornography, nudity, and sexual acts.

7.4 Employee Responsibilities

7.4.1  Adherence to this policy is mandatory for all NRCan employees as well as contractors and other persons who have been authorized to work on behalf of the Department who access the departmental electronic networks.

7.4.2  Employees are responsible for becoming familiar with this policy and adhering to it every time they access the departmental electronic networks.

7.5 Management Responsibilities

7.5.1  The Assistant Deputy Minister, Corporate Services Sector, is responsible for establishing and maintaining departmental practices required to verify adherence to this policy.

7.5.2  The Responsibility Centre Managers are responsible for ensuring, in their respective areas, employees' and other authorized individuals' awareness and understanding of the requirements of this policy to ensure that they do not violate the policy through lack of understanding; that employees and other authorized individuals are properly security screened for access to systems, networks, or applications used to process sensitive information; and the termination of an employee's access to the departmental electronic networks in the event that she/he is no longer employed by the Department.

7.5.3  The Director General, Financial Management Branch, is responsible for maintaining a clause for the Articles of Agreement in the NRCan contract document that will ensure contractors' awareness and adherence to this policy.

7.5.4  The Audit and Evaluation Branch is responsible for investigating or coordinating the investigation of reports of unlawful or unacceptable use by NRCan employees and other persons who have been authorized to work on behalf of the Department. As well, the Audit and Evaluation Branch will, as part of its annual planning process, assess the need to review and report on compliance with this policy and the effectiveness of its implementation.

7.6 Disciplinary Measures

7.6.1  The Department will report suspected illegal activity, via the Audit and Evaluation Branch, to the appropriate law enforcement agency, unless legal advisors consider the matter too minor. The Department may take disciplinary action even where a criminal charge or civil lawsuit is not pursued.

7.6.2  Failure to comply with this policy could result in disciplinary action ranging fromdenying access up to and including termination of employment.

8.0 Monitoring

NRCan has an obligation to ensure compliance with this policy, along with other departmental and Treasury Board policies. Because of this obligation, it has to be recognized that some monitoring of the departmental electronic networks is required. The departmental electronic networks are routinely monitored for operational reasons which is necessary to assess system or network performance, protect government resources or ensure compliance with government policies. For the purpose of this policy, an analysis of usage logs will take place on an ad hoc basis as a result of a complaint; in an instance where there is a reasonable expectation of unlawful or unacceptable activity; or in an instance where obvious anomalies appear during routine monitoring practices for operational reasons. Any resulting investigation will be conducted in accordance with the Charter of Rights and Freedoms, the Privacy Act and the Criminal Code.

9.0 Access to Information

Departmental employees should be aware that the Department's firewalls, gateways and systems record which Web sites and electronic mail addresses were contacted and which computer within the Department made the visit or sent the message. The public could request access to these records under the Access to Information Act. This access could embarrass both the individual and the Department, depending on the nature of the site visited. It is understood that the exemptions of the Act would be applied, if applicable.

10.0 References

10.1 Relevant Legislation

• Financial Administration Act;
• Access to Information Act;
• Privacy Act; the Charter of Rights and Freedoms;
• National Archives of Canada Act;
• Official Secrets Act; the Criminal Code;
• Export and Import Permits Act;
• Crown Liability and Proceedings Act;
• Copyright Act; the Trade-Marks Act; the Patent Act;
• Canadian Human Rights Act.

10.2 Treasury Board Policies and Publications

• Policy on the Use of Electronic Networks;
• Conflict of Interest and Post-Employment Code for the Public Service;
• Harassment in the Workplace Policy;
• Government Security Policy;
• Government Communications Policy;
• Government of Canada Internet Guide;
• Management of Government Information Holdings Policy;
• Access to Information Policy; the Privacy and Data Protection Policy;
• Telework Policy; the Policy on Losses of Money and Offences and Other Illegal Acts against the Crown.

10.3 NRCan Policies and Publications

The Harassment in the Workplace Policy; the NRCan Web Guidelines.

11.0 Enquiries

Please direct enquiries about this policy to the Director, Information Services Division, Information Management Branch, Corporate Services Sector.

^¹ Contractors can, with NRCan management approval, access the departmental electronic networks for NRCan related purposes to the extent needed to complete a stated assignment. Where access to the departmental electronic networks is required it will be included in the terms and conditions of the contract, including an acknowledgment of this policy.

^² "Protected" replaced "Designated" (Government Security
Policy, February 2002).