7310. Electronic Files

  1. Following the procedures outlined in this section and in the DSHS Information Technology Security Manual does not guarantee that staff's messages and files will be protected. If a user fails to maintain their password security or leaves their terminal unattended while logged into the system, their messages and files are vulnerable. Also, staff need to be aware that messages that are sent can be forwarded to others, printed where others may read them, or sent to the wrong user.
  2. Electronic message systems, including voice mail, FAX, e-mail, the FamLink bulletin board, and the CA Intranet server, may be used only for state business purposes. Use of state resources for private gain or benefit is specifically prohibited by RCW 42.52.160. Records created through these systems are legally the property of the state. In the use of computer technology, staff are to comply with the provisions of DSHS Administrative Policy 15.10; chapter 15000, section 15205, of this manual; and the DSHS Information Technology Security Manual, a copy of which is available in each region through its Computer Information Consultant (CIC). However, WAC 292-110-010 provides for the occasional use of state resources when:
    1. There is no actual cost to the state; or
    2. The cost to the state is de minimis; i. e., so small as to be insignificant or negligible.
  3. The following points apply to CA staff:
    1. A manager, in the supervisory line of the employee, with reasonable justification, has access to data within CA's systems to carry out required business functions.
    2. State-provided electronic message systems may not be used to transmit or store information that promotes:
      1. Discrimination on the basis of age, race, color, gender, creed, marital status, national origin, disability, or sexual orientation;
      2. Harassment;
      3. Copyright infringement;
      4. An employee's personal political beliefs or personal business interests; or
      5. Any activity prohibited by federal, state, or local law or regulation.
    3. Transmission of e-mail messages containing confidential or privacy-protected data (e. g., confidential client or employee data) shall:
      1. Be marked private;
      2. Not be proxied or forwarded, except in "need to know" situations.
    4. Supervisors shall not disclose to third parties the contents of electronic files under an employee's control, except under unusual circumstances; for example:
      1. Compliance with applicable public disclosure laws, discovery rules, or pertinent law; or
      2. When disclosed as part of an official department, state, or external investigation.
    5. Staff shall not disclose confidential passwords used to gain access to local, wide area, and FamLink. If the password is compromised, staff shall change it immediately.
    6. In order to assure confidentiality of client information, staff will use CA network equipment to print or transfer client information or photos.