Loading...
HomeMy WebLinkAbout01-23RESOLUTION 01-23 RESOLUTION OF THE CITY COUNCIL OF THE TOWN OF LOS ALTOS HILLS ADOPTING THE INFORMATION TECHNOLOGY (IT) POLICY WHEREAS, the IT Policy replaces Section 14.9 Internet and Electronic Policy of the Employee Handbook; and WHEREAS, this policy applies to all employees (full time, part time, contract, temporary, hourly and seasonal employees), officials, consultants, contractors, volunteers, and any other individuals who are granted access to the Town's IT system and/or electronic communication platform, equipment and resources. WHEREAS, the Technology Committee and the IT Managed Services Provider reviewed the IT Policy and provided comments and voted in favor of sending the policy to City Council for review and approval; and WHEREAS, the Town's IT Managed Services Provider, will ensure all users adhere to the IT policy (Attachment A); and NOW THEREFORE, resolved by the City Council of the Town of Los Altos Hills that the Council hereby adopts the Town's IT Policy. The above and foregoing Resolution was passed and adopted by the City Council of the Town of Los Altos Hills at a special meeting held on the 24th day of January 2023 by the following vote: AYES: Swan, Mok, Schmidt, Tyson NOES: None ABSTAIN: None ABSENT: Tankha BY - Linda Swan, Mayor ATTEST: Deborah Padovan, City Clerk Resolution 01-23 Page 1 Attachment A LOS ALTOS MLLS 1'WOO �r�"'r1 The Town of Los Altos Hills Information Technology (IT) Policy CALIFORNIA The purpose of this policy is to ensure the proper use of the Town of Los Altos Hills ("Town") IT Systems. This policy will supersede Section 14.9 Internet and Electronic Mail Policy in the Employee Handbook. The Town provides computer, systems and communications equipment to those users who need it to perform their job responsibilities. The Town's electronic information and communication systems, including the Town's computers, Town applications, telephones, mobile phones, tablets, voice mail, scanners, fax machines, email, instant messaging, intranet, internet, electronic collaboration tools and storage platforms, whether on -premises or in the cloud (collectively "Information Technology Systems" or "IT Systems"). As IT Systems advance and expand, it is important that Town staff continually use and manage them in a manner that is consistent with the Town's mission, vision, values, and goals. Questions or concerns regarding the provisions of this policy should be raised with the Administrative Services Director. This policy applies to all employees (full time, part time, contract, temporary, hourly and seasonal employees), officials, consultants, contractors, volunteers, and any other individuals who are granted access to the Town's IT system and/or electronic communication platform, equipment and resources. Section 2 - Definitions 1. User - Town. employee, consultant, volunteer, or any person who uses the Town's computer and/or communication equipment and their related systems and tools. 2. IT Services – The Administrative Services Director (or designee). 3. IT Managed Services Provider – The firm contracted by the Town to provide technology services. 4. Encryption – Method of protecting data files from unauthorized access (e.g. create passwords for documents) above and beyond the network file security systems established by the IT division. Section 3 — Policy A. IT Systems and their contents, including any messages and/or information transmitted by Town staff, are the property of the Town. Nothing about or contained in the IT Systems shall or will be considered personal and/or confidential information. The Town may inspect, monitor, and/or audit all IT Systems, or any information contained in IT Systems, at any time, for any lawful purpose, without notice to any Town staff. Personal use of IT Systems should be kept to a minimum and for incidental purposes only. In the event Users use telephones, computer equipment, Internet access and e-mail for personal affairs, Users shall not expect the data to be protected from review, preservation, or deletion. Accordingly, Users Page 1 of 13 Resolution 01-23 Page 2 shall not use the Town's IT Systems to create or transmit information they wish to keep private. Uses of Town's IT Systems that result in the following are *strictly prohibited and may result in di.sciplin4ry and/or criminal action: L Violates or infringes on the rights of any other person, including the right to privacy; 2.. Contains defamatory, false, abusive, obscene, pornographic, profane, sexually oriented, threatening or illegal material, 3. Violates Town .policy or departmental regulations regarding harassment and discrimination; 4. Restricts or inhibits other users from using the -system or the efficiency of the computer, systems; 5.. Constructs e-mail so it. appears to be from another party; 6. Is intended to impede, damage, bring down another party's system, or to commit any .other form of electronic sabotage;. 7. Encourages the use of controlled substances oruses the system for the purpose of criminal intent; or .8. Any other illegal purpose or function; or 9. Use of any messaging system that is not encrypted end-to-end, R. The use Of IT Systems by Town staff is a privilege that may be withdrawn by the Town at any time. Town IT Systems shall -not be used for any commercial promotional purpose, resulting in the opportunity for personal profit or gain excluding IRS recognized retirement accounts, or to communicate any material with content that violates Town policies and procedures. The following example are defined as, but not limited to, types of inappropriate use: Creating, distributing, or purposely activating a computer virus; obscene messages, making threats; or harassment, sexual or otherwise as defined in Town policies or other applicable laws. C. Town staff shall take all reasonable and necessary efforts to prevent unauthorized -persons from accessing IT Systems and prevent the introduction of electronic malware. 1) Town staff shall never leave IT Systems unattended and in a state. that allows any third party to gain access to or use IT Systems without the proper authorization. 2) As applicable, all Town IT assets that have logins shall be enabled to use Two -Factor Authentication (2FA) to reduce the possibility of unauthorized access. All Users are responsible for protecting the Town's computer assets, computer data, and information systems always. 3) All Users are responsible for taking all. reasonable and necessary efforts to prevent 9 successful phishing and scam attempts, intended to get Users to reveal financial information, -system credentials or -other sensitive data, to prevent unauthorized persons from accessing IT Systems and prevent the introduction of electronic malware. 4) Users are required to take the, KnowBe4 webinars to increase knowledge of phishing and - scam attempts.. Page 2 of 13 Resolution 01-23 Page 3 5) Users are required to immediately notify IT Services when any IT Systems equipment is missing, stolen, 'or lost. Missing, stolen, or lost devices also shall be reported to the director of the employee's Department immediately. Notification shall include an itemized list of documents stored on such devices. D. Hardware device standards for IT Systems are set by IT Services and all IT Systems hardware must be procured through IT Services with department's approval. All hardware and software shall be installed, configured, and supported by the .IT Managed Services Provider as determined first by Town -wide policy and then departmental policy. IT Managed Services Provider shall reconfigure systems and delete unauthorized software and data as they see fit within the scope of their services. E. Only software purchased and/or licensed to the Town and installed under the direction of the Town's IT Managed Services Provider may be used on any IT Systems. Town staff shall not duplicate or copy any software on any Town IT Systems for use on any personal devices, equipment, or systems. Further, enrollment in any cloud software platform (SaaS) used to- conduct oconduct official Town business or store Town data, must be authorized by IT Services and any applicable Town -wide policy. F. Mobile phones See Mobile Telecommunication Devices Policy Section 14.8 of the Employee Handbook. G. Town staff shall not create individual offsite storage accounts, such as, cloud storage accounts, on any platform to store Town. data. Offsite data storage platforms, including, cloud storage accounts, can only be used to store Town data when specifically authorized by IT Services. Even when the use of offsite and/or cloud storage services are authorized by the IT Services, the use of any offsite and/or cloud storage services shall be governed by this policy. Any access to cloud storage accounts shall require 2FA capabilities. H. Town -provided USB devices may be used to store non -confidential Town documents as needed for business purposes. It- is recommended that USB devices be password protected. Town -provided USB devices shall only be plugged into non -Town computer systems that have been secured (e.g., computers with the latest virus protection installed.) Personal USB. devices shall not be used to store confidential Town documents other than those listed on the Town's Intranet. Use of such USB devices is strongly. discouraged. I. Access to Database and Information 1. All employees will sign the Employee Security Statement before having access to any private or confidential information or to any Town IT Systems. The original will be maintained in the employee's personnel record. a) New employees will sign the Statement as part of the orientation process. Human Resources Department will be responsible for this procedure. Page 3 of 13 Resolution 01-23 Page 4 b) Current employees will sign the Statement when access to the IT Systems or any private or confidential information is granted. Department heads are responsible for ensuring this procedure is conducted. c) Any database access credential will have the ability to be revoked by their supervisor. 2. If an employee has a valid business need to access a database on the Town IT Systems, the following procedure will be followed: a) The requesting employee will discuss the need with the employee's supervisor. b) Ifthesupervisor agrees that there is a need, the employee/supervisor will complete the Request for Employee Access form and. submit it to the Information Services in the Finance Department. C) The Administrative Services Director will review the information provided, verify that an. Employee Security Statement from the requesting employee is on file, and forward the form to the City Manager/Administrative Services Director with the Manager's recommendation. d) Upon approval by the City Manager/Director, IT Services and the Manager will grant access in the manner approved. e) The employee's supervisor.is responsible for notifying IT Services and the Manager of any restrictions or suspensions in access and for ensuring that no improper use of the access is made by the employee. f) Access to the Town's IT Systems is granted only -for the convenience of the Town and may be revoked or suspended at any time without cause. g) Users shall follow all established procedures for onboarding as well as off -boarding in case of voluntary or involuntary separation. J. Vendor Supplied Computer Systems —Town computer(s) shall only be used to access Town information. No other usage from these systems (e.g., Internet, e-mail) is permissible. Vendors must be given access through IT Services to the computer systems for remote support. K. Data Backup -- Files stored on the Town's IT Systems shall be backed up periodically (e.g., nightly) according to the, Town's network backup policies. Users shall utilize network resources to store their data files to the fullest extent possible to protect the Town's data resources. Users are responsible for ensuring that critical data. is always stored on network servers. No Town data shall be stored on desktop computer hard drives except during network outage problems. Town data shall be copied back to network servers as soon as - possible and deleted from desktop computer hard drives, laptops, or Town -provide storage devices. All backups shall be encrypted with keys that are not co -located with the stored files. L. Electronic Communication — The Town's IT Systems are designated to facilitate Town business and communication. through the appropriate use of the electronic communications systems and electronic storage thereon. The. Town values its electronic communications and electronic storage and takes measures to safeguard them. from corruption and illegal use, and to protect the Town ftom any possible liability due to illegal use of electronic Page 4 of 13 Resolution 41-23 Page.5 communications -and electronic storage. All electronic communications shall be encrypted end-to-end. M. Security ---Effective security is a team effort involving the participation and support of every User who deals with information and/or information systems. Acceptable use standards form a critical component of enterprise security. See .Attachment A -Information Security Procedures. Adherence to such security policy will ensure security of information. systems, various tools and techniques are employed including passwords, authentication tokens, biometrics, radio-frequency identification technologies, and/or any other means of verifying an individual's identity (collectively, "Authentication Device(s).") 1. Authentication devices, if issued to or used by Users, shall be kept confidential. Users shall not share Authentication Devices, or the information contained in an Authentication Device, with third parties or -other Users, Similarly, Users may not use the Authentication Devices of other Users, and' may not enter, access, or attempt to enter or access IT Systems assigned to other Users. 2. For security and network operations purposes,. authorized individuals within IT Service*s and IT Managed Services and the Town reserves the right to audit networks and systems as necessary to ensure compliance with this policy. may at any time. 3. Users shall not place'sensitive data (including but n*ot limited to payroll data, financial records, personnel files, or other confidential information)'on laptop. computers and/or other portable devices such as USB devices. Users are required to use the remote access service ' s -authorized and provided by the Town (e.g., VPN) to access sensitive data rather than downloading data onto laptop hard drives or other portable storage devices. 4. Computers shall not be left unattended in a state that affords inappropriate access to records of the Town or otherwise compromises security. (e.g.,, lock workstation or logoff). 5. User's access to computer, communication equipment and network resources may be limited at any time due to necessary security policies to protect the Town's network. The Town uses- monitoring software, and shall, at, Executive. Management or IT Services discretion, prevent unauthorized use. N. Internet -- All Internet Users are expected to be responsible "cybercitizens, " which means knowing the tools, rules, and etiquette and behaving in conformance with this policy. 1. Material posted to Internet newsgroups or bulletin boards shall not reflect negatively on the Town and not violate any trust or copyright laws. Internet access shall be used, only for Town business during working hours. 2.. Personal use shall be limited. All other Town employment policies (e.g., Workplace. Harassment Policy, social media Policy) apply to Internet use. O. No Expectation of Privacy for Computer and Communication Equipment —The 'tools provided by the Town in. accordance with this policy remain n the property of the Town and are provided for the purpose of business communications. Accordingly, the Town retains the right to review Users' usage of such equipment. Users shall have no expectation of privacy for voice communications, electronic mail (e- mail) communications, internet use, Page 5 of 13 . Resolution 01-23 Page 6 messaging, and all other uses of computer and communication equipment. The Town does use software tools to restrict access to Internet sites and e-mails deemed by Executive Management to be inappropriate for the workplace. The Town utilizes tools to track Internet use by Users. Examples of when Executive Management and IT Services may need to review User usage and messages sent or received include but are not limited to: 1. Retrieving lost messages 2. Recovering from system failures or monitoring system performance 3. Complying with internal and external investigations such as grievances, workplace harassment claims, or suspected criminal acts 4. Ensuring that. Town systems are being used for business purposes and polices 5. Responding to Public Records Act requests or litigation discovery No User or department may implement additional security or encryption requirements without discussing in advance with IT Services and IT Managed Services provider prior to implementation. Employees shall make the passwords or other keys to "unlock" such encryption techniques available to their supervisors upon request. At no time shall employees use their network password as an additional security password. P. Retention 1. Retention -is Based on the Content of the E-mail. The Town will maintain all e-mail messages determined by staff to be official records (those that relate in a substantive way to the conduct of business, or are made or retained for the purpose of preserving the informational content for future reference) for the period of time designated in the Town's retention schedule, based upon the content of the e-mail,) by printing and saving them in a paper subject/ project file, or by saving them electronically in a subject [project folder. 2. Official Records Are Saved and Stored in Subject / Project File Folders. Email messages which are intended to be retained in the ordinary course of the Town's. business are recognized as official records that need protection / retention in accordance with the California Public Records Act. Because the e-mail system is not designed for long term storage, e-mail communications which are intended to be retained as an official record (those.that relate in a substantive way to the conduct of business; or those that are made or .retained for the purpose of preserving the informational content for future reference) should be saved in an electronic subject / project folder on the Town's network, or be printed out and the hard copy filed in the appropriate subject / project file so they can be accessed by other employees. 3. The Town restricts Personable Storage Table (PST) utilization used. to store . copies of email messages, calendar events, and other personal information. 4. California Environmental Qualily Act CEQA) / National Environmental Quality Act EPA (usually the Planning Department) e-mails - (only.) E-mail submitted to, or transferred from the agency, and all internal agency communications, including staff notes related to a non-exempt CEQA action are required to be retained until Completion of Page 6 of 13. Resolution 01-23 Page 7 CEQA (California Environmental. Quality Act) Process'. This does not include: a. every e-mail and preliminary draft." b. e-mail equivalent to sticky notes, calen'daring faxes, and social hallway conversations — that is, e-mails that do not provide insight into the project or the agency's CEQA compliance with respect to the project — are not within the scope of [Public Resources Code Section 21167.6, subdivision (e) and need not be retained to comply with [S]ection 21167.6." 5.' Deletion of E-mail. E-mail communications that DO NOT relate in a substantive 'way to the conduct of business, or are NOT required to be retained by law nor by the City's Records Retention policies, and were NOT made or retained for.the purpose of preserving the informational content for future reference (preliminary drafts, notes, transitory correspondence., interagency* or intra -agency memoranda not retained in ..the ordinary course of business,) will be deleted by employees as soon as they are no longer required. 6. The Town will auto -delete e-mails left in the following mail boxes on a routine basis: a. In Boxes (delete what remains. after 2 years) b. Sent Items .(delete what remains after 2 years) c. Deleted Items (delete what remains after 90 days) Q. Archiving and "Auto -Archiving" of e-mails is not permitted. R. Personal Devices / Personal Accounts / Text messages. The Town discourages. the use of Personal - e-mail accounts, cell phones, or other personal devices to - conduct Town business. If any of these are used to conduct Town business: 1. If the e-mail from a.personal device, personal account, or text contains content that needs to be preserved, it should be either: Memorialized via -another record (memorandum, letter, or e-mail) that is saved for its retention period (based upon the. content of the record); or 2.. Copy or forward the e-mail or text to a city. e-mail account, where it will be properly saved in compliance with this policy. 3. E-mails, records, and/or text messages stored on personal devices or in personal accounts relating to the conduct of City business may be subject to the Public Records Act. 4. In the event a request for records is received,, employees must locate all records responsive to such request, including any records stored -on personal accounts or personal devices (unless an exemption applies.) S. Forwarding E-mails. E-mails may only be sent or forwarded to appropriate persons with a need to know the information to conduct Town business. T. Protection of Confidential E-mail. Write the word, "Confidential". on protected e-mail. Do not "interfile" e-mail or other privileged correspondence from the. City Attorney's office with Golden Door Properties,. LLC v. Superior Court of San Diego County (County of,San Diego, et al., Reall Parties in Interest) (D0766051 D076924., D076993) (4th Dist. 2020); PRC 2116716 Page 7 of 13 Resolution 01-23 Page 8 public documents (documents that are accessible to the public). These e-mails are subject to the Attorney -Client and or the Attorney Work Product. privileges, and the contents should not be disclosed without first checking with the City- Clerk. U. Litigation Holds Other Types of Holds. E-mails subject to litigation (including a reasonable expectation of litigation,) claims,. complaints, audits, records requests and/or investigations are to be preserved and normal retention periods are suspended for these emails (retention resumes after settlement or completion of the - tri gering hold): 0 V. Privileged Attorney -Client Communication. All employee's should be aware that communication and correspondences with the City Attorney's Office, and all work products, opinions, comments, written correspondences and emails from the City Attorney's Office are confidential and protected by the attorney-client privilege. Such privilege is only waivable by the City Council. Thus, employees shall not forward or reproduce attorney . client privileged, confidential communication and correspondences to any third party outside the Town, with the exception of Town -retained consultants who are a part of a Town project team or are providing advisory or project management services to the Town., Any questions regarding I whether a communication or correspondence is distributable, or whether a third party is considered a Town consultant able to receive privileged communication, should be directed to the City Attorney's. Office. W. Separation / Transfer of Users 1. The Town's IT Systems must be set, up to immediately disable a separated employee's access to Town e-mail and/or other technology. Human Resources and Information Technology shall ensure timely notifications of all employee separations. 2-. During separation, Human Resources will. ensure employees'. a. Forward any e-mails or text messages relating to City business stored on. personal devices or personal accounts to their City e-mail account. b. Employees are to close and/or remove any access to City e-mail or other technology systems from their personal devices. c.. Information Technology shall ensure that the employee's (former) Supervisor has access to the former employee's e-mail account. d. The records stored in. the e-mail account (including any archives,) Of an employee who separates, or transfers* shall be the 'responsibility of that employee's (former) supervisor. e. The former employee's supervisor shall review .the e-mails of the former employee,. ensure, the content of their e-mail account are preliminary drafts not. retained in the ordinary course of business (i -.e.. the content does NOT relate in a substantive way to the conduct of the public's business,) then authorize their f -period, if deletion, after' appropriate. records are retained or. their retention applicable. f. E-mails that remain in an account (that are not saved in a subject project file folder outside the e-mail system) will be routinely deleted after 2 years. Page 8 of 13 Resolution 01-23 Page 9 X. City Council Personal Computing Devices and Electronic Communications. The following rules shall be applicable to all Los Altos Hills Council Members: 1. To reduce -the amount of paper utilized by the Town, the Town Council Members shall be provided with the opportunity to utilize personal computing devices to store Town Council agenda materials and to access agenda materials during Council meetings. For purposes of this subsection, a "personal computing device" includes Wads, mobile phones, tablets, laptops, notebooks, desktop computers and other such devices. 2. During Council meetings,- noticed and open to the public pursuant -to the Brown Act, the use of personal computing devices.by Council Members to receive/send calls, emails, text messages or other communication is not permitted. 3. All information stored on the personal computing device may be subject to the California Public Records Act. 4. Use of any personal computing device provided by the Town to members of the Council shall comply with this IT Policy, shall be the property of the - Town, and shall be returned to the Town when the Council Member is no longer serving in such capacity. 5. The primary use of personal computing devices shall be for Town related business. Incidental personal use is permissible provided the use complies with this IT Policy. Y. Disciplinary Action Appropriate disciplinary action, in accordance with Section 10 of the Employee Handbook, may be taken if a User is found in violation of this policy. A User may also be subject to criminal, or civil prosecution in accordance with other applicable State or Federal laws. Page 9 of 13 Resolution 01-23 Page 10 ATTACHMENT A INFORMATION SECURITY PROCEDURES and EMPLOYEE SECURITY STATEMENT Section 1 Purpose The Town shall establish information security procedures to which Users are expected to adhere. These procedures are an extension of the Information Technology Use Policy and are applicable to all Users. The Town reserves the right to change the policies and procedures set forth in this policy at anytime. Users must not circumvent the policies, procedures, and safeguards implemented with the technology that protect the Town, its information, and its employees. Users must promptly report technology related security incidents or concerns to IT Services and IT Managed Services Provider Section 27 Policy Specifics A. Passwords Passwords are an important aspect of computer security. They are the' frontline of protection for User accounts. Passwords are -used for various applications at the Town. Some of the more common uses include network accounts, web accounts, e-mail accounts, screen saver protection, department specific applications, and voice -mail access. A poorly chosen password can compromise the Town 's network. As such, all Users are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. The Town requires the following: Network Minimum Length: 8 characters Complexity: letters, numbers, and special characters Remember last password: 5 previous passwords Require Password Change: 6 months Lockout Period: 15 minutes Never use the same password for Town accounts as for other non -Town account access (e.g., personal accounts, bank accounts, benefits, etc.). Passwords should not be written down. No User shall share their User ID or passwords with any other Town User, non -Town User, or person. No User shall log a person in and allow that person to perform work under a User ID. and password that does not belong to that individual. Authority and access to all information is based on User ID. If a person needs additional authority or access, that person, their supervisor, or their employee contact (in the case of a vendor) shall* contact IT Services to set it up. Page 10 of 13 Resolution 01-23 Page 11 All passwords are to be treated as sensitive and confidential. Users shall not reveal their password to anyone in any circumstances. For example, Users shall not reveal their password - over the phone, in an e-mail message, in any form of writing, including to any co-worker, family member, etc. As applicable, all accounts shall be protected by Two -Factor Authentication (2FA). B. Use of Town IT Systems with Non -Town Computer Equipment Users, can connect to the Town's network their personal computer equipment (excluding USB storage devices) to check email, calendar, and contacts, but not permitted to access other shared networks. Any employee who wishes to attach or connect a consultant, vendor, or contract worker's personal computer equipment (including laptops) to the Town's network shall agree to follow all the polices set forth, in the Town's IT Use Policy when attaching computer equipment to the Town's network at any Town facility. 1) Town staff shall inform non -Town. employees of the inspection requirements, and when possible, provide advance notice to IT Managed Services Provider through the Help Desk to schedule the inspection.. 2) The Town shall. attempt to maintain the privacy of the individual's equipment, but once attached to the Town's network, the Town retains the right to inspect the computer equipment .in accordance with the IT Policy. Except, as explicitly authorized, Users shall not allow Town.documents to be stored on a hard drive or other storage media attached to a non -Town personal computer. Users shall not allow personal computer equipment that is connected to the Town's network to be configured to allow web hosting, sharing, or wi-fi services. Town network access shall not be used to download files from the Internet, including but not limited to video, music, or applications, to a personal, non -Town computer. No attempt shall be made to access data by' any unauthorized means. The Town's security policies may limit network access, C. Vendor Remote Desktop Support In certain circumstances Town Vendors. are allowed to provide remote support to specific User desktop computers. If a User allows a vendor to ' remotely support the desktop, computer Users shall ensure that only the Vendor -specific application is open on the desktop. D. Employee Security Statement By signing this form, I confirm that I have read, Understand, and agree to the IT Policy and Attachment A. and understand the consequences for non-compliance to its terms.* Page 11 of 13 Resolution 01-23 Page 12 Thee Town collects and receives confidential and personal information from the public to administer the various functions for which it has responsibility. The Town is committed to protecting this information from unauthorized access, use, or disclosure. I understand the following are my responsibilities: 1. As an employee 'of the Town, I may access confidential and personal information maintained by the Town only when necessary to accomplish the responsibilities of my employment. I shall not access or use this confidential or personal information for reasons personal to me or. for personal gain. 2. I may disclose confidential or personal information maintained by the Town only to individuals who have been authorized to receive. it through the, appropriate procedures as governed by ' State law and Town ordinances and policy. In the case of confidential or personal information, a proper accounting of all disclosures must be made. 3.. I understand I have a duty to promptly notify a supervisor of an indication of misuse or unauthorized disclosure of confidential or personal information by any employee of the Town. 4: I understand that computer passwords to the various Town systems are considered confidential information. Page 12 of 13 Resolution 01-23 Page 13 Town of Los Altos Hills Information Technology .Policy Receipt I have read and understand the IT Policy including security policies and regulations stated above: I understand that failure to comply with these policies and regulations may result .in disciplinary action up* to .and including termination from employment. Additionally, I understand that I may also.be subject to criminal or civil prosecution in accordance with other applicable State or Federal laws. I certify under penalty of perjury, under the. State of California, that.the foregoing statements are true and correct. Executed at: County, California. (City) (County) Date: Employee Signature: Print Name: Date: Administrative Services Director: r Page 13 of 13 Resolution 01-23 Page 14