Print
Share page with AddThis

Information Sensitivity Policy

SECTION 1: BACKGROUND

The risk to the Town, its employees and customers from data loss and identity theft is of significant concern to the Town and can be reduced only through the combined efforts of every employee and contractor.

SECTION 2: PURPOSE

The Information Sensitivity Policy is intended to help Town employees determine what information can be disclosed to non-employees, as well as the relative sensitivity of information that should not be disclosed outside of the Town of Fremont without proper authorization.  The information covered in these guidelines includes, but is not limited to, information that is either stored or shared via any means.  This includes: electronic information, information on paper, and information shared orally or visually.  It should be noted that the sensitivity definitions were created as guidelines and to emphasize common sense steps that you can take to protect the Town of Fremont information (ie: Town of Fremont Confidential information should not be left unattended).

Please note: The impact of these guidelines on daily activity should be minimal.

SECTION 3: SCOPE

Town information is subject to the NH Right to Know Law, NH RSA 91-A.  All Town of Fremont information is categorized into two classifications:

1. Town of Fremont Public

Town of Fremont Public information is information that has been declared public knowledge by someone with the authority to do so, and can freely be given to anyone without any possible damage to Town of Fremont and its employees. 

2. Town of Fremont Confidential

Town of Fremont Confidential contains all other information.  It is understood that some information is more sensitive than other information, and should be protected in a more secure manner.

SECTION 4: POLICY

The sensitivity guidelines below provide details on how to protect information.  Use these guidelines as a reference only.

I. Minimal Sensitivity

General Town information: some personnel information.  Marking the documents is at the discretion of the owner or custodian of the information. 

If marking is desired, the words "Town of Fremont Confidential" may be written or designated in a conspicuous place on or in the information in question.  Other labels that may be used include "Town of Fremont Proprietary" or similar labels at the discretion of your individual department.  Even if no marking is present, Town of Fremont information is presumed to be "Town of Fremont Confidential" unless expressly determined to be Town of Fremont Public information by a Town of Fremont employee with authority to do so.

Access: Town of Fremont employees, contractors, people with a business need to know.

Distribution within Town of Fremont: Standard interoffice mail, approved electronic mail and

electronic file transmission methods.

Distribution outside of Town of Fremont internal mail: US Mail and other public or private

carriers, approved electronic mail and electronic file transmission methods.

Electronic distribution: No restrictions except that it is sent to only approved recipients.

Storage: Keep from view of unauthorized people; erase whiteboards, do not leave in view on

tabletop.  Machines should be administered with security in mind.  Protect from loss; electronic

information should have individual access controls where possible and appropriate.

Disposal/Destruction: Deposit outdated paper information; electronic data should be expunged/cleared in accordance with Statute and the NH Municipal Records Retention Guidelines.  Reliably erase or physically destroy media.

Penalty for deliberate or inadvertent disclosure: Up to and including termination, possible

civil and/or criminal prosecution to the full extent of the law.

II. Most Sensitive

Most personnel information, legal information/case files, welfare information, HIPPA protected information, items restricted by the NH Right-to-Know Law (NH RSA 91-A).

Marking guidelines for information in hard-copy or electronic form.  As the sensitivity level of the information increases, you may, in addition or instead of marking the information "Town of Fremont Confidential" or "Town of Fremont Proprietary", wish to label the information "Town of Fremont Internal Use Only" or other similar labels at the discretion of your individual business unit or department to denote a more sensitive level of information.  However, marking is discretionary at all times.

Access: Town of Fremont employees and non-employees who have a business need to know.

Distribution within Town of Fremont: Standard interoffice mail, approved electronic mail and

electronic file transmission methods.

Distribution outside of Town of Fremont internal mail: Sent via U.S. mail or approved

private carriers.

Electronic distribution: No restrictions to approved recipients within Town of Fremont, but

should be encrypted or sent via a private link to approved recipients outside of Town of Fremont

premises.

Storage: Individual access controls are very highly recommended for electronic information.

Physical security is generally used, and information should be stored in a physically secured

computer.

Disposal/Destruction: Strongly encourage: Electronic data should be expunged/cleared in accordance with Statute and the NH Municipal Records Retention Guidelines.  Reliably erase or physically destroy media.

Penalty for deliberate or inadvertent disclosure: Up to and including termination, possible

civil and/or criminal prosecution to the full extent of the law.

SECTION 5:  ENFORCEMENT

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

SECTION 6:  DEFINITIONS

Terms and Definitions

Appropriate measures:  To minimize risk to Town of Fremont from an outside connection. Town of Fremont computer use by non-employees and unauthorized personnel must be restricted so that, in the event of an attempt to access Town of Fremont information, the amount of information at risk is minimized.

Configuration of Town of Fremont-to-other outside connections:  Connections shall be set up to allow other individuals to see only what they need to see.  This involves setting up both applications and network configurations to allow access to only what is necessary.

Approved Electronic File Transmission Methods:  Includes supported FTP clients and Web browsers.

Envelopes Stamped Confidential:  You are not required to use a special envelope.  Put your document(s) into an interoffice envelope, seal it, address it, and stamp it confidential.

Approved Electronic Mail:  Includes all mail systems supported by the IT Support Team.  If you have a Town need to use other mailers contact the appropriate support organization.

Company Information System Resources:  Company Information System Resources include, but are not limited to, all computers, their data and programs, as well as all paper information and any information at the Internal Use Only level and above.

Individual Access Controls:  Individual Access Controls are methods of electronically protecting files from being accessed by people other than those specifically designated by the owner.

Physical Security:  Physical security means either having actual possession of a computer at all times, or locking the computer in an unusable state to an object that is immovable.  Methods of accomplishing this include having a special key to unlock the computer so it can be used, thereby ensuring that the computer cannot be simply rebooted to get around the protection.  If it is a laptop or other portable computer, never leave it alone.  When leaving the office for the day, secure the laptop and any other sensitive material in a locked drawer or cabinet.

SECTION 7:  AMENDMENTS

This Policy may, from time to time, be amended by a majority vote of the Board of Selectmen at a regularly scheduled Board meeting.  

SECTION 8:  EFFECTIVE DATE

This Policy shall be effective upon a vote of the Board of Selectmen and shall replace any and all Information Sensitivity Policies previously enacted by the Town.   

Effective:  05 May 2011

Amended:  28 July 2011

Adopted:  Board of Selectmen    Brett A Hunter          Greta St Germain                Annmarie Scribner

Reviewed/Readopted:  21 March 2013      Board of Selectmen              

Greta St Germain                Brett A Hunter          Leon F Holmes Sr

Reviewed 03/27/2014 /Readopted: 06/12/2014      Board of Selectmen              

Brett A Hunter                  Leon F Holmes Sr        Gene Cordes

Reviewed/Readopted: 02/22/2018  Board of Selectmen              

Gene Cordes                     Neal R Janvrin          Roger A Barham


 

All Employees and Public Officials shall sign for receipt of this Policy.  Please return this page to the Selectmen’s Office at the Town Hall, 295 Main Street, Fremont NH (or by mail to PO Box 120, Fremont  NH  03044-0120) as soon as possible.  

By signing below, you indicate that you have received, read, and understand the Town of Fremont Information Sensitivity Policy as most recently amended.

 

 

_______________________________________                 _________________________

Print Name of Employee / Official                                       Date


 

_______________________________________

Signature