Social Media Policy
Date Issued: November 1, 2010
Date Effective: November 1, 2010
1. Agencies are required to receive approval of DOIT’s Security Unit prior to launching a social media website or creating a social media account for State use. The approval request shall come from the Commissioner or agency head, and shall include documentation of the following:
- Business purpose of the proposed site or account;
- Name and position description of the individual who will manage the site or account;
- Description of the material which will be posted to the site or account;
- Description of the risks associated with the site or account and the agency’s risk mitigation efforts.
2. Agencies are responsible for managing their use, retention, and disposal of public records associated with social media sites as specified in the State Library’s State Agencies’ Records Retention/Disposition Schedules.
3. Agencies are required to limit Internet access to social media websites according to the State’s Acceptable Use Policy. The only acceptable use of social media sites is for official use on behalf of the State.
4. Agencies shall develop procedures and conduct employee awareness and training programs to ensure compliance with this policy.
5. DOIT and the agencies must obtain a formal acknowledgement from users indicating they understand, and agree to abide by, this policy.
6. DOIT and the agencies shall adhere to this policy and the associated Guidelines; a user’s failure to do so may result in disciplinary action up to, and including, dismissal.
7. If an agency’s inappropriate use of social media poses a risk to the State’s information technology infrastructure, DOIT may use its authority to suspend the agency’s use at any time.
8. Users shall connect to, and exchange information with, only those social media websites that have been authorized by agency management in accordance with the requirements within this and other agency and State policies.
9. Users shall not post or release proprietary, confidential or restricted State data including, but not limited to, personally identifiable information that is not in the public domain and, if improperly disclosed, could be used to steal an individual’s identity, violate the individual’s right to privacy, or otherwise harm the individual.
10. Users who connect to social media websites through State systems provided at the State’s expense must use the systems solely to conduct the State’s business. Such system usage must be in conformance with applicable federal and State laws, this policy and an agency’s policies and procedures.
11. System usage for social media must be in accordance with each user’s job duties and responsibilities as they relate to the user’s position with the State of
12. Users must identify themselves clearly and accurately in all electronic communications. Concealing or misrepresenting the individual’s name or affiliation is a serious violation of this policy. Any use of other individuals’ identifiers as the user’s own, including, but not limited to, using a computer Logon ID other than the individual User ID authorized, constitutes a violation of this policy. Individuals may not provide their passwords or logon IDs to others.
13. Users must follow DOIT’s applicable guidelines when creating a social media account or website for State use.
14. All content, including, but not limited to, comments and postings on a State agency’s web page, relating to the conduct of the public’s business, are public records, pursuant to CGS §1-200(5). As such, comments and postings must be retained for the minimum retention period as listed on the Connecticut State Library’s State Agencies’ Records Retention/Disposition Schedules.
15. In accordance with General Letter 2009-2, Management and Retention of Email and Other Electronic Messages, a public record may not be destroyed if any litigation, litigation hold notice (LHN), preservation order, claim, audit, Freedom of Information (FOI) request, administrative review, or other action involving the record is initiated before the record has been disposed of, even if its retention period has expired. The public record must be retained until the completion of the action and the resolution of all issues that arise from the action. Agencies’ users must preserve such public records.
16. In the event a LHN or order related to social media networking exists or is anticipated, then such LHN or order shall supersede the minimum retention period as listed on the Connecticut State Library’s State Agencies’ Records Retention/Disposition Schedules, until released by the Attorney General.
17. The unauthorized destruction, removal, alteration, or use of public records is prohibited, pursuant to Conn. Gen. Stat. §53-153b and §1 240. Agencies must request permission from the State Library to destroy public records after the minimum retention period has passed, pursuant to Conn. Gen. Stat. §11-8a`and §7-109.
other relevant data, that may be or are anticipated to be required in an upcoming legal
proceeding. The agency and employees have an ongoing duty to preserve this relevant data until the Attorney General’s Office issues a release.
a “public record” means any recorded data or information relating to the conduct of the public's business prepared, owned, used, received or retained by a public agency or to which a public agency is entitled to receive a copy by law or contract under section 1-218, whether such data or information be handwritten, typed, tape-recorded, printed, photostated, photographed or recorded by any other method. In addition, pursuant to Conn. Gen. Stat. §4d-33, "public record" also includes records of contractors or subcontractors.