ESDC Network Use Directive

1. Effective Date and Annual Review

This Directive took effect on its approval by the ESDC Corporate Management Committee (CMC) on November 25, 2019. It will be reviewed annually by the Innovation, Information and Technology Branch (IITB).

2. Audience

This Directive applies to all individuals (including employees, casuals, and contractors) who have been granted access to the Employment and Social Development Canada (ESDC) electronic network.

ESDC includes Service Canada and the Labour Program, and is collectively referred to as “the Department” or “departmental".

3. Purpose

3.1 This Directive informs individuals of the intended and acceptable use of the departmental electronic network as required by the Treasury Board Secretariat (TBS) Directive on Service and Digital.

3.2 This Directive should be read in conjunction with the ESDC Portable Storage Devices Directive and the ESDC Storage of Electronic Information Directive, as well as other policies and directives related to IT security and information management (see References).

4. Basic Requirement

4.1 Individuals must use the departmental electronic network in an acceptable and responsible manner in order to safeguard the integrity of the Department and the information it manages.

4.2 The departmental electronic network includes the use of email, all information storage repositories, Internet and departmental telephones; as well as any device that can be used to connect to the network, such as desktop and laptop computers, tablets, printers, faxes, scanners, cellular phones, USB drives or any other device used to obtain, store or send information. Even when a device is not directly connected to the network it is still considered to be part of the network.

5. Detailed Requirements

5.1 Open access to the Internet is provided to enhance the way public servants work and serve Canadians. Individuals are permitted to use the departmental electronic network, including the Internet, cellular phones and smartphones, for the following purposes:

1. To fulfill work responsibilities and further the departmental mandate.
2. To pursue career development.
3. For limited personal use that is conducted on personal time.

5.2 Examples of limited personal use of the Internet that may be conducted on personal time:

• Search for information online.
• Keep up-to-date with news and current events.
• Check the weather forecast.
• Manage family-related priorities that occur from time to time during the work day.
• Communicating with health professionals.
• Check bus schedule information.
• Get directions for a trip or search for addresses and contact information.
• Make personal travel arrangements.
• Make online purchases.
• Pay bills or conduct personal banking.
• Visit social networking sites to connect with family and friends.

5.3 Examples of personal use of the departmental electronic network which are not permitted (a non-exhaustive list):

• Activities that go beyond limited personal use, such as streaming music, radio, podcasts, television, or movies, that:
  • detract from the time and attention necessary to perform one’s duties as a public servant.
  • Reduce network performance, or
  • incur any additional costs for the Department.
• Activities that interfere with the conduct of business.
• Activities that are criminal in nature and/or which otherwise contravene the ESDC code of conduct.
• Activities for intended personal financial gain.
• Viewing or sharing pornography (or any images of nudity or sexual acts).
• Viewing or sharing materials that incite hatred against identifiable groups.

5.4 Additional examples of acceptable and unacceptable use can be found in the Appendices of the TB Directive on Service and Digital.

5.5 Work information designated Protected A or Classified must not be placed on any site outside the departmental electronic network (e.g. social media, blog, wiki, translation or storage site). For more information see the Information Categorization Tool.

5.6 In all situations individuals are reminded of their duty of loyalty to the Government of Canada and as such:

• Individuals must ensure that their public statements and actions support their ability to carry out their duties; preserve impartiality and objectivity in the execution of their duties and reflect positively on the Department.
• The duty of loyalty includes a duty to refrain from public criticism of the Government of Canada, its policies, programs or officials. Note that the duty of loyalty is not absolute; it is balanced with other interests such as an individual’s freedom of expression.
• Only authorized departmental spokespersons can issue statements and make comments to the media regarding the Department’s position on any given subject.
• Individuals must not disclose any protected or classified government information unless legally authorized.
• For additional information, please refer to the departmental ESDC Code of Conduct and ESDC Handbook for the Personal and Official Use of the Internet and IntraWeb, the TB Values and Ethics Code for the Public Sector, or contact the Office of Values and Ethics.

5.7 Individuals are not permitted to install software on the desktop, including updates, plug-ins, purchases, trial versions, freeware, shareware, and open source, unless specifically authorized to do so by IITB.

5.8 The departmental electronic network is not to be used for storage of non-work related personal files. This includes employer-provided information storage repositories (e.g. the F:\drive) and the departmental devices, including desktops, laptops, USB keys, cellular phones, and smartphones. Refer to the ESDC Storage of Electronic Information Directive.

5.9 Individuals are not permitted to email work documents to or from a personal email address. If management determines that it is necessary for an employee to work away from the workplace, this must be authorized through a formal telework arrangement, or approval of VPN access, as well as the issuance of appropriate devices to support it. When individuals need to transmit their own personal information (résumé, pension information, performance agreements, etc.) to their personal email address, this is permitted. For further information regarding the transmission of email refer to the Information Categorization Tool.

5.10 Individuals must not use their government email addresses to register for sites, forums or other online venues for which the purpose is essentially personal, notwithstanding the limited personal use permitted in section 5.1 and 5.2. Where registration is required in order to access a site and its services for personal use, employees are to use a personal email address for this purpose. Sites of this nature would include (but are not limited to) discussion groups, shopping, auctions, and social media.

5.11 Individuals must not use departmental devices when outside Canada unless authorized to do so. Individuals traveling anywhere outside of Canada should consult with their respective Regional Security Officer (RSO) regarding any security measures that are prescribed by the location of their travel. Refer also to the Security Briefings for International Travel on iService.

5.12 It is forbidden to connect any device directly to the internet to conduct corporate activity, unless expressly authorized by IITB. This includes contracting with Internet service providers in order to connect a server or servers which are not managed by IITB or SSC.  This also includes any activity which “bridges” or otherwise attempts to connect an unauthorized device, wirelessly or otherwise, to the departmental electronic network.

5.13 Personal devices must not to be connected to the departmental electronic network at any time. This includes any device of any type which has not been both issued by, and expressly permitted by, IITB. This includes personal SIM cards, which must not be connected to departmental cellular phones or smartphones. However, cellular phones and smartphones (whether ESDC-issued or personal) may be plugged in to charge the battery. Refer to the ESDC Cellular and Wireless Services Directive, and the ESDC Portable Storage Devices Directive.

5.14 It is the responsibility of the individual to verify that any connection being contemplated is permitted by this directive.

6. Monitoring and Reporting

The Department monitors and reports on individuals’ activities on the departmental electronic network in order to enforce acceptable use of department resources. Cellular and wireless services are also monitored for rates of usage. Where evidence is found that network resources have been used inappropriately or without authorization it will be reported to management for investigation.

7. Consequences

7.1 Individuals will be held accountable for complying with this Directive. Failure to comply with this Directive may result in administrative and/or disciplinary measures being taken, up to and including termination of employment.

8. Enquires

Questions regarding appropriate use of the departmental electronic network or the application of this Directive should be directed to NA-ITSCOE-CEMSTI-GD@servicecanada.gc.ca.

9. References

ESDC

• Information Categorization Tool
• ESDC Code of Conduct
• ESDC Handbook for the Personal and Official Use of the Internet and IntraWeb
• The most recent versions of the following IM/IT policies can be found in iService References:
  • ESDC Cellular and Wireless Services Directive
  • ESDC Portable Storage Devices Directive
  • ESDC Privileged Desktop Access Directive
  • ESDC Storage of Electronic Information Directive

Treasury Board Secretariat

• TB Directive on Department Security Management (2009)
• TB Policy on Government Security (2019)
• TB Policy on Service and Digital (2019)
• TB Directive on Service and Digital (2019)