Add to collection(s) Add to saved
  1. Social Science
  2. Law

Viad Corp Technology Use Policy

Viad Corp
Technology Use Policy
Technology Use Policy
1. PURPOSE .................................................................................................................. 3
Definitions .................................................................................................................. 3
2. USE OF TECHNOLOGY ............................................................................................ 5
No Expectation of Privacy. ......................................................................................... 5
Waiver of Privacy Rights ............................................................................................ 5
Intended Use. ............................................................................................................ 5
Personal Use. ............................................................................................................ 5
Ownership .................................................................................................................. 5
Duty to Report Inappropriate or Prohibited Uses of Company Technology and
Electronic Communications. ................................................................................. 6
3. USING TECHNOLOGY FOR ELECTRONIC COMMUNICATIONS .......................... 6
Electronic Communications ....................................................................................... 6
The Internet ............................................................................................................... 7
Social Media and Blogging Activities. ........................................................................ 7
Instant Messaging. ..................................................................................................... 9
Text Messaging.......................................................................................................... 9
Other Methods of Electronic Communication. .......................................................... 10
4. RETENTION OF ELECTRONIC COMMUNICATIONS ............................................ 10
E-Mail Retention. ..................................................................................................... 10
Retention of E-Mail Attachments and Electronic Documents. .................................. 11
Retention of Other Forms of Electronic Communication .......................................... 11
Retention in the Event of Dispute, Litigation, Subpoena, or Inquiry. ........................ 11
Back-Up. .................................................................................................................. 11
5. APPROPRIATE AND INAPPROPRIATE USES OF TECHNOLOGY ..................... 11
Appropriate Uses ..................................................................................................... 11
Inappropriate Uses................................................................................................... 11
6. SPECIAL RULES FOR CONFIDENTIAL INFORMATION IN ELECTRONIC
COMMUNICATIONS ............................................................................................... 12
Definition of Confidential Information, Sensitive Confidential Information and Material
Non-Public Information ....................................................................................... 12
Use of Confidential Information. ............................................................................... 12
7. SECURITY AND PROTECTION OF CUSTOMER’S PAYMENT CARD
INFORMATION........................................................................................................ 13
8. SECURITY AND PROTECTION OF PERSONALLY IDENTIFIABLE
INFORMATION........................................................................................................ 13
Revised
11/21/13
Technology Use Policy
9. USE OF NON-COMPANY OWNED TECHNOLOGY DEVICES .............................. 13
10. USER IDS AND PASSWORDS .............................................................................. 14
11. VIRUSES ................................................................................................................ 14
Virus Detection......................................................................................................... 14
E-Mail Attachments .................................................................................................. 14
12. VIOLATIONS AND REPORTING VIOLATIONS..................................................... 15
Violations ................................................................................................................. 15
Reporting Violations. ................................................................................................ 15
13. OTHER POLICIES APPLY ..................................................................................... 15
Amendments and Revisions .................................................................................... 15
14. EXCEPTIONS TO THE POLICY ............................................................................. 15
15. OTHER REQUIREMENTS ...................................................................................... 15
Confidentiality Notices on E-Mails............................................................................ 15
Use of Encryption Software ..................................................................................... 16
Export Restrictions ................................................................................................... 16
File Sizes ................................................................................................................. 16
Where to go for help:
If you need assistance with any technical information included in this document,
or if you have additional questions, contact your manager or the head of Information Technology
or the Law Department.
Internal Use Only
Copyright © 2007-2013 Viad Corp. All rights reserved.
No part of this document may be reproduced without written permission of Viad Corp.
Revised
11/21/13
Technology Use Policy
1. PURPOSE
This policy provides rules and guidelines which govern the use of technology and electronic
communication. This policy is applicable to employees, agents, contract personnel and consultants, and
other authorized users (collectively and individually “personnel”) within Viad Corp and its subsidiaries and
affiliates (collectively and individually the “Company").
This policy supersedes all other Company policies with regard to accessing, retaining, monitoring,
disclosing, and properly using Company technology and electronic communications.
Definitions
The following definitions are used throughout, whether capitalized or not:
“.PST” is the file extension used for the personal folder files associated with Microsoft Outlook. Personal
folders in Microsoft Outlook are used to store e-mail messages outside of the user’s mailbox.
“Blog” is typically a website or news feed in which entries are posted on a regular basis, typically by an
individual person. Blogs are typically public forums potentially viewed worldwide that can be easily and
quickly created. Postings to a blog and contents of blogs are generally not retained on a user’s computer
but are maintained on the servers controlled by the blogging website or other service providers.
“Cardholder data” is any personally identifiable data associated with a cardholder. This could be an
account number, expiration date, name, address, social security number, CVV/CVC code, etc. All
personally identifiable information associated with the cardholder that is stored, processed, or transmitted
is also considered cardholder data.
"Confidential Information" generally means all Company information that has not been disclosed to the
public through authorized channels of the Company. There are two subsets of Confidential Information
that require heightened security and must be treated with the greatest of care by employees, independent
contractors, agents, contract personnel and consultants of the Company. Those two subsets include the
following:
(1) "Sensitive Confidential Information" means Confidential Information that, if divulged, could
compromise the Company or its employees, officers, directors, customers, suppliers or
associates (e.g. harm the Company's image, potentially result in litigation against the Company,
or put the Company at a competitive disadvantage), or could adversely affect the Company's
operations or customer service. Such information may include: potential and actual customer and
supplier lists and information; payroll data; employee information; financial data, customer credit
data; executive correspondence; and certain legal and regulatory information.
(2) "Material Non-Public Information" means Confidential Information that a reasonable
investor would consider important in arriving at a decision to buy, sell or hold Company stock.
Examples include dividend increases or decreases, earnings estimates, changes in previously
announced earnings estimates, expansion or curtailment of operations, a merger or acquisition
proposal or agreement, new products, unusual borrowings or securities offerings, major litigation,
extraordinary management developments, or purchases or sales of substantial assets of the
Company.
“E-mail” is an electronic mail message and/or a file attachment to an e-mail message that is generated
from or received by any e-mail application over the Internet or over the Company’s internal e-mail system.
“Electronic communication” is communication that occurs through the use of electronic hardware.
Electronic communication occurs via e-mail, the Internet, blogs including social media sites, message
boards, instant messaging, texting, etc.
Revised
11/21/13
3
Technology Use Policy
“Instant Messaging” or “IM” is essentially a conversation on a computer screen. The user creates an
account through an IM provider (e.g. Yahoo Messenger, MSN Messenger, Google Chat, AOL
Messenger) and then adds the names of contacts with similar IM accounts to an address-type book. This
enables the IM user to know when contacts are online and to initiate an online conversation with them.
Some IM programs allow the user to save a conversation; saved conversations may be stored on the IM
provider’s server, the user’s computer, or in the case of a Company-provided IM program (such as Office
Communicator and LivePerson), a Company server.
“Internet” is a worldwide network of connected computers that permits the transfer and sharing of
information, graphics, files, etc. It includes, but is not limited to:
•
World Wide Web
•
File Transfer Protocol (FTP), Newsgroups (Usenet) or Telnet
•
Bulletin board systems, chatrooms, blogs, electronic message boards, discussion groups, instant
messaging
•
Collaboration technology
•
E-commerce activities
•
Local area network or wide area network applications that may access or be accessed through
the Internet
“Law Department” refers to the Viad Corp Law Department.
“Outlook data” consists of information in the e-mail, calendar, contacts, tasks, notes and journal features
of the Microsoft Outlook program.
“PCI DSS” means Payment Card Industry Data Security Standard, and refers to a set of requirements
adopted by the payment brands (VISA and Mastercard) designed to ensure that all companies and
merchants that process, store or transmit credit card or debit card information maintain a secure
environment.
“PII” means personally identifiable information. This could include an employee’s, customer’s, or
vendor’s first and last name or first initial and last name, coupled with any additional information that
could lead to the identification of that particular individual including, without limitation: date of birth; social
security number; driver’s license number or any state-issued identification card number; and financial
account number, or credit or debit card number. Personally identifiable information is often contained in
personnel files, employment applications, credit applications, medical records and reports, background
check results, etc. In countries outside of the United States, PII may include a person’s race, ethnic
origin, political affiliations, trade union association, sexual orientation, religious or philosophical beliefs,
etc.
“Social Media” refers to social networking sites available via the Internet such as YouTube, Four
Square, Facebook, LinkedIn and Twitter. Companies often use social media sites for marketing their
goods and services to the public.
“Technology” is the application and use of tools and methods, machines and systems. Technology
includes devices and programs (e.g. personal computers, laptops, tablet devices, data storage devices,
cell phones, smart phones, software) that are used to process information, store data and communicate.
“Text Messages” or “Texting” is essentially a chain of conversations using your mobile phone; it is a
service feature (i.e. SMS messages) that must be enabled through the wireless service provider. Text
messages create unsecured records of the information being sent and are difficult to monitor and capture.
Revised
11/21/13
4
Technology Use Policy
2. USE OF TECHNOLOGY
The following statements apply equally to all Company-related electronic communication that occurs
through e-mails, the Internet, blogs, message boards, instant messaging, text messaging and social
media sites using devices such as personal computers, laptops, cell phones, smart phones and tablet
devices.
No Expectation of Privacy. The Company monitors use of Company technology systems, including
ongoing and random audits of all employee e-mail boxes, Internet usage including blogs and social media
sites, texting and instant messaging. The computers and other technology devices and related computer
or access accounts assigned to you are to assist in the performance of your job. You should not have an
expectation of privacy in anything (including internal and external e-mails) you create, store, send or
receive on the computer system or other technology devices (including cell phones, smart phones and
tablet devices) and all information transmitted or received may be captured through the internal
processing of the computer system or other technology devices. Employee-created passwords, whether
created for internal or external e-mails or for other access accounts, are not an indicator of personal
privacy. The computer system and other technology devices belong to the Company and your use of the
computer system and other Company owned or provided technology may be monitored. The Company
reserves the right to authorize random or specific reviews of user files to ensure compliance with this
policy, in accordance with applicable laws.
Waiver of Privacy Rights. Users expressly waive any right of privacy in anything they create, store,
send, or receive on the computer, other technology devices (including cell phones, smart phones and
tablet devices), or through the Internet or any other computer network. Users understand and consent to
the Company’s use of human or automated means to monitor use of its computer systems and other
technology resources. System administrators may change, bypass or disable a password or other
security mechanisms applicable to the Company technology systems at any time without permission or
advance notice to the user.
Intended Use. You may be given a computer or other technology devices for use in your job with the
Company. Use of personal technology devices like home computers for Company business is prohibited
(except for Outlook Web Access and Terminal Services) unless specifically authorized by your manager,
the Law Department and the head of Information Technology. Company data should not be sent to,
forwarded to, or reside on non-Company owned devices unless specifically authorized by your manager,
the Law Department and the head of Information Technology. The Company's technology is to be used
primarily for legitimate business purposes of the Company. Use of Company technology is limited to
Company employees and authorized persons and is intended for those activities that are related to
Company business.
Personal Use. Limited personal use of Company-owned computers and other technology devices
(including cell phones, smart phones and tablet devices) is allowed if each such use is (a) in compliance
with this policy and (b) reasonable in amount and does not interfere with work performance or business
needs. Excessive or unauthorized use of Company technology systems or Company-owned computers
and other technology devices is a violation of this policy and may result in disciplinary action up to and
including termination.
Ownership. All Company owned and issued technology devices, including without limitation computers,
laptops, cell phones, smart phones, and tablet devices, Company-associated social networking sites
including without limitation websites, YouTube videos, Facebook pages, Twitter accounts, LinkedIn
profiles, and blogs, and all information and any messages or communication that are created, sent,
received or stored on the Company's devices, social media or through the use of the Company’s
technology are the sole property of the Company and are not the property of the employee or other
persons.
Revised
11/21/13
5
Technology Use Policy
Duty to Report Inappropriate or Prohibited Uses of Company Technology and Electronic
Communications. All personnel have a duty to report prohibited uses of Company technology and
electronic communications. All reports may be made in person, in writing or by phone. You may inform
the head of Information Technology (if related to sending, receiving or viewing inappropriate material),
your manager, the Company’s Compliance Officer, an executive officer, Human Resources or the Law
Department. You may also use the confidential, toll-free Always Honest Hotline at 1-800-443-4113.
3. USING TECHNOLOGY FOR ELECTRONIC COMMUNICATIONS
Electronic Communications (including e-mails, the Internet, blogs, message boards, instant
messaging, texting and social media sites). Electronic communications must be treated as seriously
as other written communications, such as letters and faxes. All electronic communication messages must
be professional, courteous, and consistent with the Company's policies of ethical conduct, compliance
with applicable laws, and proper business practice. The sender of an electronic communication must be
able to justify the content of his or her electronic communications.
Before sending an electronic communication, the sender is responsible for considering whether an
electronic communication is the appropriate means of communication. Situations where electronic
communications can be inappropriate include communications:
•
of complex issues or concepts;
•
of a confidential or sensitive nature (see Section 6 below);
•
of messages having a meaning that is sensitive to tone and interpretation (e.g. sarcasm);
•
about an individual; and
•
to resolve a disagreement.
Electronic communications lack the advantages of body language and intonation, which are present in
face-to-face communications. You may inadvertently put the wrong message across. Sarcasm and
humor in an electronic communication, for example, may not be conveyed properly or may be interpreted
by the reader inconsistently with your intent. Remember that once a message is sent, it cannot be
recalled, so take care when sending messages in the “heat of the moment.”
Examples of prohibited electronic communication include, but are not limited to:
•
Sending, accessing, browsing, sharing, downloading, or storing any electronic communication or
other material of an insensitive, fraudulent, racially offensive, defamatory, discriminatory,
obscene, sexual or harassing nature or otherwise unlawful.
•
Sending or sharing electronic communications which disparage or are harmful to the Company or
which show the Company in an unprofessional light.
•
Unauthorized sharing of critical or confidential business information belonging to the Company or
other third parties including the Company’s partners, competitors, customers and clients.
•
Unauthorized use of trademarks, trade names, trade secrets, logos, copyrighted materials and
other intellectual property belonging to the Company or other third parties including the
Company’s partners, competitors, customers and clients; this includes use on your social media
sites like Facebook.
•
Disseminating or storing commercial or personal advertisements, solicitations, promotions,
destructive programs (that is, virus, self-replicating, or other harmful or productivity-reducing
code), political information, or any other unauthorized material.
•
Wasting computer resources by, among other things, sending non-Company related mass
communications, personal chain letters, forwarding and circulating jokes and cartoons, etc.
Revised
11/21/13
6
Technology Use Policy
•
Automatically forwarding messages from your Company-issued mailbox to another mailbox
without approval by your manager, the Law Department and the head of Information Technology.
•
Forwarding an e-mail, e-mail attachment or other electronic communication from the Company’s
attorneys that is reasonably intended to be protected by the attorney-client privilege without the
attorney’s express permission.
•
Altering the "From" line, header information or other attribution-of-origin information in an
electronic communication.
•
Sending electronic communications under anonymous or pseudonymous names, or otherwise
disguising the identity of the message sender. Users must identify themselves honestly and
accurately when sending electronic communications.
Note: E-mails sent by designees of another e-mail user (e.g. sent “On behalf of…”) are permitted
when used for legitimate business purposes and when authorized.
Violations of these prohibitions may result in disciplinary action up to and including termination.
Users may not alter an electronic communication belonging to another user without first obtaining
permission from the owner of the message. Ability to read or alter an electronic communication belonging
to another user does not imply permission to read or alter that message. Users may not use the system
to “snoop” or pry into the affairs of other users by unnecessarily reviewing their electronic
communications.
Electronic communications must not be downloaded to, stored, originated from or read on personally
owned cell phones, smart phones, tablet devices or other handheld devices unless the device and the
activity is authorized by your manager, the Law Department and the head of Information Technology.
Personally owned devices shall adhere to Company security standards including the establishment and
use of a password.
Access to accounts for employees and other personnel leaving the Company will be made available to
the appropriate manager or his/her designee for a limited period of time. Managers should follow the
Company’s procedures for termination of employees and other personnel. Information Technology will
initiate the account access process with the appropriate personnel once they have been notified of the
departure.
The Internet. You may be provided with access to the Internet to assist in performing your job and
furthering the Company’s business interests. The Internet can be a valuable source of information and
research. Use of the Internet, however, must be tempered with common sense and good judgment.
Material that is fraudulent, harassing, embarrassing, sexually explicit, profane, obscene, intimidating,
defamatory, or otherwise unlawful or inappropriate may not be accessed from the Internet and displayed
on or stored in the Company’s computers or other technology devices. If you encounter or receive this
kind of material, immediately disconnect and report the incident to the head of Information Technology
and your manager immediately.
You are cautioned that the Internet contains information that may be offensive, sexually explicit, or
otherwise inappropriate. The Company is not responsible for material viewed or downloaded by users
from the Internet.
Social Media and Blogging Activities. We understand that social media can be a fun and rewarding
way to share your life and opinions with family, friends and co-workers around the world. However, use
of social media also presents certain risks and carries with it certain responsibilities. To assist you in
making responsible decisions about your use of social media, we have established these guidelines for
appropriate use of social media.
Revised
11/21/13
7
Technology Use Policy
In the rapidly expanding world of electronic communication, social media can mean many things. Social
media includes all means of communicating or posting information or content of any sort on the Internet,
including to your own or someone else’s website or blog, journal or diary, personal web site, social
networking or affinity web site, web bulletin board or a chat room, whether or not associated or affiliated
with the Company, as well as any other form of electronic communication. The same principles and
guidelines found in Company workplace and technology policies apply to your activities online.
Ultimately, you are solely responsible for what you post online. Before creating online content including
posts, tweets and YouTube videos, consider some of the risks and rewards that may be involved. Keep
in mind that any of your conduct, including conduct during non-work hours, that adversely affects your job
performance, the performance of your fellow employees or otherwise adversely affects clients, customers,
suppliers, people who work on behalf of the Company, or the Company’s legitimate business interests
may result in disciplinary action up to and including termination.
Carefully read the Company’s Code of Ethics and other applicable policies, including without limitation
those policies regarding harassment and discrimination and those policies and guidelines in the Always
Honest Compliance & Ethics Manual, and ensure your postings are consistent with and do not violate
those policies. Inappropriate postings that may include discriminatory remarks, harassment, and threats
of violence or similar inappropriate or unlawful conduct will not be tolerated and may subject you to
disciplinary action up to and including termination.
Be respectful, and always be fair and courteous to fellow employees, customers, members, suppliers or
people who work on behalf of the Company. Also, keep in mind that you are more likely to resolve workrelated complaints by speaking directly with your manager, co-workers or by utilizing our Always Honest
Hotline than by posting complaints to a social media outlet. Nevertheless, if you decide to post
complaints or criticism about the Company, fellow employees, customers, members, suppliers or people
who work on behalf of the Company, avoid using statements, photographs, video or audio that
reasonably could be viewed as malicious, obscene, threatening or intimidating, that disparage your fellow
employees, customers, clients, vendors or suppliers, or that might constitute harassment or bullying.
Examples of such conduct might include offensive posts meant to intentionally harm someone’s
reputation or posts that could contribute to a hostile work environment on the basis of race, sex, disability,
religion or any other status protected by law or company policy.
Be honest and accurate when posting information or news, and if you make a mistake, correct it quickly.
Be open about any previous posts you have altered. Remember that the Internet archives almost
everything; therefore, even deleted postings can be searched. Never post any information or rumors that
you know to be false about the Company or any of its subsidiaries or affiliates, fellow employees, clients,
customers, vendor, suppliers, people working on behalf of the Company or our competitors.
Post only appropriate and respectful content, subject to the following:
•
Maintain the confidentiality of our trade secrets and private or confidential information including
sensitive confidential information and material non-public information. Trade secrets may include
information regarding the development of systems, processes, products, know-how and
technology. Do not post internal reports, policies, procedures or other internal business-related
confidential communications.
•
Respect financial disclosure laws. It is illegal to communicate or give a “tip” on inside information,
or any other forward-looking or material non-public information, to others so that they may buy or
sell stocks or securities. Such conduct may also violate our financial information policies.
Posting confidential, sensitive or material non-public information a reasonable investor would
consider important in arriving at a decision to buy, sell or hold our stock could get you and us in
legal trouble, even if it is your own personal view or speculation. We may, from time to time, ask
you to discontinue posting about us or certain Company-related matters for a period of time if and
when it appears that such activity may violate certain legal or regulatory provisions the Company
must observe.
Revised
11/21/13
8
Technology Use Policy
•
Do not create a link from your blog, website or other social networking site to a Company website
without identifying yourself as an employee of the Company or one of its affiliates. You may not
propose or conduct any business on behalf of the Company using your personal social media
posts or blogs.
•
Express only your personal opinions. You are personally responsible for your own posts. Never
represent yourself as a spokesperson for the Company. If one of our affiliates is a subject of the
content you are creating, be clear and open about the fact that you are an employee and make it
clear that your views do not represent those of the Company, the affiliate, your fellow employees,
clients, customers, vendors, suppliers or people working on behalf of the Company. If you do
publish a blog or post online related to the work you do or subjects associated with the Company,
make it clear that you are not speaking on behalf of us. It is best to include a disclaimer such as
“The postings on this site are my own and do not necessarily reflect the views of Viad Corp or any
of its subsidiaries or affiliates.”
Refrain from using social media while on work time or on technology we provide, unless it is work-related,
posted to a Company-authorized site and consistent with the Technology Use Policy. Do not use any
Company email address or any other company-provided or related email address to register on social
networks, blogs or other online tools utilized for personal use. You must be authorized in advance to
participate in social media activities or blogging on behalf of or in the Company’s name, and to
use your Company-assigned e-mail address in conjunction with those activities. Remember all
Company-associated social networking sites, and their content, are owned by the Company, not you even
if you use your Company-assigned e-mail address to administer the site or post to the site. You may not
associate your Company-assigned e-mail address with your personal social media postings or blogs.
Retaliation is prohibited. We prohibit taking negative action against any personnel for reporting a possible
deviation from this policy or for cooperating in an investigation. Any Company personnel who retaliates
against anyone for reporting a possible deviation from this policy or for cooperating in an investigation will
be subject to disciplinary action, up to and including termination.
Company personnel should not speak to the media on the Company’s behalf without contacting the
Marketing or Communications Departments. All media inquiries should be directed to them. If you have
questions or need further guidance, please contact Human Resources, the Law Department or
Information Technology. When in doubt about any posting or other social media or blogging activity,
please ask first.
Instant Messaging. While IM resembles the casualness of a conversation, you do not have the ability to
hear the tone of the other speaker’s voice. Care should be taken to convey messages that are clear and
concise to avoid misunderstandings. IM acronyms, slang and abbreviations should be avoided unless
verifiably well known by the users of IM.
It is strictly prohibited to IM about financial data and other matters relating to internal controls.
The Company supported standard for IM client software is the use of Microsoft OCS. Downloading and/or
installing any other IM client software (including that software provided by IM service providers like Yahoo
Messenger, MSN Messenger, Google Chat and AOL Messenger) is prohibited.
Logging or capturing and saving IM discussions is prohibited unless specifically authorized by your
manager, the head of Information Technology and the Law Department.
Instant messaging on Company time should be limited to legitimate Company business.
Text Messaging. Text messaging creates a permanent and ongoing chain of communication between
mobile phone users. This chain of communication is difficult for the Company to monitor and imposes
significant burdens on the administration of the records created by texting. Texting creates an unsecure
record of the information being sent. In order to protect the sensitive and confidential information of the
Revised
11/21/13
9
Technology Use Policy
Company and its customers, the use of text messaging to negotiate business, resolve significant
business issues or for other material business purposes is prohibited; an e-mail or telephone call should
be used instead. This restriction applies to both Company-issued mobile phones as well as personal
mobile phones.
Text messaging is not the same as instant messaging. The prohibition against texting a Company
employee or customer regarding a significant or material business matter does not apply to the
transmission of Company information between or among one or more users of the Company’s IM
software.
Text messaging while driving is unsafe, imperils the safety of others and is illegal in many states,
provinces and localities. No text message is important enough to endanger yourself or others.
Other Methods of Electronic Communication. The general principles and policies stated above are
applicable to all forms of electronic communication and methods of technology use. In addition to those
specific forms and methods listed above, these principles and policies are applicable to message boards,
chat rooms, discussion groups, text messaging, etc.
4. RETENTION OF ELECTRONIC COMMUNICATIONS
E-Mail Retention. E-mails sent or received should be deleted promptly from your mailbox after reading
and acting upon them, and the e-mail must be deleted from your mailbox when it no longer has business
or administrative value.
Regardless of its stored form (e.g. electronic, in a .PST file, hard copy, etc.), no e-mail should be retained
for more than one year unless the e-mail continues to have legitimate business and administrative value.
E-mails that have legitimate business or administrative value are those that:
•
provide relevant and material information on active and ongoing projects, proposals or contract
management activities relating to how or why significant business decisions were made, what the
intent or purpose of a business decision, transaction or relationship is, or who was involved in the
decision making process;
•
directly relate to completed and closed projects, proposals or contract management activities that
are known to be recurring and in which the retention of significant and material records in
electronic form is considered essential to the successful renewal of the activity;
•
relate to legal, employment or regulatory issues, disputes, concerns or matters; and
•
have been deemed to be an exception to this policy in accordance with Section 14.
Regardless of its stored form, you must be able to justify the need to retain any e-mail sent or received
that is more than one year old.
E-mails must not be downloaded or electronically stored to CDs, thumb drives, other handheld devices or
portable data storage devices including cell phones, smart phones, tablets, etc. unless the device and the
downloading is authorized by your manager and the head of Information Technology. Personally owned
devices shall adhere to Company security standards including the establishment and use of passwords.
The foregoing deletion requirement does not apply when prohibited by law or when written instructions
are issued by the Law Department or when a written exception has been granted or issued.
Use of .PST files as an e-mail retention storage solution is strongly discouraged. Use of .PST files is
limited to those with a legitimate business reason and who have been specifically authorized by their
manager and the head of Information Technology.
Revised
11/21/13
10
Technology Use Policy
Retention of E-Mail Attachments and Electronic Documents. Most e-mail attachments are electronic
documents or records like word processing documents, spreadsheets and digital images. The Company’s
Records Management Policy applies to electronic documents and records as well as those documents
and records contained in more traditional forms like paper, microfilm and microfiche. It is the content of
the document or record that determines its retention period, not the form or format that the document or
record is contained in. Each user is responsible for correctly identifying and complying with any applicable
retention period for electronic documents and records. Refer to the Company’s Records Management
Policy for specific retention periods.
Retention of Other Forms of Electronic Communication. Unless otherwise specified, all other forms
of electronic communication should be deleted when they no longer have business or administrative
value. This includes instant messages, blogs and social media posts.
Retention in the Event of Dispute, Litigation, Subpoena, or Inquiry. In the event of any litigation,
subpoena, regulatory inquiry, criminal proceeding, or the like, Company personnel are prohibited from
altering, mutilating, concealing, deleting, discarding, or destroying any communication, including e-mails,
or any documents, whether created or stored electronically or not, relating in any way to the litigation,
subpoena, regulatory inquiry, criminal proceeding, or the like.
The Law Department will notify you of pending or threatened litigation or other legal proceedings, and
advise you of your retention obligations. The Law Department will also notify you when deletion of such
communications is permitted.
Back-Up. Backup tapes are used for disaster recovery only. The Company deletes and/or writes-over
backup tapes of electronic information stored on the Company network in accordance with Information
Technology policy and standards. E-mail backup tapes must be deleted or overwritten on a maximum 2
week cycle. Backup tapes for other data stored on the Company network must be deleted or overwritten
on a maximum 12 week cycle. Archival of backup tapes is prohibited unless required for legal or
regulatory purposes.
5. APPROPRIATE AND INAPPROPRIATE USES OF TECHNOLOGY
Appropriate Uses. Appropriate use of Company-provided technology includes:
•
Communicating with business clients and coworkers
•
Conducting business research
•
Taking training courses
•
Tracking packages or shipments
•
Conducting business intelligence
•
Obtaining directions, maps, activities, or other information directly related to the performance of
your job
Inappropriate Uses. Inappropriate use of Company-provided technology includes, but is not limited to:
•
Accessing adult-oriented information
•
Sending, receiving, or storing information or images that are prohibited by law
•
Knowingly introducing a virus or other destructive file, gained from the Internet, into the Company
network
•
Downloading, for personal use, music (e.g. MP3, WMA, WAV, etc.), audio or video files, games,
programs or other software
Revised
11/21/13
11
Technology Use Policy
If users abuse their use of technology or forms of electronic communication, access may be revoked and
they may be subject to disciplinary action, including possible termination of employment, cancellation of
contract, and/or civil and criminal liability.
Except as noted above, anonymous or pseudonymous electronic communications are prohibited.
6.
SPECIAL RULES FOR
COMMUNICATIONS
CONFIDENTIAL
INFORMATION
IN
ELECTRONIC
Definitions: "Confidential Information" generally means all Company information that has not been
disclosed to the public through authorized channels of the Company. There are two subsets of
Confidential Information that require heightened security and must be treated with the greatest of care by
employees, independent contractors, agents, contract personnel and consultants of the Company. Those
two subsets include the following:
(1) "Sensitive Confidential Information" means Confidential Information that, if divulged, could
compromise the Company or its employees, officers, directors, customers, suppliers or associates (e.g.
harm the Company's image, potentially result in litigation against the Company, or put the Company at a
competitive disadvantage), or could adversely affect the Company's operations or customer service. Such
information may include: potential and actual customer and supplier lists and information; payroll data;
employee information; financial data, customer credit data; executive correspondence; and certain legal
and regulatory information.
(2) "Material Non-Public Information" means Confidential Information that a reasonable investor would
consider important in arriving at a decision to buy, sell or hold Company stock. Examples include
dividend increases or decreases, earnings estimates, changes in previously announced earnings
estimates, expansion or curtailment of operations, a merger or acquisition proposal or agreement, new
products, unusual borrowings or securities offerings, major litigation, extraordinary management
developments, or purchases or sales of substantial assets of the Company.
Use of Confidential Information. All Confidential Information must be used solely for proper Company
purposes and must never be distributed by electronic communication or through technology use to
unauthorized persons or used for furthering private interests. The individual who creates electronic
communication is responsible for ensuring that all recipients of the communication are authorized to
access the type of information contained within the communication and any attachments. When unsure
about who is authorized to access a certain type of information, the individual initiating the electronic
communication must check with an appropriate manager.
Sensitive Confidential Information and Material Non-Public Confidential Information should not be placed
directly in electronic communications being transmitted to persons outside of the Company or stored on a
laptop or portable electronic storage media device unless the communication is encrypted, utilizes a
comparable security device, or the communication is placed in a password-protected document. If a
password-protected document is used, it should be attached to the electronic communication, and only
the sender and the user are permitted to know the password to open the document. The password must
be conveyed separately from the electronic communication containing the password-protected document
and in a method other than by electronic communication. Contact the Global Service Desk for assistance
with password protection issues.
Sending an e-mail or e-mail attachment or other electronic communication containing Sensitive
Confidential Information or Material Non-Public Confidential Information to a person's personal e-mail
address or personal computer, laptop, portable electronic storage media device, or other electronic
device is strictly prohibited unless authorized by the Law Department. Accessing e-mail or e-mail
attachments or other electronic communication containing Sensitive Confidential Information and/or
Material Non-Public Confidential Information on a personal computer, laptop or electronic device that is
not Company-provided is prohibited, unless appropriate security measures are used as issued and
Revised
11/21/13
12
Technology Use Policy
authorized by the Law Department and the head of Information Technology.
Confidential Information including financial information should never be divulged in a social media post,
blog, message board, chat room, discussion group or through IM or text messaging.
7. SECURITY AND PROTECTION OF CUSTOMER’S PAYMENT CARD INFORMATION
Company personnel who handle or have access to a customer’s credit card or debit card information
must protect that information in accordance with the Company’s established PCI DSS policy, including
without limitation:
•
Restricting access to cardholder data to those with a business need to know
•
Restricting access to the physical cardholder data
•
Entering cardholder data into approved business applications only, and only in the input fields
clearly marked for card information
•
Securing any paperwork containing cardholder data in a safe location, and shredding the
paperwork when the transaction is processed
•
Using only Company-approved methods of transporting and transmitting cardholder data;
cardholder data, in particular full card numbers, should not be transported via laptops, portable
electronic storage media devices, or other electronic devices including smart phones and should
not be transmitted via email, email attachments, instant messaging, chat or other similar tools
•
Reporting any known or suspected security breaches to your manager and the head of
Information Technology immediately
•
Refrain from using cardholder data without prior authorization from the customer.
8. SECURITY AND PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION
Company personnel who handle or have access to personally identifiable information or PII of customers,
vendors, suppliers and fellow Company personnel must protect that information in accordance with the
Company’s established policies, including without limitation:
•
Restricting access to PII to those with a business need to know
•
Restricting access to the physical personal data, including personnel files, employment
applications, credit applications, customer/client files, medical records and reports, etc.
•
Entering PII into approved business applications only, and only in the input fields clearly marked
for such information
•
Securing any paperwork containing PII in a safe location
•
Using only Company-approved methods of transporting and transmitting PII; PII should not be
transported via laptops, portable electronic storage media devices, or other electronic devices
including smart phones and should not be transmitted via email, email attachments, instant
messaging, chat or other similar tools unless the data is encrypted or otherwise protected from
unintentional disclosure
•
Reporting any known or suspected security breaches to your manager and the head of
Information Technology immediately
9. USE OF NON-COMPANY OWNED TECHNOLOGY DEVICES
Company personnel may use personal (non-Company owned) technology devices like home computers,
laptops, cell phones, smart phones, tablet devices and other handheld devices for Company business
Revised
11/21/13
13
Technology Use Policy
when authorized by your manager, the Law Department and the head of Information Technology, but only
when appropriate security measures have been implemented including the use of passwords and
Terminal Services (e.g. Citrix, etc.). However, use of Outlook Web Access on a non-Company owned
device is permitted without prior authorization.
Company data, including any Company data contained in or transmitted via e-mail, or contained in
electronic documents or other forms of electronic communication including blogs, social media posts, text
messaging and instant messaging, should not be sent to, forwarded to, or reside on non-Company owned
technology devices unless specifically authorized by your manager, the head of Information Technology
and the Law Department. In the event of litigation, governmental investigation or other proceedings, the
Company may be required, pursuant to a discovery request or in compliance with other obligations, to
search for, identify, retrieve and retain Company data wherever and however that Company data is
stored. Your personal technology devices, and any information contained or stored in them (e.g. personal
financial information, personal photographs, etc.), may be confiscated, searched, copied, imaged, or
otherwise compromised should your personal technology device be used, in any manner whatsoever, for
Company business.
10. USER IDS AND PASSWORDS
Users are responsible for safeguarding their User IDs and passwords for access to the computer system
and other technology devices. User IDs, passwords and systems security (access rights) are determined
and documented in the employee’s or other personnel’s user access documentation. This information is
strictly confidential and is not to be shared with any person(s) or organization(s).
•
User IDs and passwords should not be printed, stored online, or given to others.
•
Users are responsible for all transactions made using their IDs and passwords.
•
No user may access the computer system or other technology device with another user's ID and
password or account.
•
If you discover that your user ID or password has been compromised, change it immediately and
notify your manager and the head of Information Technology.
11. VIRUSES
Virus Detection. Viruses can cause substantial damage to computer systems and other technology
devices. Each user is responsible for taking reasonable precautions to ensure he or she does not
introduce viruses into the Company's network and technology devices. All material received on floppy
disk or other magnetic storage, flash or optical medium, all material received via electronic
communication, and all material downloaded from the Internet or from computers or networks that do not
belong to the Company must be scanned for viruses and other destructive programs before being placed
onto the computer system or other technology devices. All disks transferred to the Company's computers
or network must be scanned for viruses.
If you suspect that a virus has been introduced into the Company’s network, notify Information
Technology and your manager immediately.
E-Mail Attachments. The following apply to e-mail attachments:
•
Ensure that virus scanning is enabled on your computer, and that it scans e-mail attachments.
Notify Information Technology immediately if you encounter a virus.
•
Never open a file attachment from a source you do not recognize or trust. Viruses can be
attached to file attachments, and when opened, spread into the Company network.
•
When opening an attachment, if prompted to disable all macros, do so until you are sure that the
Revised
11/21/13
14
Technology Use Policy
macros are not malicious. If a user is uncertain as to the effect of this action, the user should
contact Information Technology.
12. VIOLATIONS AND REPORTING VIOLATIONS
Violations. Violations of this policy will be taken seriously and may result in disciplinary action, including
termination of employment, cancellation of contract, and/or civil and criminal liability.
Reporting Violations. Users who become aware of anyone using computer resources for unauthorized
activities are required to report the incident immediately to management. Failure to report improper
activities may result in disciplinary action, including termination of employment or cancellation of contract.
All reports may be made in person, in writing or by phone. You may inform the head of Information
Technology (if related to sending, receiving or viewing inappropriate material), your manager, the
Company’s Compliance Officer, an executive officer, Human Resources or the Law Department. You may
also use the confidential Always Honest Hotline available in your area (toll-free in the U.S. at 1-800-4434113).
13. OTHER POLICIES APPLY
All existing Company policies apply to employees’ and other personnel’s conduct in connection with
technology use and electronic communication, including but not limited to, Company policies regarding
intellectual property, insider trading, misuse of Company property, discrimination, harassment, sexual
harassment, information, data security, and confidentiality, including with specificity the following:
•
Company’s Code of Ethics
•
Company’s Always Honest Compliance & Ethics Policy and Manual
•
Company’s Corporate Policy Manual
•
Company’s Security Policies
•
Information Technology policies posted on the Company’s intranet and/or in the Information
Technology Standards Manual
Amendments and Revisions. This policy and any other Company policy may be amended or revised
from time to time as need arises, as authorized by the President and Chief Executive Officer of Viad
following recommendation by the Records Committee.
14. EXCEPTIONS TO THE POLICY
Written exceptions to this policy may be granted when there is a legitimate ongoing business or
administrative need to retain the electronic communication or when there is a regulatory or legal
requirement or obligation to do so. Any and all requests for exceptions to this policy must be in writing,
signed by the President and Chief Executive Officer of the operating company, or an executive officer of
Viad, and submitted to Viad Corp’s Records Committee. Your manager can process an exception request
on your behalf in coordination with the head of Information Technology and the Law Department.
Exception requests considered by the Records Committee will be submitted to the Chief Compliance
Officer for approval or denial as recommended by the Records Committee. Notice of approved or denied
exception requests will be returned to you with a copy to Information Technology and the Law
Department.
15. OTHER REQUIREMENTS
Confidentiality Notices on E-Mails. All e-mails sent by Company personnel should contain the
appropriate confidentiality notice. The following standard notice should be used by all personnel other
than those in the Law Department:
Revised
11/21/13
15
Technology Use Policy
CONFIDENTIAL NOTICE: This e-mail transmission (and the attachments, if any,
accompanying it) may contain confidential information. The information is intended only
for the use of the intended recipient. If you are not the intended recipient, you are hereby
notified that any forwarding, disclosure, copying, distribution, or the taking of any action in
reliance on the contents of this information is strictly prohibited. Any unauthorized
interception of this transmission is illegal under the law. If you have received this
transmission in error, please promptly notify the sender by reply e-mail, and then destroy
all copies of the transmission.
Attorneys and other personnel in the Law Department should use the following notice:
DO NOT FORWARD WITHOUT PERMISSION; PRIVILEGED & CONFIDENTIAL: This
e-mail transmission (and the attachments, if any, accompanying it) may contain
confidential information protected by privilege, including, but not limited to, the attorneyclient privilege. The information is intended only for the use of the intended recipient. If
you are not the intended recipient, you are hereby notified that any forwarding,
disclosure, copying, distribution, or the taking of any action in reliance on the contents of
this information is strictly prohibited. Any unauthorized interception of this transmission is
illegal under the law. If you have received this transmission in error, please promptly
notify the sender by reply e-mail, and then destroy all copies of the transmission.
Information Technology will append the appropriate confidentiality notice to all outbound e-mail messages
if not already present as part of the sender’s e-mail signature.
Note: Communications from attorneys that are reasonably intended to be protected by the attorney-client
privilege may not be forwarded without the sender's express permission.
Use of Encryption Software. Users may not install or use encryption software on any of the Company's
computers without first obtaining written permission from Information Technology. Users must not use
passwords or encryption keys that are unknown to their managers or Information Technology.
Note: This password requirement applies only to the use of encryption software and does not apply to
Windows login passwords or other similar passwords.
Export Restrictions. The United States and Canadian federal governments have imposed restrictions
on export of programs or files containing encryption technology, such as e-mail programs that permit
encryption of messages and electronic commerce software that encodes transactions. Software or other
products containing encryption technology are not to be placed on the Internet or transmitted in any way
outside of the United States or Canada, as the case may be, without prior written authorization from the
head of Information Technology.
File Sizes. Be cautious in sending large files and attachments over 10 megabytes (10 Mb). Large files
can slow or stop network traffic and cause delay to critical systems. Contact Information Technology to
send a large file or use file compression utilities, or if you have access, use the FTP site.
Revised
11/21/13
16
Acknowledgement of
Technology Use Policy
I acknowledge electronic access to, or receipt of, a copy of the following Company policies related to
use of Company-owned computers, e-mail systems, the Internet and other technology:
•
Technology Use Policy
•
Always Honest Compliance & Ethics Manual ("Company E-Mail and Internet
Access" section)
•
Corporate Policy Manual
•
Information Technology Policies
I affirm that I have read and will abide by the policies of the Company regarding computer, e-mail,
Internet and other technology usage. In particular, I understand:
1. That these policies govern the acceptable use of all company-owned and issued computer
hardware, software, communications and networking systems;
2. That these policies protect the Company, its employees and business partners against
unauthorized or abusive use and removal or destruction of critical or confidential business
information;
3. That the Company has the complete authority to monitor my computer usage, e-mail
communications, Internet usage and use of other technologies;
4. That the Company may monitor all technology usage on a routine and/or special case basis; and
5. That any violation by me of the Company’s computer, e-mail, Internet and other technology use
policies may result in a loss of access to the technology, disciplinary action (including
employment termination), or legal action.
I acknowledge that the Company solely owns the systems and technology employed throughout the
Company, Company-associated social media sites and the information contained therein.
I agree to follow all standards, policies and procedures applicable to the use of technology in
connection with my employment and relationship to Viad Corp and its subsidiaries. I expressly
waive any right of privacy in anything I create, store, send, or receive on the computer or through the
Internet or any other computer network. I understand and consent to the Company’s use of human
or automated means to monitor use of its computer systems and other technology resources.
System administrators may change, bypass or disable my password or other security mechanisms
at any time without permission or advance notice to me.
SIGNATURE:
PRINT NAME:
PRINT COMPANY NAME:
PRINT JOB TITLE:
PRINT DEPARTMENT NAME:
Revised 11/21/13
DATE:
Related documents
Words in italics are to be deleted in the completed... UNIVERSITY OF SASKATCHEWAN BOARD OF GOVERNORS
Words in italics are to be deleted in the completed... UNIVERSITY OF SASKATCHEWAN BOARD OF GOVERNORS
The University of Wisconsin – Milwaukee CONFIDENTIAL COMMUNICATION FORM
The University of Wisconsin – Milwaukee CONFIDENTIAL COMMUNICATION FORM
Download