The Jefferson County Board of Legislators Finance and Rules Committee will vote tonight on a revised information technology policy for county employees.
During the full boards April meeting, legislators and department heads debated the monitoring and enforcement provision of an earlier version, which some felt required clarification.
In the earlier version, the policy read, Computing systems and resources provided by Jefferson County are owned by the County and are therefore its property. This gives Jefferson County the right to monitor any and all voice and data traffic passing through its system.
The revised policy is amended to include the following sentence:
The exercise of this right will be conducted in compliance with all local, state and federal statutes, rules and regulations governing access to identified protected, confidential communications passing through the system, including that information obtained from other governmental and health related agencies.
According to the policy, if officials discover or have good reason to suspect activities that do not comply with the law or the policy, they may use voice or data records to document the activity.
The revised policy includes a detailed procedure outlining how requests to monitor the communication of employees may be made in such a case.
Requests for monitoring may be initiated by department heads, county administration or the county attorney upon notice to the affected county department. Requests will be made to the director of the Information Technology Department.
The policy is aimed at ensuring that county assets are being used appropriately and does not mean the county will actively monitor communications, said IT Director Gregory C. Hudson.
The Department Head or County Attorney will work with the IT Director to ensure that such monitoring and/or retrieval conforms to all relevant departmental, local, state or federal laws and/or regulations, the revised proposal states.
During the meeting earlier this month, Undersheriff Paul W. Trudeau raised concerns about potential violations of confidentiality, especially where inadvertent eavesdropping on wiretapping operations may occur.
The involvement of a department head in decisions about monitoring would theoretically reduce that risk.
Legislator Michael A. Montigelli, R-Black River, asked about the implied privacy people who are not county employees have when communicating with county employees.
New York is a one-party consent law state, according to the Digital Media Law Project hosted by the Berkman Center for Internet and Society at Harvard University. That means if one party to a conversation consents, the conversation may be recorded, provided all individuals in the conversation are in New York state.
According to the policy, the IT staff is responsible for implementing guidelines while county employees compliance is the department heads duty.