SECTION 440 - COUNTY OWNERSHIP OF AND ACCESS TO COMPUTER DATA, FILES, AND

SOFTWARE

 

      A.    DATA AND SOFTWARE OWNERSHIP

 

           Property ownership rights in all data and software owned or controlled by the various branches of Santa Cruz County government are vested in "the County of Santa Cruz" and are subject to the controls, policies, and procedures established by the Board of Supervisors.

 

           The County may, in its sole discretion, assert, establish an exercise property rights in any and all data, files, and software stored, maintained, or placed on any County computer equipment or computer media, including transferable media such as diskettes and tapes. The assertion, establishment, and exercise of such rights may be taken at any level along lines of supervisory authority.  Request for review of such action shall be to the applicable department head.  Appeal of a department head's decision may be made to the Board of Supervisors, whose decision as regards County property rights issues, shall be final.

 

           Data or software that is licensed from other parties is subject to terms and conditions of the respective licenses. Many types of data and some software are subject to State or federal statutes that regulate confidentiality and disclosure. Management and control of such data and software are delegated to the proper County official(s) in accordance with statute.

 

           The fact that individual items or collections of data or software are public in nature,  or  actually  are public records, does not diminish  the "property" aspects of  County ownership.

 

      B.    DATA AND SOFTWARE ACCESS

 

           The County has an unrestricted right of access to and disclosure of all data and software on any County equipment or media, through the appropriate County official(s).   Such access and disclosure shall be in accordance with, and subject to any controls or restrictions imposed by, applicable statutes or licenses.

 

           Individual County staff members, officials, or volunteers who use County equipment or media are required, as a condition of their employment, or as a condition of any non-employment relationship with the County which provides them access to County equipment or media, to provide access to, decrypt and disclose any files or data to the appropriate County official(s) on request. County employees, officials and volunteers shall be informed of this requirement upon appointment or reassignment, and in department orientation.

 

           Access to and review of computer files on County equipment or media will follow supervisory lines, except as required otherwise by statute, license or contract. The supervisor and higher authorities under whom each staff member, volunteer, or official works has authority to access and disclosure, in accordance with the policies contained in this Section 440, consistent with applicable statutes or licenses, but peers and subordinates have no authority for access or disclosure except as specifically granted.

 

           The security procedures that apply to the main computer system and network also apply to individual PC's,  PWS's,  departmental minicomputers, and LAN's.

 

      C.   DATA AND SOFTWARE SECURITY ADMINISTRATION

 

           Development and auditing of security procedures and access control for all County computer equipment, media, data, and software are assigned to the Information Services Department.

 

           Security procedures and access controls may be delegated to other departments on an individual basis provided the other department maintains an approved security policy and a trained security administrator.

 

            The Information Services Department will regularly audit the security procedures and controls,  including those that  have  been delegated to other departments.