Archived [2022-05-04] - Directive on Service and Digital - Appendix D: Examples of Unacceptable Network and Device Use (non-exhaustive list of examples)
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Appendix D. Examples of Unacceptable Network and Device Use (non-exhaustive list of examples)
D.1 Effective Date
- D.1.1These take effect on April 1, 2020.
- D.1.2These replace Appendix C: Unacceptable Use (non-exhaustive list of examples) of the Policy on Acceptable Network and Device Use (October 1, 2013).
D.2 Examples
- D.2.1These examples provide details in support of requirement 4.4.1.11.1 of the Directive on Service and Digital.
- D.2.2The legal consequences of unacceptable use will be determined by the section of the law in default. The employment consequences of unacceptable use will be determined by existing policy instruments and guidance from appropriate organizational human resources or labour relations advisors.
- D.2.3This document is a non-exhaustive list of unacceptable use. Other activities could be deemed unacceptable at the discretion of the deputy head.
- D.2.4Departments can limit the use of Government of Canada electronic networks and devices or impose employment consequences if the activity or behaviour:
- D.2.4.1Is unacceptable or criminal in nature;
- D.2.4.2Violates Treasury Board or organizational policies and codes of conduct and other published requirements;
- D.2.4.3Impacts negatively the performance of Government of Canada electronic networks and devices;
- D.2.4.4Impedes organizational operations or the delivery of services; or
- D.2.4.5Breaches the Duty of Loyalty requirement for public servants (i.e., does not refrain from public criticism of the Government of Canada).
- D.2.5The following is a non-exhaustive list of examples of criminal activity that could take place on Government of Canada electronic networks or devices:
- D.2.5.1Child pornography—Possessing, downloading or distributing any child pornography.
- D.2.5.2Copyright infringement—knowingly distributing infringing copies of a copyrighted work.
- D.2.5.3Defamation—Causing a statement to be read by others that is likely to injure the reputation of any person by exposing that person to hatred, contempt or ridicule, or that is designed to insult the person.
- D.2.5.4Denying right of access under the Access to Information Act: destroying, mutilating, altering, falsifying or concealing a record, or making a false record with intent to deny a right of access under the Access to Information Act.
- D.2.5.5Hacking and other crimes related to computer security.
- D.2.5.6Gaining unauthorized access to a computer system—Using someone else's password or encryption keys to engage in fraud or obtaining money, goods or services through false representations made on a computer system.
- D.2.5.7Trying to defeat the security features of the electronic networks.
- D.2.5.8Spreading viruses with intent to cause harm
- D.2.5.9Destroying, altering or encrypting data without authorization and with the intent of making the data inaccessible to others who have a lawful need of access.
- D.2.5.10Interfering with others' lawful use of data and computers.
- D.2.5.11Harassment—Sending electronic messages that cause people to fear for their safety or the safety of anyone known to them.
- D.2.5.12Hate propaganda—Disseminating messages that promote hatred or incite violence against identifiable groups in statements outside of private conversations.
- D.2.5.13Interception of private communications or electronic mail (in transit)—Unlawfully intercepting someone's private communications or unlawfully intercepting someone's electronic mail.
- D.2.5.14Obscenity—Distributing, publishing or possessing for the purpose of distributing or publicly displaying any obscene material.
- D.2.5.15Various other offences—The Criminal Code (and a few other statutes) provide for a range of other offences that can take place in whole or in part using electronic networks. For example, fraud, extortion, blackmail, bribery, illegal gambling, and dealing in illegal drugs can all occur, at least in part, over electronic networks and are criminal acts.
- D.2.6The following is a non-exhaustive list of examples of illegal (though not criminal) activity that could take place while accessing the Internet through Government of Canada electronic networks or devices:
- D.2.6.1Disclosing sensitive information without authorization.
- D.2.6.2Disclosing personal information—Failing to respect the privacy and dignity of every person.
- D.2.6.3Disclosing business trade secrets—Revealing business trade secrets without authorization, other than in response to a formal request under the Access to Information Act.
- D.2.6.4Disclosing sensitive government information—Revealing sensitive government information without authorization.
- D.2.6.5Intellectual property infringement: infringing or otherwise using without authorization another person's intellectual property (copyright, trade-mark or patent).
- D.2.6.6Harassment—It is a discriminatory practice to harass an individual on a prohibited ground of discrimination. The prohibited grounds are race, national or ethnic origin, colour, religion, age, sexual orientation, gender identity, marital status, family status, disability and conviction for which a pardon has been granted.
- D.2.6.7Privacy breaches—Include, but is not limited to, any of the following without authorization: reading someone else's electronic mail or other personal information, listening in on someone's private conversations or intercepting electronic mail while it is in transit, for example.
- D.2.7 The following is a non-exhaustive list of examples of activities that contravene Treasury Board policies (and may contravene comparable organizational policies):
- D.2.7.1Causing congestion and disruption of Government of Canada electronic networks and systems through such means as sending chain letters and receiving list server electronic mail unrelated to a work purpose. These are examples of excessive use of resources for non-work related purposes (Policy on Government Security).
- D.2.7.2Using the Government of Canada electronic networks for unauthorized activities as laid out in this policy and related guidance (Policy on Conflict of Interest and Post-Employment).
- D.2.7.3Using Government of Canada electronic networks to make public comments about government policies, except when acting as the official spokesperson, or to engage in political activity that could impair his or her ability to perform duties in an impartial manner (Public Service Employment Act, Values and Ethics Code for the Public Sector, and Policy on Conflict of Interest and Post-Employment
- D.2.7.4Representing personal opinions as those of the organization, or otherwise failing to comply with organizational procedures concerning public statements about the government's positions (Policy on Conflict of Interest and Post-Employment
- D.2.7.5Providing authorized individuals with access to systems, networks or applications used to process sensitive information before such personnel are properly security screened (Policy on Government Security).
- D.2.7.6Failing to revoke system access rights of personnel when they leave the organization due to the end of employment or the termination of a contract, or when they lose their reliability status or security clearance (Policy on Government Security).
- D.2.7.7Unauthorized removal or installation of hardware or software on government owned informatics devices or electronic networks (Policy on Government Security).
- D.2.7.8Furthermore, unless for valid work-related purposes, authorized individuals cannot use Government of Canada electronic networks or devices to access or download websites or files, or send or receive electronic mail messages or other types of communication, that fall into the following categories:
- D.2.7.8.1Documents that incite hatred against identifiable groups contained in personal messages (the Criminal Code prohibits incitement of hatred against identifiable groups in public conversations, also listed under criminal offences);
- D.2.7.8.2Documents whose main focus is pornography, nudity and sexual acts.
- D.2.7.9Activity that can expose authorized individuals or the employer to tort liability
- D.2.7.1010 Various kinds of conduct can expose a person or an employer to civil liability. The employer's liability will be triggered when a public service employee or authorized individual performs the activity. The following is a non-exhaustive list of examples of torts from which liability may stem from activity on Government of Canada electronic networks or devices:
- D.2.7.11Disclosing or collecting sensitive data—Revealing or obtaining such information without authorization. In addition to the statutory provisions mentioned above, an unauthorized disclosure or collection of personal information can result, in some circumstances, in a civil action for invasion of privacy, nuisance or trespass under common law, and similar actions under the Civil Code of Québec, for breach of contract and for breach of trust or breach of confidence (e.g., if confidential commercial information is disclosed).
- D.2.7.12Defamation—Spreading false allegations or rumours that would harm a person's reputation. In addition to criminal libel, publishing defamatory statements without a lawful defence can result in a civil action.
- D.2.7.13Inaccurate information—Posting inaccurate information, whether negligently or intentionally. This can lead to civil lawsuits for negligent misrepresentation.