Buying Christmas presents online -- what do agencies allow?
Recent research shows that a growing number of federal employees are doing their holiday shopping online during work hours. But unclear policies and vague language could have government workers scratching their heads, wondering if it’s OK to shop online while at work as the holiday gift-giving season approaches.
Nearly one-third of the Americans say they will do some Christmas shopping online while they are working, spending 18 hours on average searching for gifts from a work-supplied device, according to a September 2011 poll by ISACA.
The survey also found that nearly one-fifth of global respondents were unsure whether policies existed for online shopping. That same confusion could easily transcend to public sector employees. While agencies follow governmentwide rules that prohibit employees from using government IT for illegal or inappropriate use, few address activities such as online shopping specifically.
Agencies also often amend those policies to fit individual agency needs. For example, while the General Services Administration blocks certain websites and filters web content, it allows employees access to social networking sites “as these can help GSA fulfill its mission,” CIO Casey Coleman said.
Occasional access to the Internet is also allowed, but “as a wise guardian of taxpayer dollars, GSA does not allow the personal use of fee-based commercial electronic databases when there is an additional charge to the government,” she added.
The Interior Department has taken a more permissive approach. Its policy states that employees may use government computers for personal use and make personal purchases over the Internet, but only during nonduty time. When shopping online, however, employees must have the purchases sent to a non-government address, the directive states.
In the ISACA survey on online shopping, 20 percent of participants said using a work email address as contact information when online shopping poses a risk to the employer, said Robert Stroud, former ISACA executive and current vice president of strategy and innovation at CA Technologies.
Another risk are those “too good to be true” deals that come during the holidays urging the recipient to click on a link in an email, Stroud said. In a matter of seconds, gullible employees could find themselves in an unsecure environment, inadvertently breaching an agency’s IT security policy or downloading malware to agency IT equipment and networks.
“Too good to be true is too good to be true,” he said. “If you see a link in an email, you want to be cautious. And if you get an email from someone you don’t know or recognize, your first concern should maybe be that you need to consult the security team in your organization. These are safe practices that we have to make part of our DNA when we deal with technology."
With safety as a top priority, the Defense Department follows a directive that that bans employees from using government IT for personal use other than short periods of time. The policy green-lights activities such as brief searches on the Internet and emailing directions to visiting relatives. Want to spread season's greetings around, perhaps make a customized Christmas card? Not at DOD—according to the directive, it’s “improper to use government resources to produce holiday greeting cards," reads the policy.
Similarly to DOD, the State Department’s approach to personal use of government IT is to minimize it. “We follow the policy described in [the Foreign Affairs Manual]: Employees may use the Internet in moderation, on personal time, for matters that are not directly related to official business,” said State Department spokesman Raphael L. Cook.
The manual’s section on IT management contains sweeping language that bans the use of government equipment to view sexually explicit material, use sites related to gambling, or any use that compromises the security of government systems. Similar to many other agencies’ directives, the State Department’s policy does not directly address online shopping sites.
One of the more detailed policies comes from the Education Department. Its directive states that it’s acceptable for employees to use department IT to email co-workers for activities such as getting or giving recommendations for a physician or plumber; corresponding with friends overseas, or reading news stories online. It also allows the use of agency equipment to write and print resumes and cover letters. It also specifies that it's ok for employees to use the Internet to research topics of personal interest.
Employees are, however, not allowed to use the computer to write a book or an article that pays; use email to advertise rental property; or use the Internet to do research for an outside consulting job. But during nonwork hours, the Education Department gives thumbs-up to employees to play Solitaire on their computers, compose long personal emails or fill out lengthy job applications.
Curiously, while the policy highlights the filtering of web content related to sex, gambling or even “mail order marriages,” it makes no mention of online shopping sites.
That lack of language that addresses online shopping could come from agencies seeing it as a nonissue, said Timothy J. Kane, vice president of the Strategic Consulting Group at professional services firm Dewberry.
“Across the board, from what I’ve seen in the private sector, there isn’t any abuse,” he said. “I don’t think that agencies are going to find that people are abusing" online shopping.
Social media and online shopping sites alike could end up being “very practical, noninvasive ways” for organizations to provide a benefit to employees, he added.
“If you think of all the people who have to rush out to do evening shopping, letting them spend half an hour online, during lunch or off-duty time, ultimately makes more satisfied employees and put back more time in the day and into the organization and the work they’re doing,” Kane said.