By David Heitz / NewsBreak Denver
(Aurora, Colo.) The Aurora City Council Monday adopted a resolution requiring council appointees to follow the city's e-mail guidelines.
Scott Newman, director of information technology, asked the council to fast-track the item. That means the council won't discuss it during a committee meeting, and it becomes law immediately.
The reason for the rush given on a council document was "security risk." It referenced a matter discussed in executive session, which is closed to the public.
Council appointees include members of boards and commissions and city department heads. The resolution requires them to follow city directions about using and handling electronic data in any form, including personally identifying information, criminal justice information, protected health information, and payment card information. It further requires following "security policies, directives or alerts" from the city's chief information security officer.
Why is an e-mail policy needed?
The resolution lists several reasons why the city needs the guidelines, including:
· Prevent security breaches. Much of the data on city servers is sensitive and subject to regulatory guidelines. For example, data about prisoners would fall under the sheriff's department rules. In contrast, data about someone's rent might fall under the U.S. Department of Housing and Urban Development regulations. The city must adhere to all the requirements, including keeping data secure.
· Protect data. IT chiefs must secure data as soon as possible after a breach. IT chiefs also need to manage information security risks nimbly.
On Monday, the council briefly discussed the item. Council member Alison Coombs wondered whether the policy would interfere with the release of public information requests. Chief Information Officer Scott Newman assured her it would not. He said the guidelines “Make our cybersecurity posture a uniform approach applied to all divisions regardless of whom they report to.”