HHS IRM Policy for Use of Broadcast Messages, Spamming and Targeted Audiences
January 8, 2001
Table of Contents1. Purpose
5. Roles and Responsibilities
6. Applicable Laws/Guidance
7. Information and Assistance
8. Effective Date/Implementation
This document establishes the policies and procedures to regulate the distribution of e-mail when addressed to large numbers of Department of Health and Human Services (HHS) staff. It addresses e-mail generated both from within and outside the Department.
Since 1994, Office of Information Resources Management (OIRM) within the office of Assistant for Secretary for Management and Budget (ASMB) has been sending out electronic mail messages to all or selected subsets of HHS employees. These e-mail broadcasts are made possible by the use of custom software that automates the collection of e-mail addresses from across the Department and the creation and transmission of the needed e-mail messages themselves. This system was originally established to support the needs of the Secretary to communicate with all HHS employees. While most messages have been distributed in the Secretary's or Deputy Secretary's names, an increasing number have been from other sources. Additionally there have been increasing inquiries about sending messages from other sources within the Department.
The objective in establishing rules is to balance the legitimate needs of the Government to distribute information related to the Department's mission against the attendant costs when many employees must sort through messages of questionable relevance to their work. Messages sent to employees have entailed cost impacts of: recipients taking time to review them, computer resources to process them, and support staff to keep the systems safe and operational. Given these potentially conflicting demands it has been necessary to maintain a cost-effective balance to maximize the efficiency of the Department's operations. The Department has not yet been the subject of repeated significant "spamming" or other efforts to disseminate large amounts of non-Governmental mail. However, the Department needs to plan for it and promulgate policies to manage large-scale mailings both from within and outside the organization.
Despite the degree of automation achieved in the current system, significant manual effort is still involved to assure successful transmission, monitor, and re-direct employee responses to the broadcasts.
In July 1996 the Secretary signed a memorandum to OPDIV heads requesting their assistance in improving the ease of electronic communication across the Department. Specifically, the Secretary asked the OPDIV heads to give attention to improving the quality and availability of electronic directory information. Also, in May 1996, a technical note on the HHS electronic directory was adopted by the HHS Information Resources Management Advisory Council and approved by the ASMB. The technical note, which is a mandatory technical standard and applies to all DHHS organizations, stated in part: "The Department maintains a central directory in electronic form of all DHHS employees. This directory contains access and descriptive information, such as phone number, electronic mail address, and organization for each employee. Each OPDIV is responsible for maintaining accurate, complete information on their employees and providing it to the central directory on a timely basis." The note can be found at http://www.os.dhhs.gov/progorg/oirm/hhsdir96.htm.
The e-mail broadcast system depends on the accuracy of the central HHS staff directory to reach the maximum number of employees. All employees's e-mail addresses in the Departmental directory is not sufficient to ensure that targeted e-mail broadcasts (e.g., to the Metropolitan Washington area or the Southwest Complex) reach their intended audience if key directory information (e.g., phone number, building name) needed to differentiate employees into appropriate groups is not accurate (see Appendix A).
Broadcast messages are by their nature indiscriminate in terms of knowing ahead of time the employee's interests. This is unavoidable and a balance must be found between the value of the messages being placed in e-mail and the time occupied by employees in receiving them. This requires a policy that limits such transmissions to those for which a reasonable business need exists, as opposed to simply broadcasting everyone. As the number of messages increases, coming from numerous sources both in and outside of the Department, and as the tools for sending e-mail broadcasts become more widely available, a controlling policy is warranted. This is necessary both to minimize the potential waste of employee's time in screening these messages and in maintaining the sense of importance for those that are sent.
This policy establishes the rules and guidelines for the use of e-mail broadcasts initiated by any HHS employee or contractor using HHS computers, networks, and software and sent to a large number of individuals. The policy addresses three areas requiring management of broadcasts: (a) those relating to HHS business that involve transmission to a large number of employees; (b) requests from individuals and organizations to use the broadcast capabilities for other purposes; and (c) the problems associated with the growing ability of external organizations and individuals to use HHS electronic directory information to send broadcast messages to HHS employees from outside the Department. This policy excludes mailings to lists where the recipients individually requested the mail by signing up for a listserver.
- The Executive Secretariat (ES), located in the Immediate Office of the Secretary, shall be the approval authority for all e-mail broadcast requests originating from the Secretary, Deputy Secretary, Chief of Staff, or White House, or otherwise involving Secretarial matters.
- (1) Officially sponsored events that do not require Secretarial involvement; (2) administrative items; and (3) requests to publicize HHS activities or events that are not officially HHS-sponsored, are referred to the OPDIV designated approving official (e.g., CIO) of the OPDIV wishing to send the message. Examples of officially sponsored events would include Department sponsored courses, blood drives, health insurance information fairs, and the like. Any message being sent to more than one OPDIV is sent by the approving official in the OPDIV (except as noted in 4.5 below) to the Assistant Secretary for Management and Budget (ASMB) for approval.
- Authority to distribute broadcasts may be delegated to accommodate urgent needs. For example, the OS Office of Facilities Services will have delegated authority to send out notices when emergency situations occur in the Humphrey or Cohen Buildings affecting matters such as water quality, blocked building access, demonstrations, or the like.
- Each OPDIV may implement procedures, as needed, consistent with the Departmental policy, to manage the transmission of e-mail broadcasts within their own organization (that is from within that OPDIV to the employees of that OPDIV).
- Other cross-OPDIV e-mail broadcasts that are agreed upon by all the organizations that are to receive the e-mail are transmitted as appropriate (e.g., broadcasts to all HHS employees within a region or building) by one and only one of the participating organizations.
- The Assistant Secretary for Public Affairs shall approve all e-mail broadcasts that include recipients outside the Department, including those generated by the Operating Divisions.
- Activities and events that are not officially HHS-sponsored may be transmitted under the following circumstances (all items must apply):
- the activity/event is sponsored by an officially recognized HHS employee organization (see 6. Applicable Laws/Guidance) or the activity/event is sponsored by an officially recognized employee organization in another agency and that agency has endorsed the activity/event;
- the subject is of general interest and not a personal matter (e.g., no requests for leave donations, retirement notices, birth or death announcements, job location changes, etc. shall be sent by the Department);
- adequate notice is provided by the requester to address any policy or technical questions that are raised;
- the material is formatted as required by HHS standards (current standards are attached);
- staff and computer resources are available for transmission;
- the content is reviewed by the employee's manager and approved by the designated OPDIV level clearance authority prior to distribution; and
- the message content does not fall within the restrictions in 4.8
- Items that are generally not approved for distribution (except at the direction of the Immediate Office of the Secretary/Executive Secretariat [IOS/ES]):
- any charitable activities involving cash except for the Combined Federal Campaign. (e.g., information on an activity like Women's Race for the Cure would not be broadcast because it involves cash payments by employees, but broadcasts involving the collection of non-cash donations, such as clothing, toys, or food may be allowed if other requirements are met. In accordance with 5 CFR 950.102, the Combined Federal Campaign is the only authorized solicitation of federal employees for money. Collections of gifts-in-kind (e.g., food, clothing) are permissible under this policy);
- messages that are of political, religious, or other similarly sensitive nature;
- anything for commercial gain;
- reminders of upcoming events/activities that have been previously broadcast except for notifications of blood drives, unless the reminders have been formally cleared for re-distribution; and
- security warnings, instructions, or information by a person other than the responsible security officials.
- Communications from the public are welcomed by e-mail when sent to the specific individuals or offices that are responsible for the topic matter of the letter. A directory of addresses can be found at http://directory.psc.gov/. General mailings that are directed at everyone in the Department, or to large components of it and interfere with the operations of the Department are subject to being blocked without prior notice to the sender. Requests from outside the Department for e-mail distribution shall be addressed to the office in HHS that has direct responsibility for the topic of the message. If no such HHS office exists, then it is likely that the topic of the message is not appropriate for handling within this Department. These messages shall be directed to ASMB/OIRM for resolution.
- Mail that is considered by the recipient to be interfering with Government operations may be referred by ASMB/OIRM to the appropriate ethics office, law enforcement office, OIG Office of Investigations, and/or the Internet Service Provider of the sender. Offensive e-mail such as e-mail of a violent, pornographic, racist, or sexist nature violates the Departments efforts to maintain a family friendly workplace and shall not be distributed. If it is, the sender may be subject to adverse personnel action (for employees) and /or prosecution.
- Individual employees or contractors are not authorized to transmit e-mail broadcast messages except through formal approval as specified in Section 4. Unauthorized or inappropriate use of HHS IT resources could result in loss of use or limitations on use of equipment, disciplinary or adverse actions, criminal penalties and/or employees or other users being held financially liable for the cost of inappropriate use.
- Wherever possible, information should be placed on the Departmental and OPDIV Intranets or the Internet in lieu of using e-mail broadcasts. If an e-mail broadcast is sent, it shall reference web universal resource locators (urls) rather than attaching a document, to the extent possible.
5. Roles and Responsibilities
- The HHS Executive Secretariat (ES)
The ES shall clear all email broadcast requests originating from the Secretary, Deputy Secretary, Chief of Staff, or White House, or otherwise involving Secretarial matters.
- The Assistant Secretary for Management and Budget (ASMB)
The ASMB shall have final responsibility for decisions on whether to send or not send any given message except for messages covered in 5.1 above.
- The Assistant Secretary for Public Affairs (ASPA)
ASPA shall review and approve any broadcast messages that will be sent to recipients outside the Department.
- The Office of Information Resources Management (OIRM)
OIRM is responsible for:
- Maintaining office support to coordinate with the OPDIV approving officials for broadcasts;
- Maintaining procedures for requesters to submit e-mail broadcast requests. These procedures may change over time without re-issuance of this policy.
- Maintaining a centralized capability for HHS wide-scale broadcasts;
- Sending a message to the requesting organization, when disapproving a request to send a broadcast message, stating that the request could not be accommodated, along with the reason for disapproval. (Questions and disputes are referred back to the HHS ASMB).
- Submitting Organization (for e-mail broadcasts distributed by the Department)
The submitting organization is responsible for proofreading, fact checking, formatting and clearance of any document proposed for transmission. Additionally, the submitting organization is required to identify an individual to receive and handle any e-mail or telephone responses to each specific message. Documents shall be submitted with sufficient lead time and formatted as specified in the submission procedures (see Appendix B).
- OPDIV Head
Each OPDIV Head is responsible for:
- Designating a central point of contact for clearance approval on broadcasts and notifies HHS OIRM who has been designated;
- Promulgating and enforcing appropriate e-mail policies and procedures, as needed, consistent with the Departmental policy, for broadcasts from within their OPDIV; and
- Assuring that this policy is followed and recommending changes, as needed, to the HHS CIO.
Employees are responsible for not sending broadcasts except as directed in this policy at section 4.11.
6. Applicable Laws/Guidance
HHS General Administration Manual, Chapter 25-10: DHEW Employee Welfare and Recreation Associations.
7. Information and Assistance
Direct questions, comments, suggestions or requests for further information to the Deputy Assistant Secretary for Information Resources Management, (202) 690-6162.
8. Effective Date and Implementation
The effective date of this policy is the date the policy is approved.
These policies and procedures will not be implemented in any recognized bargaining unit until the union has been provided notice of the proposed changes and given an opportunity to fully exercise its representational rights.
The HHS policies contained in this issuance shall be exercised in accordance with Public Law 93-638, the Indian Self-Determination and Education Assistance Act, as amended, and the Secretary's policy statement dated August 7, 1997, as amended, titled "Department Policy on Consultation with American Indian/Alaska Native Tribes and Indian Organizations." It is HHS' policy to consult with Indian people to the greatest practicable extent and to the extent permitted by law before taking actions that affect these governments and people; to assess the impact of the Department's plans, projects, programs and activities on tribal and other available resources; and to remove any procedural impediments to working directly with tribal governments or Indian people.
John J. Callahan
Assistant Secretary for Management and Budget
E-mail broadcast - Transmission of a single electronic mail message to large numbers of HHS employees or external recipients. The intended meaning here is messages sent indiscriminately with the intent to reach all or most of the e-mail addresses in an organization or geographic area. The use of listservers to reach multiple recipients where those on the list have chosen to subscribe are excluded. This also excludes targeted messages to lists of employees maintained for specific business purposes (e.g., security-related messages to a list of security officers).
Spam - Spam, in general usage, refers to commercial senders of massive amounts of e-mail to all addresses they can find. It is frequently sent from addresses that are forged to bypass filters intended to block them. The content of spam often involves commercial scams, gambling, and the sale of pornography.
At this time OS/ASMB/OIRM maintains the following lists:
Geographic area of coverage
Metro DC area including area codes 202,301,703,410
Metro DC like above but without 410 (Baltimore)
Washington, DC (includes all HHS employees in DC)
HHH, Cohen, and Switzer Buildings
Office of the Secretary û all employees
OS, AoA, ACF û all employees
As specified in the "Policy on Use of Broadcast Messages, Spamming, and Targeted Audiences," broadcast messages must be:
- Requested by an official HHS office or activity
- Approved by the sending OPDIV's designated approving official. Each OPDIV can delegate this at their discretion but a single point of contact for each OPDIV needs to be listed with firstname.lastname@example.org.
Technical specifications and requirements for messages:
For distribution across OPDIVs, the message must meet all the following criteria (unless waived by IOS/ES):
- Messages must be in plain ASCII and entirely contained in a message of less than 20,000 characters. Each line must be no longer than 72 characters and terminated by a hard carriage return. No special characters are allowed (e.g., underscores, italics, etc.) This is necessary to assure that the message is readable to all systems receiving it.
- Attachments shall not be allowed. Attachments double the impact on e-mail systems. Instead of attachments, the message should contain a web url(s) that links to the attachments.
- All messages must clearly indicate the originating office and subject at the top of the message.
- All messages must use a subject line of no more than 23 characters in length. (Some systems truncate after 23 characters.)
- Graphics composed of ASCII characters are strongly discouraged since they tend to appear garbled on various systems.
- Messages must be sent from an address with a working mailbox to receive replies.
- References to web sites should be preceded with http:// or https://. (This will allow them to be automatically hyperlinked in many mail systems.)
PROCEDURES: E-mail requests from within the Department may be addressed to email@example.com