Electronic Communications Policy

(Use of Information Assets and Electronic Systems)
 

Rationale

In order to safeguard The Hartford, customer, employee personal, and confidential information, all Hartford information assets and electronic systems (“The Hartford’s Systems”) should be utilized for business purposes only. Employees have no right to privacy while using The Hartford’s Systems, and personal use of The Hartford’s Systems should be kept to a minimum.

The objective of this policy is to:
 
  • Ensure that all use of The Hartford's Systems supports The Hartford's business activity and is in compliance with other Hartford policies, The Code of Ethics and Business Conduct, and laws and regulations
  • Safeguard The Hartford's confidential information, as well as The Hartford's customers' and employees' sensitive personal information. 
  • Limit the possibility of damage to and unauthorized access and use of The Hartford's Systems
  • Minimize risk of potential impact to the organization such as cyber risk (e.g., phishing or malware), privacy breach, regulatory fines, and penalties, and/or reputational harm 

Definitions

The Hartford’s Systems include, but are not limited to, the following when owned or provided by The Hartford:
 
  • Computers and computer peripheral devices (i.e., equipment that can be connected to a computer or computer system to enhance user access and expand the computer's functions such as printers, scanners, digital cameras, mobile devices, USB/thumb drives, etc.)
  • Electronic transmissions which include electronic mail, instant or text messaging, whether accessed utilizing a Hartford device (e.g., computer or tablet), or a personally-owned device utilizing company-supported technology to access The Hartford’s network 
  • Telephone conversations or transmissions (phones and voicemail) 
  • Access to The Hartford's Systems from a non-Hartford network or trusted third-party (e.g., VPN or Access Gateway)
  • Mobile computing devices (e.g., Hartford supported mobile devices, tablets etc.)
  • Internet/intranet access or usage  
  • Faxes, e-faxes, wire, radio or electromagnetic, photoelectronic or photo-optical communications

Applying the Policy

Employees have no right to privacy when using The Hartford's Systems except where provided by applicable law. Employees should assume that the content of any communication, including email, instant and text messages sent or received, and any other information stored, processed, or accessed on The Hartford’s Systems, is subject to review by The Hartford in accordance with applicable laws and regulations. Employees are subject to electronic monitoring at any and all times and by any lawful means.
 
Employees agree that The Hartford’s Systems are a company resource maintained for business use. The Hartford’s Systems contain information proprietary and confidential to The Hartford, its suppliers or customers, and that information is subject to and protected under applicable law; to comply with The Hartford’s policies, procedures, standards, and guidelines with respect to the use of The Hartford’s Systems, access to social media must be pre-approved in accordance with the Social Media Policy.
 
Employees are prohibited from using The Hartford's Systems to:
 
  • Send, display, or store any material in any electronic format, including but not limited to through e-mail, that violates any law, The Hartford’s policies or the Code of Ethics and Business Conduct
  • Send, display or store any message (e-mail, instant or text) or material in any format that is offensive, obscene, derogatory or disparaging or that is based on an individual's sex, race, color, religion, age, national origin, marital status, ancestry, sexual orientation, veteran status, disability, pregnancy or citizenship status. View Harassment-Free Workplace Policy.
  • Threaten, defame, or intimidate. View Violence-Free Workplace Policy and Retaliation-Free Workplace Policy
  • Save employee’s personal data to The Hartford’s Systems unless that data pertains to their employment with The Hartford (i.e., resumes, payroll information, performance reviews etc.)
  • Save company information on or download company information to a non-Hartford owned host computer's hard drive
  • Spend excessive time using the internet or sending emails for personal or non-business reasons
  • Access personal email accounts, unapproved social media accounts and other non-business-related messaging platforms
  • Auto-forward or forward company information to unauthorized email accounts outside of The Hartford, including an employee's home email address. Employees who have a need to transport sensitive or confidential information via a removable media must do so in accordance with the Removable Media section of THIP Standard 5.7.03 Security of Electronic Media.
  • Forward potential phishing emails which could include malicious attachments without confirming legitimacy
  • Provide access to The Hartford's confidential or proprietary information to unauthorized persons including family members or other non-Hartford employees
  • Perform tasks that are deemed by management to be contrary to the legitimate business use of The Hartford’s Systems including conducting non-Hartford commercial business
  • Pursue personal financial benefit, support non-Hartford commercial purposes, or solicit funds for any purpose not authorized by The Hartford. View Solicitations and Distributions Policy
  • Access third-party proprietary information or restricted websites
  • Use non-approved web-based services or websites to conduct or support Hartford business (i.e., PDF converters, print services, project management tools, etc.)
  • Utilize Generative Artificial Intelligence ("GAI") tools for business use or on business owned devices without proper business approval. No Hartford business information should ever be entered into a GAI tool without proper business approval. Output for a GAI tool cannot be used in business unless it has been cleared by the applicable legal and compliance review process. Refer to the Generative AI Policy.
  • Disseminate, transmit or store any copyrighted material in violation of copyright laws. This includes, but is not limited to: articles, software, music, and movies (including personally purchased music and movies)
  • Make unauthorized use of The Hartford's trademarks
  • Create unauthorized links to third-party sites
  • Gamble online or participate in on-line auctions (e.g., e-Bay)
  • Send, access, or store e-greeting cards and non-Hartford audio or video files
  • Display or download screensavers or wallpaper other than those types that come standard with company-purchased software
  • Use unauthorized encryption solutions, peripheral devices, or software (including personal software)
  • Intentionally download any unauthorized software or security devices (e.g., password crackers, vulnerability scanners and unlicensed software) from the internet without the approval of myTechExpress
  • Engage in intentional activity to bypass The Hartford's security systems. These activities include tunneling and using unauthorized remote access solutions. "Tunneling" is the circumvention or attempted circumvention of any of The Hartford's firewalls or other security controls which limit the ability to access certain websites or features on certain websites
Note that more restrictive requirements may apply in accordance with individual business requirements.
 
Adherence
All employees are responsible for adherence to this Policy.  Failure to comply with this policy is a serious offense and may result in legal and/or disciplinary action, up to and including termination.  In situations where non-employees violate this policy, The Hartford reserves the right to take steps as warranted by the facts and circumstances of the violation, including legal action.
 

Eligibility/Scope

This policy establishes the minimum requirements that all Hartford Employees, consultants, vendors, or any persons doing business with The Hartford must meet when using The Hartford's Systems.
 
 
Revised: 10/11/24