This chapter sets out the obligations and expectations for employees, including contractors and temporary staff, who use the service’s information technology (IT) facilities for internet and email purposes.
IT facilities are provided to assist with day to day work. It is important that they are used responsibly, are not abused and that individuals understand their legal professional and ethical obligations.
No one is allowed to use the service’s IT facilities who has not previously been authorised to do so by the IT Department or their line manager. Unauthorised access to the service’s IT facilities is prohibited and may result in either disciplinary action or criminal prosecution.
Any information which the service holds, including emails, may need to be disclosed under relevant legislation. Therefore users need to be sure that they are not breaching data protection when they write and send emails.
This could include but is not limited to:
- passing on personal information about an individual or third party without their consent;
- keeping personal information longer than necessary;
- sending personal information to a country outside the European Economic Area (EEA).
Emails should where possible be avoided when transmitting personal data about a third party. Any email containing personal information about an individual may be liable to disclosure to that individual under the data protection legislation (see Data Protection chapter). This includes comment and opinion, as well as factual information. Therefore this should be borne in mind when writing emails, and when keeping them.
There are a number of other laws relating to IT, the most relevant of which is the Computer Misuse Act 1990 which makes it an offence to try and access any computer system for which authorisation has not been given.
2. Staff Responsibilities
All staff are expected to act in a manner that will not cause damage to IT facilities or disrupt IT services. Any accidental damage or disruption must be reported to the IT department or the line manager as soon as possible after the incident has occurred. Staff are responsible for any IT activity which is initiated under their username.
2.1 Use of the internet
Use of the Internet by employees is encouraged where such use is consistent with their work and with the goals and objectives of the service. Reasonable personal use is permissible subject to the following.
Staff must not participate in any online activities that are likely to bring the service into disrepute, create or transmit material that might be defamatory or incur liability to the service, or adversely impact on the image of the service.
Staff must not visit, view or download any material from an internet site which contains illegal or inappropriate material. This includes, but is not limited to, pornography (including crimes against children), obscene matter, race hate material, violence condoning messages, criminal skills, terrorism, cults, gambling and illegal drugs.
Staff must not knowingly introduce any form of computer virus into the service’s computer network.
Personal use of the internet must not cause an increase for significant resource demand, for example storage, capacity, speed or degrade system performance.
Staff must not hack into areas for which they do not have authorisation.
Staff must not download commercial software or any copyrighted materials belonging to third parties, unless such downloads are covered or permitted under a commercial agreement or other such licence.
Staff must not use the service’s internet facilities for personal financial gain.
Staff must not use the service internet for illegal or criminal activities, such as, but not limited to, software and music piracy, terrorism, fraud, or the sale of illegal drugs.
Staff must not use the service internet to send offensive or harassing material to other users.
Use of the internet for personal reasons (for example online banking, shopping, information surfing) must be limited, reasonable and done only during non-work time such as lunch breaks and only with the express prior permission of line managers.
Use of gambling sites, online auction sites and social networking sites such as, but not limited to, Facebook, LinkedIn, Youtube, Twitter, Bebo, Flickr, MySpace etc is not allowed.
Staff may face disciplinary action or other sanctions (see below) if they breach this policy and / or bring embarrassment to the service or bring it into disrepute.
2.2 Use of email
Emails sent or received on the email system form part of the official records of the service; they are not private property. Staff, therefore, cannot impose restrictions on disclosure of emails within the service by service. Emails may be disclosed under the Freedom of Information Act, as part of legal proceedings (for example tribunals), and as part of disciplinary proceedings.
Staff are responsible for all actions relating to their email account and service IT username and should therefore make every effort to ensure no other person has access to their account.
When using the service email system, staff must:
- ensure they do not disrupt the service wider IT systems or cause an increase for significant resource demand in storage, capacity, speed or system performance for exampleby sending large attachment to a large number of internal recipients;
- ensure they do not harm the service’s reputation, bring it into disrepute, incur liability on its part or adversely impact on its image;
- not seek to gain access to restricted areas of the network or other hacking activities is strictly forbidden;
- must not use email for the creation, retention or distribution of disruptive or offensive messages, images, materials or software that include offensive or abusive comments about ethnicity or nationality, gender, disabilities, age, sexual orientation, appearance, religious beliefs and practices, political beliefs or social background. Employees who receive emails with this content from other staff in the service should report the matter to their line manager;
- not send email messages that might reasonably be considered by recipients to be bullying, harassing, abusive, malicious, discriminatory, defamatory, and libellous or contain illegal or offensive material, or foul language;
- not upload, download, use, retain, distribute, or disseminate any images, text, materials, or software which might reasonably be considered indecent, obscene, pornographic, or illegal.
- not engage in any activity that is likely to:
- corrupt or destroy other staff’s data or disrupt the work of others;
- waste staff effort or service resources, or engage in activities that serve to deny service to other staff;
- be outside of the scope of normal work-related duties – for example, unauthorised selling / advertising of goods and services;
- affect or have the potential to affect the performance of damage or overload the service system, network, and / or external communications in any way;
- be a breach of copyright or license provision with respect to both programs and data, including intellectual property rights;
- not send chain letters or joke emails from the service account.
Staff who receive improper email from individuals inside or outside the service should discuss the matter in the first instance with their line manager.
Personal use of the service email is not permitted.
3. Good Practice
The service should have good practice guidelines for dealing with email when staff are out of the office for longer than three days. When activating the out of office facility, messages should name an alternative member of staff for correspondents to contact if necessary. This will ensure that any important messages are picked up and dealt with within required timescales.
During periods of absence when highly important emails are anticipated, the employee (or manager) should make arrangements for notification and access by another appropriate member of staff.
Where sensitive and confidential information needs to be sent via email for practical reasons, staff should be aware that email is essentially a non-confidential means of communication. Emails can easily be forwarded or archived without the original sender’s knowledge. They may be read by persons other than those they are intended for.
Staff must exercise due care when writing emails to avoid being rude or unnecessarily terse. Emails sent from the service email account may be interpreted by others as statements by the service. Staff are responsible for ensuring that their content and tone is appropriate. Emails need to be as formal and businesslike as other forms of written correspondence.
Staff should delete all personal emails and attachments when they have been read and should also delete all unsolicited junk mail. In the process of archiving emails, staff should ensure inappropriate material is not archived.
The service should provide a current and up to date automatic virus checker on all networked computers. However, caution should be used when opening any attachments or emails from unknown senders. Staff must endeavour to ensure that any file downloaded from the internet is done so from a reliable source. It is a disciplinary offence to disable the virus checker. Any concerns about external emails, including files containing attachments, should be discussed with the IT department line manager.
4. Legitimate Access to Prohibited Material
There may be circumstances where staff feel that the nature of their work means that they are required to access or use material prohibited under this policy. If so, this should be discussed with their line manager.The service is legally responsible for the content and nature of all materials stored on or accessed from its network.
5. Staff working Remotely
Staff may need to use the service’s equipment and access its network while working remotely, whether from home or while travelling. The standards set out in this document apply whether or not service equipment and resources are being used.
All resources of the service including computers, email, and voicemail are provided for legitimate use. If there are occasions where it is deemed necessary to examine data beyond that of the normal business activity of the service then, at any time and without prior notice, it maintains the right to examine any system and inspect and review all data recorded in those systems. This will be undertaken by authorised staff only.
Any information stored on a computer, whether the information is contained on a hard drive, USB pen or in any other manner may be subject to scrutiny by the service. This examination helps ensure compliance with internal policies and the law. It supports the performance of internal investigations and assists in the management of information systems.
7. Improper Use
Staff in breach of this policy may have access to the service’s IT facilities restricted or withdrawn.
Breach of this policy may also be dealt with under the service’s disciplinary procedures, which may lead to termination of employment.
Where appropriate, breaches of the law will be reported to the police.