This should be read in conjunction with the Students’ Union Data Protection Policy. The Union provides employees with access to various computer facilities for work purposes. The Union also makes extensive use of IT systems for data storage, communications and as a source of information. It is important that there are expectations and a policy around the use of IT in order to: ?
- Prevent inappropriate use of computer equipment, including extended personal use or accessing or circulating pornographic, racist, sexist or defamatory material; ?
- Protect confidential, personal or commercially sensitive data; ?
- Prevent the introduction of viruses; ?
- Prevent the use of unlicensed software; ?
- Ensure that property is looked after properly; ?
- Monitor the use of computer facilities to ensure compliance with the policies and rules of the Union and the University and to detect abuse.
This applies to the use of the following ‘Facilities’: ?
- Local, inter-office, national, international, private and public networks (including the internet and any intranet) and all services and systems accessed through those networks; ?
- Desktop, portable and mobile computers, tablets and applications; ?
- Mobile phones; ?
- Electronic mail and messaging services.
Introduction
Electronic information and communication is a powerful business asset, both in terms of accessing information and in communicating with customers and partners. It can, however, also expose the Union to potential liabilities. These could arise in a number of areas, for example: Defamation: Users tend to view Email and other electronic communication (such as instant messaging) in the same light as a telephone call. They also tend to be more indiscreet than if they were sending a letter or memo. This increases the risk of liability for defamatory statements in employee emails. There is also possible direct liability for the Union as publisher of the message. You should not commit anything to email that you would otherwise not wish to put in writing. Pornography: There is no legitimate business interest in employees accessing or transmitting pornography on the Internet. Contravention of this policy may result in disciplinary action being taken against you and, in serious cases, dismissal and/or criminal prosecution. Viruses: All software downloaded from the Internet must be subjected to rigorous anti-virus checks. You should not, therefore, download any software without the prior consent of IT.
Contravention of this policy may result in disciplinary action being taken against you and, in serious cases, dismissal.
Copyright infringement
The main risk of copyright infringement applies to downloading files from the Internet. Copyright infringement can also occur with Email attachments. If in doubt you should seek advice from your manager.
The scope and purpose of the policy
This policy deals mainly with the use (and misuse) of computer equipment, email, instant or text messaging, the internet, telephones, personal digital assistants (PDA) and voicemail, but it applies equally to the use of fax machines, copiers, scanners, CCTV, and electronic key fobs and cards.
All employees are expected to comply with this policy at all times to protect our electronic communications systems and equipment from unauthorised access and harm. Breach of this policy may be dealt with under our Disciplinary Procedure and, in serious cases, may be treated as gross misconduct leading to summary dismissal.
IS will deal with requests for permission or assistance under any provisions of this policy, subject to the primary tasks of maintaining our core systems, and may specify certain standards of equipment or procedures to ensure security and compatibility.
All managers have a specific responsibility to operate within the boundaries of this policy, ensure that all employees understand the standards of behaviour expected of them and to take action when behaviour falls below its requirements.
Equipment security and passwords
You are responsible for the security of the equipment allocated to or used by you. You must not allow it to be used by anyone other than in accordance with this policy.
If given access to the email system or to the internet, you are responsible for the security of your terminal(s). If leaving a terminal unattended or on leaving the office you should ensure that you lock your terminal or log off to prevent unauthorised users accessing the system in your absence. Employees without authorisation should only be allowed to use terminals under supervision. Desktop PCs and cabling for telephones or computer equipment should not be moved or tampered with without first consulting IT.
Passwords are unique to each user and must be changed regularly to ensure confidentiality. Passwords must be kept confidential and must not be made available to anyone else unless authorised by IT. For the avoidance of doubt, on the termination of your employment (for any reason) you must provide details of your passwords to IT and return any equipment, key fobs or cards.
If you have been issued with a laptop, you must ensure that it is kept secure at all times, especially when travelling. Passwords must be used to secure access to data kept on such equipment to ensure that confidential data is protected in the event of loss or theft. You should also be aware that when using equipment away from the workplace, documents may be read by third parties, for example, passengers on public transport.
Systems and data security
You should not delete, destroy or modify existing systems, programs, information or data which could have the effect of harming our business or exposing it to risk.
You should not download or install software from external sources without authorisation from IT. This includes software programs, instant messaging programs, screensavers, photos, video clips and music files. Incoming files and data should always be virus-checked by IT before they are downloaded. If in doubt, you should seek advice from IT.
No device or equipment should be attached to our systems without the prior approval of IT. This includes any USB flash drive, MP3 or similar device, PDA or telephone. It also includes use of the USB port, infra-red connection port or any other port. The University monitor all emails passing through our system for viruses. You should exercise caution when opening emails from unknown external sources or where, for any reason, an email appears suspicious (for example, if its name ends in .ex). IT should be informed immediately if a suspected virus is received. We reserve the right to block access to attachments to emails for the purpose of effective use of the system and for compliance with this policy. We also reserve the right not to transmit any email message.
You should not attempt to gain access to restricted areas of the network, or to any passwordprotected information, unless specifically authorised.
If you use laptops or Wi-Fi-enabled equipment, then you must be particularly vigilant about its use outside the office and take any precautions required by IT from time to time against importing viruses or compromising the security of the system. The system contains information which is confidential to our business and/or which is subject to data protection legislation. Such information must be treated with extreme care and in accordance with our Data Protection Policy.
Email etiquette and content
Email is a vital business tool, and should be used with great care and discipline. You should always consider whether email is the appropriate means for a particular communication, and correspondence sent by email should be written as professionally as a letter or fax. Messages should be concise and directed only to relevant individuals.
You should ensure that you access your emails at least once every working day, stay in touch by remote access when travelling and use an out of office response when away from the office for more than a day. You should endeavour to respond to emails marked "high priority" within 24 hours.
You should not send abusive, obscene, discriminatory, racist, harassing, derogatory or defamatory emails. If you feel that you have been harassed or bullied, or are offended by material received from a colleague via email you should inform your line manager – refer to the Union’s AntiHarassment and Bullying Policy.
You should take care with the content of email messages, as incorrect or improper statements can give rise to claims for discrimination, harassment, defamation, breach of confidentiality or breach of contract. You should assume that email messages may be read by others, and not include anything which would offend or embarrass any reader, or yourself, if it found its way into the public domain.
Email messages may be disclosed in legal proceedings in the same way as paper documents. Deletion from a user's inbox or archives does not mean that an email cannot be recovered for the purposes of disclosure. All email messages should be treated as potentially retrievable, either from the main server or using specialist software.
In general, you should not:
- send or forward private emails at work which you would not want a third party to read; ?
- send or forward chain mail, junk mail, cartoons, jokes or gossip; ?
- contribute to system congestion by sending trivial messages or unnecessarily copying or forwarding emails to those who do not have a real need to receive them; ?
- sell or advertise using our communication systems or broadcast messages about lost property, sponsorship or charitable appeals;
- Agree to terms, enter into contractual commitments or make representations by email unless appropriate authority has been obtained. A name typed at the end of an email is a signature in the same way as a name written at the end of a letter;
- download or email text, music and other content on the internet subject to copyright protection, unless it is clear that the owner of such works allows this; ?
- send messages from another worker's computer or under an assumed name unless specifically authorised; or ?
- send confidential messages via email or the internet, or by other means of external communication which are known not to be secure. ?
- If you receive a wrongly-delivered email you should return it to the sender. If the email contains confidential information or inappropriate material (as described above) it should not be disclosed or used in any way.
Use of the internet
When a website is visited, devices such as cookies, tags or web beacons may be employed to enable the site owner to identify and monitor visitors. If the website is of a kind described in the 'Inappropriate use of equipment and systems’ section below, such a marker could be a source of embarrassment to the visitor and us, especially if inappropriate material has been accessed, downloaded, stored or forwarded from the website. Such actions may also, in certain circumstances, amount to a criminal offence if, for example, the material is pornographic in nature.
You should therefore not access any web page or any files (whether documents, images or other) downloaded from the internet which could, in any way, be regarded as illegal, offensive, in bad taste or immoral. While content may be legal in the UK, it may be in sufficiently bad taste to fall within this prohibition. As a general rule, if any person (whether intended to view the page or not) might be offended by the contents of a page, or if the fact that our software has accessed the page or file might be a source of embarrassment if made public, then viewing it will be a breach of this policy.
Personal use of systems
We permit the incidental use of internet, email and telephone systems to send personal email, browse the internet and make personal telephone calls subject to certain conditions set out below. Personal use is a privilege and not a right. It must be neither abused nor overused and we reserve the right to withdraw our permission at any time.
The following conditions must be met for personal usage to continue: ?
- use must be minimal and take place substantially out of normal working hours (that is, during lunch break and before or after your normal working day); ?
- personal emails must be labelled "personal" in the subject header; ?
- use must not interfere with business or office commitments; ?
- use must not commit us to any marginal costs; and
- use must comply with our policies including the Equal Opportunities Policy, Antiharassment and Bullying policy, Social Media Policy, Data Protection policy and Disciplinary procedure (see the sections of this policy relating to Email etiquette and content and use of the internet).
You should be aware that personal use of our systems may be monitored and, where breaches of this policy are found, action may be taken under the disciplinary procedure. We reserve the right to restrict or prevent access to certain telephone numbers or internet sites if we consider personal use to be excessive.
Monitoring of use of systems
The University systems enable them to monitor telephone, email, voicemail, internet and other communications. For business reasons, and in order to carry out legal obligations in our role as an employer, use of our systems including the telephone and computer systems, and any personal use of them, is continually monitored. Monitoring is only carried out to the extent permitted or as required by law and as necessary and justifiable for business purposes.
CCTV systems monitor the exterior and interior of the Union building 24 hours a day. This data is recorded.
We reserve the right to retrieve the contents of messages or check searches which have been made on the internet for the following purposes (this list is not exhaustive): ?
- to monitor whether the use of the email system or the internet is legitimate and in accordance with this policy; ?
- to find lost messages or to retrieve messages lost due to computer failure; ?
- to assist in the investigation of wrongful acts; or ?
- to comply with any legal obligation.
Inappropriate use of equipment and systems
Access is granted to the internet, telephones and other electronic systems for legitimate business purposes only. Incidental personal use is permissible provided it is in full compliance with our rules, policies and procedures (including this policy, the Equal Opportunities Policy, Social Media Policy, Harassment and Bullying Policy, Data Protection Policy and Disciplinary Procedure). Misuse or excessive use or abuse of our telephone or email system, or inappropriate use of the internet in breach of this policy will be dealt with under our Disciplinary Procedure. Misuse of the internet can, in certain circumstances, constitute a criminal offence. In particular, misuse of the email system or inappropriate use of the internet by participating in online gambling or chain letters or by creating, viewing, accessing, transmitting or downloading any of the following material will amount to gross misconduct (this list is not exhaustive): ?
- pornographic material (that is, writing, pictures, films and video clips of a sexually explicit or arousing nature); ?
- offensive, obscene, or criminal material or material which is liable to cause embarrassment to us or to our clients; ?
- a false and defamatory statement about any person or organisation; ?
- material which is discriminatory, offensive, derogatory or may cause embarrassment to others;
- confidential information about us or any of our employees or clients (which you do not have authority to access); ?
- any other statement which is likely to create any liability (whether criminal or civil, and whether for you or us); or
- material in breach of copyright.
Any such action will be treated very seriously and is likely to result in summary dismissal. Where evidence of misuse is found we may undertake a more detailed investigation in accordance with our Disciplinary Procedure, involving the examination and disclosure of monitoring records to those nominated to undertake the investigation and any witnesses or managers involved in the Disciplinary Procedure. If necessary, such information may be handed to the police in connection with a criminal investigation.