Internet & Email Usage Policy & Guidelines

Introduction

This Policy has been produced in relation to the use of e-mail and Internet systems within Iceni Partnership and emphasises the responsibilities covered by current legislation.

 

Background

Iceni Partnership’s electronic communications facilities are made available to users for the purposes of the business. All use of our electronic communications facilities are governed by the terms of this policy, and if our rules and procedures are not adhered to, then use of our facilities may be curtailed or withdrawn and disciplinary action may follow.

At  Iceni Partnership, communication plays an essential role in the conduct of our business. How you communicate with people not only reflects on you as an individual but also on us as an organisation. We value your ability to communicate with colleagues, members and business contacts, and we invest in information technology and communications systems which enable you to work more efficiently. We trust you to use them responsibly.

This policy does not permit the sending or receiving of personal emails except under exceptional circumstances or personal use of the Internet, except under circumstances specified within it. This is for several reasons including avoiding the risk of importing viruses and avoiding any overload of the system. It is also to ensure that the best use is made of work time.

This policy applies to all members of  Iceni Partnership who use our electronic communications facilities, whether full or part-time employees, contract staff or temporary staff or volunteers on  Iceni Partnership business. Although the detailed discussion is limited to use of e-mail and internet facilities, the general principles underlying all parts of this policy also apply to telephone communications.

This policy should be read in conjunction with  Iceni Partnership’s Data Protection Policy, Equal Opportunities Policy and Confidentiality Policy.

Please read this policy carefully.

 

General Principles

2.1 You must use  Iceni Partnership’s information technology and communications facilities sensibly, professionally, lawfully, appropriately for your role, with respect for your colleagues and in accordance with this policy and  Iceni Partnership’s other rules and procedures.

2.2 Information relating to our staff, our volunteers and our business operations may be confidential. You must treat our paper-based and electronic information with utmost care.

2.3 Many aspects of communication are protected by intellectual property rights which are infringed by copying. Downloading, copying, possessing and distributing material from the internet may be an infringement of copyright or of other intellectual property rights.

2.4 Particular care must be taken when using e-mail as a means of communication because all expressions of fact, intention and opinion in an e-mail may bind you and/or  Iceni Partnership and can be produced in court in the same way as other kinds of written statements.

2.5 The advantage of the internet and e-mail is that they are extremely easy and informal ways of accessing and disseminating information, but this means that it is also easy to send out ill-considered statements. You must not use these media to do or say anything which would be subject to disciplinary or legal action in any other context such as sending any sexist, racist, defamatory, copyright or other unlawful material. You should also take care to avoid sending inaccurate information wherever possible. If you are in doubt about a course of action, take advice from your manager.

2.6 Iceni Partnership will not tolerate the use of e-mail or the internet to create a hostile or offensive work environment based on race, gender, nationality, religion or belief, sexual orientation, age, disability or any other personal characteristics. This includes communications, jokes or pictures which are demeaning or offensive to any individual or group.

2.7 All Managers must ensure that employees for whom they are responsible are aware of this Policy and its adherence at all times. This does not remove the responsibility of each individual to use electronic communications appropriately.

 

Use of Electronic Mail

 

1. Generally

3.1.1 Do not amend any messages received, and except where specifically authorised by the other person or by your line manager, do not access any other person’s in-box or other e-mail folders nor send any e-mail purporting to come from another person without the specific consent of your line manager.

3.1.2 It is good practice to re-read e-mail before sending.

 

3.2 Business use

3.2.1 Expressly agree with the recipient that the use of e-mail is an acceptable form of communication bearing in mind that if the material is confidential, privileged or commercially sensitive, then un-encrypted e-mail is not secure.

3.2.2 A standard disclaimer is added to all out-going e-mail. This is designed to limit  Iceni Partnership’s potential liability with respect to information being communicated. It must not however preclude the sender of mail undertaking some fundamental checks prior to sending it out.

3.2.3 If the e-mail message or attachment contains information which is time-critical, bear in mind that an e-mail is not necessarily an instant communication and consider whether it is the most appropriate means of communication.

3.2.4 If you have sent an important document, always telephone to confirm that the e-mail has been received and read.

 

3.3 Personal use 

3.3.1 Iceni Partnership’s e-mail facilities are provided for the purposes of our business and personal use of email is not permitted unless under exceptional circumstances. It is recognised that some staff have ongoing caring responsibilities that require them to be reachable during the working day from time to time and that the best way of doing this might be via email. In these circumstances, staff may have an ongoing agreement with their line manager that they may make personal use of the email system to deal with urgent situations that may arise, or may be contacted via their work email address by other bodies or individuals concerned with the care of their dependant. It is also recognised that at times staff may be going through crucial processes such as buying a house, or legal processes that require them to be contactable by email during the working day, or to make contact with others by email. In these circumstances, staff should also make their line manager aware and get their agreement that such contact may legitimately be made. Ideally you should not send or receive personal email at your work email address, but should access your own personal email account via the Internet, but it is recognised that this may not always be possible.  Be aware, that if you choose to make use of our facilities for personal correspondence, you can expect very little privacy, because Iceni Partnership monitors communications for the reasons given in items 7.1 and 7.2. and disciplinary action may follow any discovery of personal use.

3.3.2 You may under no circumstances use Iceni Partnership’s facilities for the operation or management of any business other than that of Iceni Partnership.

 

4. Use of Internet

4.1 We trust you to use the internet sensibly. Bear in mind at all times that, when visiting an internet site, information identifying your PC may be logged. Therefore any activity you engage in via the internet may affect Iceni Partnership.

4.2 Whenever you access a web site, you should always comply with the terms and conditions governing its use.

4.3 You must not:

4.3.1 use any images, text or material which are copyright-protected, other than in accordance with the terms of the license under which you were permitted to download them;

4.3.2 introduce network-sniffing or password-detecting software;

4.3.3 seek to gain access to restricted areas of  Iceni Partnership’s network;

4.3.4 access or try to access data which you know or ought to know is confidential;

4.3.5 introduce any form of computer virus; nor

4.3.6 carry out any hacking activities.

4.4 For your information, breach of any of the provisions of item 4.6 would not only contravene the terms of this policy but would also amount to the commission of an offence under the Computer Misuse Act 1990, which creates the following offences:

4.4.1 unauthorised access to computer material i.e. hacking;

4.4.2 unauthorised modification of computer material; and

4.4.3 unauthorised access with intent to commit or facilitate the commission of further offences.

4.5 Iceni Partnership reserves the right to introduce filtering software at any time to limit access to any site or to restrict usage of the internet at any time or location. This will be done as a measure to enforce this policy.

4.6 Use of social networking sites for the business of  Iceni Partnership is confined to specific job roles and permitted only with the specific agreement of line managers.  The above rules on defamatory statements and confidential issues apply. Personal use of social networking sites is absolutely forbidden.

 

5. System Security

5.1 Security of our IT systems is of paramount importance. We owe a duty to all of our members and partners to ensure that all of our business transactions are kept confidential. If at any time we need to rely in court on any information which has been stored or processed using our IT systems it is essential that we are able to demonstrate the integrity of those systems. Every time you use the system you take responsibility for the security implications of what you are doing.

5.2  Iceni Partnership’s systems or equipment must not be used in any way which may cause damage, or overloading or which may affect its performance or that of the internal or external network.

5.3 Keep all confidential information secure, use it only for the purposes intended and do not disclose it to any unauthorised third party.

5.4 Keep your system passwords safe and change them regularly. Do not disclose them to anyone. Those who have a legitimate reason to access other users’ in boxes must be given permission from that other user or from their line manager e.g. Proxy access. IT Services will provide guidance on how to do this. If you have disclosed your password to anyone else (e.g. in response to a request from the IT staff) ensure that you change your password once the IT staff no longer need it.  

.5 If a document is highly confidential, you should password-protect the document itself. Bear in mind that other users of the network can access documents that are not protected.

5.6 Copies of confidential information should be printed out only as necessary, retrieved from the printer immediately, and stored or destroyed in an appropriate manner.

5.7 Please note that you may not, under any circumstances, load software on to your PC yourself.

6. Working Remotely

6.1 This part of the policy and the procedures in it apply to your use of our systems, to your use of our laptops, and also to your use of your own computer equipment or other computer equipment whenever you are working on  Iceni Partnership’s business away from Iceni Partnership’s premises (working remotely).

6.2 When you are working remotely you must:

6.2.1 password protect any work which relates to  Iceni Partnership’s business so that no other person can access your work; If you are using an  Iceni Partnership laptop in a place where it may possibly be accessed by other people, it is advisable to have password access to the laptop itself.

6.2.2 take reasonable precautions to safeguard the security of our laptop computers and any computer equipment on which you do  Iceni Partnership’s business e.g. when leaving equipment in parked cars, it must be locked securely out of sight in the boot;

6.2.3 always keep your passwords secret;

6.2.4 inform the Manager as soon as possible if either an  Iceni Partnership laptop in your possession or any computer equipment on which you do Iceni Partnership work has been stolen.

6.2.5 ensure that any work which you do remotely is saved on the  Iceni Partnership system or is transferred to our system as soon as reasonably practicable. PDAs or similar hand-held devices are easily stolen and not very secure so you must password-protect access to any such devices used by you on which is stored any personal data of which  Iceni Partnership is a data controller or any information relating our business, our members or their business.

 

7. Monitoring of communications by Iceni Partnership

7.1  Iceni Partnership is ultimately responsible for all business communications but subject to that will, so far as possible and appropriate, respect your privacy and autonomy while working.  Iceni Partnership may monitor your business communications for reasons which include:

7.1.1 providing evidence of business transactions;

7.1.2 ensuring that  Iceni Partnership’s business procedures, policies and contracts with staff are adhered to;

7.1.3 complying with any legal obligations;

7.1.4 monitoring standards of service, staff performance, and for staff training;

7.1.5 preventing or detecting unauthorised use of  Iceni Partnership’s communications systems or criminal activities; and

7.1.6 maintaining the effective operation of  Iceni Partnership ’s communication systems.

7.2 Iceni Partnership may monitor email and internet usage if we believe that the terms of this policy are being breached.

7.3 Sometimes it is necessary for  Iceni Partnership to access your business communications during your absence, such as when you are away because you are ill or while you are on holiday. To ensure this is possible, full Proxy access should always be granted to your Line Manager.

7.4 All incoming e-mail is scanned by  Iceni Partnership using virus-checking software. The software will also block unsolicited marketing e-mail (spam) and e-mail which has potentially inappropriate attachments.

If there is a suspected virus in an e-mail which has been sent to you, the sender will automatically be notified and you will receive notice that the e-mail is not going to be delivered to you because it may contain a virus.

8. Data Protection

8.1 As an employee who uses our communications facilities, you may be involved in processing personal data for  Iceni Partnership as part of your job. Data Protection is about the privacy of individuals, and is governed by the Data Protection Act 1998. This Act defines, among others, terms as follows:

8.1.1 “data” generally means information which is computerised or in a structured hard copy form;

8.1.2 “personal data” are data which can identify someone, such as a name, a job title, a photograph;

8.1.3 “processing” is anything you do with data – just having data amounts to processing; and

8.2 Whenever and wherever you are processing personal data for  Iceni Partnership you must keep them secret, confidential and secure, and you must take particular care not to disclose them to any other person (whether inside or outside  Iceni Partnership) unless authorised to do so. Do not use any such personal data except as authorised by  Iceni Partnership for the purposes of your job.

8.3 The 1998 Data Protection Act gives every individual the right to see all the information which any data controller holds about them.  Bear this in mind when recording personal opinions about someone, whether in an e-mail or otherwise. It is another reason why personal remarks and opinions must be made or given responsibly, and they must be relevant and appropriate as well as accurate and justifiable.

8.4 For your information, section 55 of the 1998 Data Protection Act provides that it is a criminal offence to obtain or disclose personal data without the consent of the data controller. “Obtaining” here includes the gathering of personal data by employees at work without the authorisation of the employer. You may be committing this offence if without authority of  Iceni Partnership you exceed your authority in collecting personal data, you access personal data held by or you pass them on to someone else (whether inside or outside  Iceni Partnership).

8.5 While  Iceni Partnership is data controller of all personal data processed for the purposes of our business, you will be data controller of all personal data processed in any personal e-mail which you send or receive. Use for social, recreational or domestic purposes attracts a wide exemption under the 1998 Data Protection Act, but if, in breach of this policy, you are using our communications facilities for the purpose of a business which is not  Iceni Partnership’s business, then you will take on extensive personal liability under the 1998 Data Protection Act.

8.6 To help you understand and comply with  Iceni Partnership’s obligations as data controller under the 1998 Data Protection Act you may be offered, and you may also request, training. Whenever you are unsure of what is required or you otherwise need guidance in data protection, you should consult our Data Protection Officer.

 

9. Freedom of Information

9.1 The Freedom of Information (FOI) Act impacts on everyone throughout the organisation. It is important that the use of e-mail system is considered with this in mind.

9.2 E-mail is in effect a potentially unstructured records management system. It is inevitable that the system contains much information relevant to the decision making process of  Iceni Partnership. In responding to requests under Freedom of Information, it may be necessary to find related information held within the e-mail system. It is the responsibility of all employees to ensure that their e-mail accounts are well maintained and in good chronological order. A system of folders or sub folders should be used in such a way as to facilitate the quick location and retrieval of information. In similar fashion any information no longer relevant should be deleted on a regular basis.

9.3 A record is ‘information created, received and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business.’ E-mail messages that might constitute a record are likely to contain information relating to business transactions that have or are going to take place, decisions taken in relation to the business transaction or any discussion that took place in relation to the transaction. E.g. During the decision to put out a tender document, background discussion may have taken place via e-mail.  These discussions should be captured as a record.

9.4 It is essential that the guidelines are adopted to indicate who is responsible for capturing an e-mail as a record. In general terms, whoever has responsibility for the ultimate decision e.g. the named contact officer at the end of a report is responsible for ensuring all e-mails are captured and stored in an appropriate manner e.g. printed out and retained in the related project folder or filed within the e-mail system in an appropriately named folder related to the business activity. In specific instances the following responsibilities apply:

9.4.1 For internal e-mail messages, the sender of an e-mail message, or initiator of an e-mail dialogue that forms a string of messages;

9.4.2 For messages sent externally, the sender of the e-mail message;

9.4.3 For external messages, the sender of the e-mail message;

9.4.4 For external messages received by more than one person, the person responsible for the area of work relating to the message. If this is not clear, it may be necessary to clarify who this is with the other people who have received the message.

9.5 Where an e-mail has an attachment, a decision needs to be made as to whether the e-mail message, its attachment or both constitute the record. Whatever the result, the same responsibilities as outlined in section 9.4 continue to apply.

9.6 It is the responsibility of whoever co-ordinates or supplies information as a result of a FOI request to examine the relevant e-mail records and supply the information as required.

9.7 Where an e-mail address is actively publicised externally (e.g. via our internet site), special effort must be made to ensure the relevant mailbox is checked daily if the user with responsibility is away from the office. Any messages should be actioned immediately in accordance with the requirements of the Freedom of Information Act.

9.8 In order that mailboxes are maintained, processes will be set-up to actively limit and delete messages from certain areas of the system. This may result in the loss of important and vital information if individual users of the system do not adopt correct procedures, as outlined in section 9 of this Policy.

 

10.Compliance

Failure to comply with this policy may result in disciplinary action being  taken against you under  Iceni Partnership’s disciplinary procedures, which may include summary dismissal, and in the withdrawal of permission to use the firm’s equipment for personal purposes. If there is anything in this policy that you do not understand, please discuss it with your manager.

10.2 Please note that the procedures and policies outlined in this policy, and in any related policy, may be reviewed or changed at any time. You will be alerted to important changes and updates when they occur.