1 AGENDA ITEM NO 14 RECOMMENDATION FROM STANDARDS COMMITTEE MEETING OF 12 MAY " POLICY" Committee: Policy and Resources Date: 23 rd June 2009 Author: Executive Director (AK) [J50] 1.0 ISSUE 1.1 To consider a recommendation from the Standards Committee that the Council's ' Policy' should be reviewed and ensure that this includes clear retention rules for Members and Officers (both s received and sent). 1.2 The recommendation was made by the Standards Committee after consideration of the report from the Standards Board Ethical Standards Officer Report - SBE M. 2.0 RECOMMENDATION 2.1 It is recommended that the Executive Director (AK) is instructed to review the Council's existing policy and that the revised policy is submitted to this Committee for adoption having gone through the Council's agreed consultation processes. 3.0 BACKGROUND 3.1 The Council's ' and the Internet, Good Practice and Acceptable Usage Guide' (Appendix 1) was last revised in September The Council has recently established document retention guidelines for any documents scanned into the Council's Document Management System (DMS). Similar retention guidelines need to be established for s (sent and received). 4.0 OPTIONS 4.1 The Committee may accept, reject, or amend the recommendation. 5.0 ARGUMENTS/CONCLUSIONS 5.1 The Council has embarked on establishing retention timescales for documents scanned into the Council's corporate scanning system. Agenda Item 14 - page 1 commlive/p&r/ Rec Standards Cttee Mtg Policy
2 5.2 It has always been envisaged that this should be extended to include the establishment of retention periods for s and appropriate storage solutions. 5.3 This fits into the Council's overall aim of having a Corporate Document Retention Policy covering both electronic and paper (hard copy) documents. 5.4 The Council's existing policy document " and the Internet, Good Practice and Acceptable Usage Guide" was due to be reviewed in September With the agreement of this Committee, the review can be brought forward to respond to the recommendation of the Standards Committee. 5.6 The proposed revisions to the policy will need to go through the Council's agreed consultation processes (ie. the Joint Consultative Committee). 6.0 FINANCIAL IMPLICATIONS 6.1 Any financial implications (potentially the need to increase the Council's electronic storage capacity) will be ascertained as part of the review. 7.0 APPENDICES 7.1 Appendix 1 - ' and the Internet, Good Practice and Acceptable Usage Guide - September 2007' Background Documents Standards Committee Minute No. 51 of meeting 22 nd April reconvened 12 th May 2009 Location Room 119 The Grange, Ely Contact Officer Andrew Killington Executive Director (01353) Agenda Item 14 - page 2 commlive/p&r/ Rec Standards Cttee Mtg Policy
3 APPENDIX 1 EAST CAMBRIDGESHIRE DISTRICT COUNCIL AND THE INTERNET POLICY, GOOD PRACTICE AND ACCEPTABLE USAGE GUIDE SEPTEMBER 2007
4 AND THE INTERNET POLICY, GOOD PRACTICE AND ACCEPTABLE USAGE GUIDE SEPTEMBER 2007 (REVISED) CONTENTS PAGE INTRODUCTION 2 OVERALL APPROACH 2 WHY HAVE A POLICY? 2 ADVANTAGES OF ELECTRONIC COMMUNICATIONS 3 CHALLENGES OF ELECTRONIC COMMUNICATIONS 3 RESPONSIBILITIES OF USERS 3-8 Inappropriate Use Use of Disclaimer Care Data Protection Freedom of Information Act 2000 Security System/Desktop Management Usage and Style Confidentiality Receipt of Unsolicited/Unwanted Dealing with in your absence The Internet Downloading Software and Files From the Internet RESPONSIBILITIES OF THE COUNCIL 9 Relationship with the Council's Disciplinary Policy and Procedure 9 1
5 INTRODUCTION The Council has developed extensive internal and external facilities and Internet access through the Council s Internet Service Producer (Cambridgeshire County Council, the Cambridgeshire Community Network). This is a key part of the Council s ICT/e-Government strategy to ensure that Council Members and staff have the tools at their disposal to work as effectively as possible. Access to information technology has been acknowledged by Members and Management Team as a key priority to enable Members and staff to carry out their duties more effectively. Members and staff should also expect relevant training and technical back-up. With these rights and expectations come responsibilities for you as users of and the Internet. The purpose of this policy and guide is to set out the main responsibilities of users when accessing and utilising these and other associated technologies. This document has been drawn up in consultation with UNISON through the Joint Consultative Committee. The policy is applicable to all members of staff and those Members who use Council provided ICT facilities. OVERALL APPROACH The Council expects and the Internet to be used primarily for business purpose; nevertheless, the Council recognises in promoting a co-operative working environment, limited personal use is expected and acknowledged. This flexible policy again puts the onus on the user to act in a responsible fashion in a similar way to the use of the telephone for personal use. sent or received on the Council's system are not private property. They form part of the administrative records of the Council and are subject to the requirements of the Freedom of Information Act and the Data Protection Act. WHY HAVE A POLICY? A clearly formulated policy can help ensure that decisions made within the organization, which affect staff: are well thought out, understood by all users, are consistent and fairly applied; take full account of their effect on all areas of activity; satisfy legal requirements; contribute to good employment relations between the Council, Unison and staff. Setting out rights, responsibilities and limitations on the use of ICT facilities should help the Council prevent any unauthorized or careless use, which could result in the Council or staff creating a legal risk. 2
6 ADVANTAGES OF ELECTRONIC COMMUNICATIONS The advantages and benefits of electronic communications include: speed of communication, with the ability to contact a specified group of people at the same time if required. This should generally improve internal and external communications, although it does not follow that a reply will be received as quickly; creating greater opportunities for flexible working, allowing easy contact with remote workers; the opportunities the internet offers for learning and research, commercial transactions and the provision of a 'shop-window' for the Council via the website. CHALLENGES OF ELECTRONIC COMMUNICATIONS In introducing electronic communications the Council has needed to consider: is not necessarily an informal and transient form of communication; deleting a message does not mean it is unrecoverable; intensive use of and unnecessarily wide 'broadcasting' can lead to information overload; the ease and speed of can lead to inadequate thought going into a message, and the possibility of the words or tone being misinterpreted by the recipient; sites visited via the internet are traceable; there are a number of laws, which cover electronic communications, therefore the issue of potential legal liabilities requires consideration. RESPONSIBILITIES OF USERS This policy and guide explains the rules concerning the use of and the Internet and must be signed by all users, either when they join the Council or retrospectively for existing users. Your actions as users of and the Internet can have implications individually as an employee in the course of employment and for the Council as an employer. Failure to comply with the code could lead to action under the Council's Disciplinary Policy and Procedure. is not an informal communication tool as it has the same authority as any other communication to and from the Council. should be regarded as published information. 3
7 The purpose of this policy and guide is to protect as well as empower the user and the Council. Users should take into account the following issues in their use of and the Internet: Inappropriate Use When composing s ensure that proper due care is taken. Do not make statements on your own behalf or on behalf of the Council, which do or may deface, libel or damage the reputation of any person. You should not engage in any activity that is illegal, distasteful or likely to have negative repercussions for the Council. You must not upload, download, use, retain, distribute or disseminate any images, text, software or other electronic material which: - could be considered to be indecent, obscene, pornographic or illegal - could be offensive, defamatory or abusive in that its context is or could be considered to be a personal attack, harassment, rude or personally critical, sexist, racist or generally distasteful. - Involve activities outside of the scope of your responsibilities - for example, unauthorized selling/advertising of goods and services - could affect or have the potential to affect the performance of, damage or overload the Council's system, network and/or external communications in any way - could be defamatory or incur liability on the part of the Council or adversely impact on the image of the Council - could be a breach of copyright or licence provision with respect to both programs and data. The following activities are expressly forbidden: - The introduction of any form of computer virus - Seeking to gain access to restricted areas of the network or other hacking activities - Forgery or attempts to read other users or access their system without their express permission All expressions of fact, intention and opinion via can be held against you and/or the Council in the same way as verbal and written expressions. s both in hard copy and electronic form are admissible in a court of law. Disclaimer All s sent to outside bodies will contain a disclaimer, as below, which is sent automatically and is the responsibility of the Principal ICT Officer (Technical): Private and Confidential Notice The information contained in this is intended for the named recipients only. If you are not the intended recipient, you must not copy, distribute or take any action or reliance on it. If you have received this in error, please notify the sender immediately by using the address or by telephoning the Council s ICT Service Desk on
8 Care Please note that this has been created in the knowledge that Internet is not a 100% secure communications medium. We advise that you understand and observe this lack of security when ing us. Although we have taken steps to ensure that this and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus-free. Take care as to whom you pass your address. If sent to an inappropriate party, there is danger that you and the entire system will become subjected to junk mail. Data Protection Personal data is subject to the Data Protection Act (DPA) Under the terms of the Act, this includes any information about a living identifiable individual, including their name, address, phone number, address and any other information about them. If you include such information in an or in an attachment to an , you will be processing personal data and must abide by the law. You must not collect such information without the individual knowing you propose to do so. You may not disclose or amend such information except in accordance with the purpose for which the information was collected. You must ensure that the information is accurate and up to date. The individual has the right to inspect what is held about him or her on the system or held in separate archives of s. The individual can demand correction of inaccurate information, can request blocking or erasure of damaging information and can sue for damages caused by inaccurate information. Personal data should only be kept for as long as it is needed for the purpose for which it was collected. If you store s, you must ensure that such stores are not maintained for longer than necessary for the purpose for which they were collected. They should be held in such a way that they can be easily identified, reviewed and, when necessary, destroyed. You should not: Use s for any purpose not permitted under this Council s notification under the Data Protection Act Use a false identity in s; Utilise mail servers or other systems to enable the widespread circulation of unsolicited and unwanted ; Use s to communicate confidential or sensitive matters relating to individuals; Obtain, handle or disclose personal information without making sure you are complying with the law or the Council s notification to the Data Protection Commissioner; Permit third parties to read personal information in s or attachments by leaving your screen in view; Make or send on advertisements, chain letters or unsolicited s; 5
9 Read other people s s without their express permission; Give your password to any third party; Invade an individual s privacy by using ; You should: Be careful in respect of putting personal information in the body of the text of an , particularly if it is of a sensitive or confidential nature; Obey a request to print out items relevant to an individual if that individual demands a copy of his/her file. This will only be requested when required under the Act or where there is good reason to believe that violations of the law or the Council s policies have taken place or for other compelling or critical reasons; Agree to turn over to the Council all records in your possession when you leave its employment Note that recipients of your s, those who send them to you and the content of all s sent or received may be scrutinised Report any third party messages received about viruses to the Principal ICT Officer (Technical) through the ICT Service Desk. Freedom of Information Act 2000 Information contained in s is covered by the requirements of the Freedom of Information Act. relating to particular issues or functions should be retained/archived in accordance with the timescales stipulated in the Council's Document Retention and Disposal Policy. Security Security is of paramount importance. The Data Protection Act requires that adequate security is maintained to protect personal information held on s and related archives and software. Do not allow anyone else to use your identity and password. Never leave your logged on and then walk away so that others can read what is on the screen, can send a message from your PC purporting to be you or amend or delete s you hold. You may be personally responsible for inappropriate activity using your account. System/Desktop Management In order to maximise the performance of the system and the network as a whole, users should actively manage their records, archiving messages to be retained into an appropriate folder on the file server and deleting messages on a regular basis. Users must ensure that their /data is secured particularly when absent from their workstation; all users must password protect their screensaver. Usage and Style As a general rule, should be used for informal communications and letters may well be a more appropriate method of communication, for example, on HR matters. Try to keep as clear, simple and brief as possible. 6
10 Confidentiality Please note that may not be a totally confidential medium and that any particularly sensitive material may be better sent in another way. Also, has the same legal status as other forms of written communication. Receipt of Unsolicited/Unwanted If you are in receipt of unsolicited/unwanted please raise a call through the ICT Service Desk ( ). The Council will then attempt to block future receipt of such s. Dealing with in your absence In the event of your absence from work (particularly if you are on sickness leave) the ICT team will have authority to set up an out-of-office message to alert senders of . Requests should be made by the relevant line manager through the ICT Service Desk. In the event of the Council requiring access to your mailbox, this will only be agreed for a specific purpose with the request made by the relevant Executive Director to the Executive Director, Human Resources and Information Technology. The Internet Use of the Internet is permitted and encouraged where such use is suitable for Council business and supports the corporate objectives of the Council. Personal use of the Internet is accepted but must not impinge on your workload or distract others around you. The Internet is to be used in a manner that is consistent with the Council's standards of business conduct and as part of the normal execution of an employee's job responsibilities. Internet usage is monitored and Executive Directors can request, via the Executive Director HR and ICT, to see logs for any given period. The use of the Internet/Intranet may be subject to monitoring for security and/or network management reasons. The distribution of any information through the Internet, computer based services and messaging systems is subject to the scrutiny of the Council. The Council reserves the right to determine the suitability of this information. The use of computing resources is subject to UK law and any illegal use will be dealt with appropriately. Users should not: Visit Internet sites that contain obscene, hateful or other objectionable materials. If you do find yourself confronted by such a site and you typed in a legitimate address please inform the ICT Service Desk so that this can be investigated and protect others from the same. 7
11 Make or post indecent remarks, proposals, or materials on the Internet. Maintain or upload any personal web sites that they may have access to the Council's network. Reveal or publicise confidential or proprietary information. Upload, download, or otherwise transmit commercial software or any copyrighted materials belonging to parties outside of the Council. If in doubt contact the Head of Legal Services. Intentionally interfere with the normal operation of the network, including the propagation of computer viruses and sustained high volume network traffic that substantially hinders others in their use of the network. Examine, change, or use another person's files, output or user name for which they do not have explicit authorization. Waste time on non-council business. Downloading Software and Files from the Internet Software should not be downloaded from the Internet or from because of possible security and virus threats. If new software is required to do your job you should raise a project call through the Council's ICT Service Desk. 8
12 RESPONSIBILITIES OF THE COUNCIL Within the overall flexible approach to be taken by the Council in relation to and the Internet, Members and staff will note that the Council cannot be responsible for user actions in some cases. In addition, the Council also needs to protect the interests of all Members and staff, particularly in relation to its equal opportunities policy. The HR Department will ensure that this policy is explained and understood through the staff induction process. The Council has taken the following steps to protect you and others within the organisation: Installation of content filtering software (Websense) to restrict inappropriate and offensive web sites to users, particularly those of a pornographic and discriminatory nature; Installation of anti-virus software on each personal computer; Monitoring of and Internet access by the Network Administrator (through bespoke software) will take place on a regular basis to inform future review of the code of conduct. In addition, the Council reserves the right to inspect the contents of s that you send or receive. Under the Data Protection Act, you have the right to inspect such files or logs the Council holds about you. In the first instance you should contact the Principal ICT Officer (Technical) if you wish to inspect any log files the Council holds on you. The Principal ICT Officer (Technical) will then seek authorization from the Executive Director, Human Resources and Information Technology. The Council may also manually monitor and internet use where there is a reasonable belief that this policy and procedure is being abused potentially leading to a detrimental impact on the Council. Any monitoring will be proportionate to the business needs of the Council, and may only be authorised by the Executive Director, HR&IT. RELATIONSHIP WITH THE COUNCIL'S DISCIPLINARY POLICY AND PROCEDURE Users, who send inappropriate or offensive s, whether business or personal, could result in the disciplinary process being invoked. (Members may be subject to their own appropriate procedures). Attempts to access offensive and inappropriate information from the Internet whether denied or allowed by, Websense may again result in similar disciplinary processes being invoked. Users in receipt of offensive s or attachments from internal or external users are required to inform their line manager and the Council s Principal IT Officer (e- Government and ICT Support) immediately. NOTE: If you require any further guidance or clarification on this code, please contact Andrew Killington, Executive Director, Human Resources and Information Technology 9
Advice leaflet Internet and e-mail policies Introduction Electronic communications have revolutionised business communications, although the huge increase in use has taken some organisations by surprise.
Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable
Information and ICT Security Policy Care Excellence Partnership Updated May 2011 Due for review July 2012 Senior Information Risk Owner (SIRO) P. Tilson I:drive/Policies/Information and ICT Security Status
Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect
The Archbishop s Seminary Information Security Policy 1 Contents PURPOSE... 4 SCOPE... 4 POLICY STATEMENTS... 5 INFORMATION SECURITY POLICY... 5 THE SCHOOL S RIGHT TO ACCESS ITS PROPERTY... 5 THE SCHOOL
Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.
Data Security Policy Member of Staff Responsible ICT Team Author: Sunil Pindoria Dated 03/02/2015 Date of next review 03/02/2016 Page 1 CONTENTS INTRODUCTION... 3 MONITORING... 4 BREACHES... 5 DATA SECURITY...
WORTHING COLLEGE STUDENT IT SECURITY POLICY October 2014 Policy name Student Information Technology Security Policy Author: Lesley May/Michael Perry Approved by SLT October 2014 Approved by Corporation
Information Technology Policies and Procedures Wakulla County School District March 2014 Table of contents TABLE OF CONTENTS... 1 1.0 OVERVIEW... 2 2.0 PURPOSE... 2 3.0 SCOPE... 2 4.0 ACCEPTABLE USE POLICY...
Data protection Subject access code of practice Dealing with requests from individuals for personal information Contents 3 Contents 1. About this code of practice 4 Purpose of the code 4 Who should use
Jefferson County School District Information Technology Policies and Procedures 575 S. Water Street Monticello, FL 32344 (850) 342-0100 www.jeffersonschooldistrict.org June 2014 Table of Contents 1.0 Overview...
Electronic Records Handbook Table of contents Key points to consider 3 Introduction 5 Selecting an appropriate system 7 Regulation of electronic records (erecords) 10 Patient consent and rights to access
ST. MARGARET CLITHEROW ROMAN CATHOLIC PRIMARY SCHOOL www.clitherow.herts.sch.uk email@example.com E-SAFETY POLICY Ownership: Curriculum Committee Document Date: October 2012 Review Date: October
Internet & Cell Phone Usage Policy The Internet usage Policy applies to all Internet & Cell phone users (individuals working for the company, including permanent full-time and part-time employees, contract
Redland Christian Migrant Association (RCMA) Internet Security and Safety Policy I. Overview RCMA supports instruction through the use of educational and administrative computers. The responsible use of
Policy Document Information and Communication Technology and E-Safety Acceptable Use Policy Mission Statement The school is committed to the use of ICT across the curriculum and to providing all students
ICT Student Usage Policy Document status Document owner Vice Principal Finance and Resources Document author IT Manager Document type Policy Date of document January 2015 Version number 04 Review requirements
Delgado Community College Information Technology Security Policy Approved: *November 5, 2010 ) Delgado Community College IT Security Policy Page 2 *November 5, 2010 Table of Contents Title Page 1.0 Introduction
HIPAA Security Risk Analysis Toolkit In January of 2013, the Department of Health and Human Services Office for Civil Rights (OCR) released a final rule implementing a wide range of HIPAA privacy and security
Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral
Berwick Academy Policy on E Safety Overview The purpose of this document is to describe the rules and guidance associated with E Safety and the procedures to be followed in the event of an E Safety incident
Information Systems Acceptable Use Policy (covers ILT/ICT/IS*) You are expected to read, understand & sign this policy as a condition of your use of Wiltshire College systems. This policy is in place to
Document & Records Management Policy Document and Records Management Policy 1 Document & Records Management Policy NHS England INFORMATION READER BOX Directorate Transformation & Corporate Operations Publications
E Safety Policy This e safety policy was approved by the Governing Body on: The implementation of this e safety policy will be monitored by: Monitoring will take place at regular intervals: Reporting to
Bringing Your Acceptable Use Policy Up to 2013 Standards Bringing Your Acceptable Use Policy Up to 2013 Standards Organizations of all sizes rely on their employees to be good stewards of company time,
Guide to information security April 2013 Reasonable steps to protect personal information The (OAIC) was established on 1 November 2010 by the Australian Information Commissioner Act 2010. All OAIC publications