Internet, , Computer, and Telecommunications Policy

Transcription

1 Internet, , Computer, and Telecommunications Policy 1. Purpose This policy sets out appropriate use of Monitor internet, , general computer, and telecommunication services and equipment. This is to ensure that Monitor s IT, and internet systems operate effectively, without unnecessary disruption due to system breakdowns, and that Monitor is not exposed to any potential liability through unauthorised use of the systems. The requirements of this policy are essential for the success of the business, and any breach will lead to disciplinary action being taken; such breach may result in summary dismissal or withdrawal of access to Monitor s network and equipment. This policy is for guidance and information only. It does not form part of your contract of employment. 2. Scope This policy applies to all full time and part time employees on a permanent or fixed term contract, and to associated persons working for Monitor such as secondees, agency staff, contractors and others employed under a contract of service, and all other individuals using or accessing Monitor services and equipment, whether on or off-site. 3. Inappropriate Use Misuse general The following actions are expressly prohibited and may result in disciplinary action: Downloading (or opening) the following: unauthorised programs or software; files that may contain viruses; works of others without their permission, or copyrighted material such as music or films; s and attachments where the content of the attachment looks suspicious. Connecting personal equipment to Monitor networks, PCs and laptops, including: 1

2 personal equipment such as MP3 or media players (including ipods), digital cameras, non-monitor USB sticks, multi-function mobile phones and personal digital assistants. Non-work related activity, including: receiving, storing or circulating material that is inappropriate in the context of Monitor s business functions (including music files); entering into lengthy personal conversations during working hours or sending excessive numbers of personal s; creating congestion by sending trivial messages or unnecessarily copying/forwarding of s e.g. humorous stories etc. Any chain mail letter must be deleted immediately and not sent on to any person either within Monitor or outside; signing up to non-work related discussion groups with your Monitor address; operating a private business or soliciting for work. Unauthorised access including: obtaining or attempting to obtain unauthorised access to any program or data held in Monitor s or another organisation's IT facilities, or on any other computer. You should report any suspected misuse, either by you or by a colleague, whether accidental or deliberate, to the appropriate line manager. More serious misconduct which may result in termination of your employment and/or legal proceedings includes: accessing or downloading pornography or other offensive material; distributing or relaying offensive or abusive material via ; libelling or defaming colleagues, external business contacts, or third parties via ; or using the internet to commit fraud or other illegal acts. Intercepting communications Monitor has not and does not sanction for any purpose Monitor staff intercepting telecommunications made or received by Monitor staff. Interception includes the modification or interference with, or the monitoring of transmissions made by, the telecommunications system (for example, by way of telephone tapping and the recording of calls made). Accordingly, any such practice is expressly forbidden. Breach of this prohibition may invoke formal procedures described in the Discipline Policy. Data Protection personal data In the event that foundation trusts or other third parties submit personal data to Monitor (for example. on patients or trust employees) or data which you consider may amount to personal data, you should immediately seek advice from the 2

3 Legal Directorate. Pending legal advice, you must not process that data in any way. Personal data means data which relate to a living individual who can be identified from those data (or from those data and other information in Monitor s possession or which is likely to come into Monitor s possession) and includes any expression of opinion about the individual and any indication of the intentions of Monitor or any other person in respect of the individual. Virus Protection and other threats Monitor takes reasonable precautions to protect its IT systems from viruses and unsolicited s. However, new viruses and other threats emerge all the time. It is for this reason that you must not install any software or use external media (such as CD-ROMs, DVDs, USB devices etc) without the prior authorisation of the Corporate Affairs team. The Corporate Affairs team will ensure that the contents of any software/devices are checked for viruses before they are installed/used on a computer connected to Monitor s network. You should report any suspected security incident, including virus warnings, receipt of inappropriate external , password disclosure or compromise, to the appropriate line manager as soon as possible. Personal use Monitor allows limited private, non-work related, use of the internet and systems, but this must be neither abused nor carried out to the detriment of Monitor s day-to-day business. It is expected that this will be during a break or after working hours for a short period. Further detail is set out in the subsequent sections. etiquette All s sent from your Monitor address may be construed as s from Monitor. You should consider carefully all s before sending, and use formal and businesslike language where possible and appropriate. All s sent externally must contain a disclaimer and an auto-signature, which can be accessed from the Corporate Services team. Internet Limited personal use of the internet is permitted. This is a privilege and not a right, and is dependent upon employees not abusing the privilege. Monitor reserves the right in its absolute discretion to withdraw permission for personal use of the internet at any time. Personal use should take place substantially out of normal working hours. Personal use of Monitor s computer systems is not private and may be subject to monitoring. Storage of personal data (My Documents) As part of maintaining its IT security, Monitor periodically reviews storage of data and space available in its IT system. Monitoring reports have shown that staff tend to retain large quantities of data on their personal drive (My Documents). 3

4 Storing data in My Documents takes up space on the file server and is backed up daily which increases the time and cost to Monitor. It can also affect the speed and reliability of the system. You are therefore asked to retain only minimal information in My Documents by: transferring any relevant Monitor work onto the R drive; deleting any data which is unnecessary; deleting any large quantities of inappropriate and unauthorised data e.g. photographs, music files; emptying your recycle bin monthly. You are discouraged from collecting individual data for use in connection with Monitor's business in cases where Monitor has databases covering similar subject matter. It is recognised, however, that personnel will keep information for their personal use, such as address books and personal organisers. It will be your responsibility to ensure that such processing is lawful; you should consult Monitor s in-house Legal Directorate or other person delegated by Monitor if you are in any doubt. In general, the keeping of a small quantity of data for obvious purposes, such as contact telephone details, is unlikely to give rise to any issues. Subject to this, the Legal Directorate should be consulted before any database or system for processing personal data is created, commissioned, purchased or materially modified on behalf of Monitor. 4. Monitoring Use of the internet and will be monitored to ensure that the security of the networks, systems equipment and integrity are not compromised. Monitor reserves the right to survey, record and retrieve all information from its electronic communication systems including (but not limited to) telephone use, s and internet usage, recording the time of use, the locations visited and the content retrieved. s sent and received by employees can be recovered by Monitor even after deletion. Monitor recognises, however, that employees have a legitimate right to expect that their personal life remains private and as such, are entitled to a degree of privacy in their work environment. Monitor shall, therefore, take all reasonable steps to ensure that the Data Protection Principles contained in the Data Protection Act 1998 are followed when such monitoring is carried out. Monitoring will be carried out to safeguard employees, in addition to protecting the interests of Monitor and any third parties. All information gathered as a result of monitoring will be held securely, with only certain authorised personnel being allowed access to such information (which may include Senior Management). Where information has been gathered as a result of monitoring, this will usually only be used for the purpose for which the monitoring was carried out. However, there may be circumstances where monitoring for one purpose (e.g. monitoring inboxes when employees are on sickness absence), leads to the discovery of an 4

5 activity that Monitor could not reasonably be expected to ignore, for example, discovery of a serious breach of heath and safety that puts others at risk. Clearly, in such circumstances, Monitor reserves the right to take such action as is necessary to protect its interests, and those of third parties. Reasons for Monitoring Monitor wants to provide a working environment free from bullying, harassment and discrimination. In order to detect such unacceptable behaviour, as well as to protect Monitor against liability for the wrongdoings of its employees, it may be necessary for Monitor to monitor the use by employees of its electronic communication systems to establish whether there is reason to believe that such behaviour has taken place. Monitor may also need to carry out monitoring for business purposes in order to ensure that employees do not breach other Monitor policies. For instance, Monitor has strict rules about breaches of confidentiality, which are set out in the employee's statement of terms and conditions of employment. Monitoring may be required to investigate allegations of misuse or abuse of the electronic communication systems made in the context of disciplinary or poor performance procedures. For example, monitoring might be necessary as a useful tool to counter time wasting and detect excessive personal use, which can cause an unnecessary burden on employees who have to cover for colleagues who spend unreasonable time ing friends or browsing the Internet. Monitor may need to check an employee's inbox when they are absent from work to determine whether there are any s or voice mails that require attention during such absence. Monitor may need to monitor communications for staff training and quality control purposes. IT services will make resource monitoring reports available to Human Resources to ensure that resources are used in compliance with this policy. 5. Passwords and Access Access to Monitor s network or equipment must be made by user-ids which are clearly linked to an individual user. User-ids and passwords must be kept confidential, and never displayed, shared, or saved for automatic connection. Line managers will determine which individuals are to be given authority to view or maintain specific information. Levels of access to specific systems and data should be on a job function and need to know basis, independent of status. 6. Disciplinary action Access to internet and may be withdrawn at any time as a result of, or pending the outcome of, investigations into suspected misuse. Where misuse may amount to misconduct or gross misconduct Monitor s Discipline Policy will apply. Depending on the seriousness of the offence, the breach may result in your summary dismissal, which means without notice or payment in lieu of notice. 5

6 You may be personally liable to prosecution, and open to claims for damages, if your actions are found to be unlawful. If you are unsure about your use of and the internet, you should seek clarification from the Corporate Services team. This policy has been in operation since August 2004 and was updated in August 2005, August 2006 and December DECLARATION I have read and understood the INTERNET, , COMPUTER AND TELECOMMUNICATIONS POLICY and I am aware of the activities which are inappropriate and may lead to disciplinary action. Further, I am aware that Monitor may consider and review my and internet activity as stated above. Signature Date. Print Name. PLEASE RETURN TO HUMAN RESOURCES 6