SAS TRUSTEE CORPORATION ( STC )

Transcription

1 SAS TRUSTEE CORPORATION ( STC ) POLICY ON USE OF EMPLOYER COMMUNICATION DEVICES AND WORKPLACE SURVEILLANCE under the Workplace Surveillance Act 2005 File: B915 May 2011 Version 3

2 INDEX Policy Statement... 3 Policy for Use of Communication Devices... 4 Monitoring of use of Facilities... 6 Policy on Surveillance conducted by STC... 7 S:\common\LEGAL\WILLCOX\\Workplace Surveillance policy_ May 11 FINAL.doc 2

3

4 Policy for Use of Communication Devices Communication Devices and Acceptable Uses The following are the commonly used communication devices available to STC staff for the conduct of business (STC does not provide other devices such as Blackberries): Telephones (landlines and mobile phones in some cases) Facsimiles Internet Electronic Mail ( ) STC senior managers and staff are permitted remote access to STC s network, including to STC s computer server. When accessing STC information from a remote location, this information must remain confidential at all times. STC s message bank service can be accessed from any telephone line. Economic Use of Resources Staff are encouraged to use, where appropriate and available, freecall services, tie lines (eg to Pillar) and . These generally provide more economical and efficient means of communication. As all calls involving a mobile telephone are time charged, staff should keep short any communication made to or from a mobile telephone. Calls involving mobile telephones should be avoided where standard desk telephones are readily available. Record Keeping Business communications sent electronically (eg. ) become official records, subject to statutory record keeping requirements. Such messages must be maintained in accordance with STC s Records Management Policy. Care is to be taken to not unnecessarily delete communications, or if they are to be deleted, that the context of the message has been correctly captured. STC has nightly backup of all electronic mail communications and documents that are on the 'S' and H drives. Documents not stored on the 'S' or H drives (eg, C drive) are not backed up. Security Staff should be alert to the possibility that any messages conveyed through communication devices can be intercepted, traced or recorded. Although such practices are normally illegal, there can be no expectation of privacy. S:\common\LEGAL\WILLCOX\\Workplace Surveillance policy_ May 11 FINAL.doc 4

5 Password or personal identity number protection should be used on all official mobile devices (eg. Mobile telephones, laptop computers) that are vulnerable to theft. Staff who work from a remote location should also ensure that they protect access to STC s information. and internet access messages are subject to the same laws as any other form of correspondence and must be of a professional nature. They are a business communication and are classed as a business transaction. Sending an from the office network account is similar to sending a letter on STC s letterhead. transactions should be handled with the normal courtesy, discretion and formality of all other agency communications. Files should not be downloaded unless they are work-related and care needs to be taken to prevent unauthorised use of copyright material. The use of the internet is available to all STC employees. Reasonable private use of the internet is a privilege and such use needs to be considered in terms of STC s desire to provide a balance between having a flexible work place and the operational needs of STC. Use must always be lawful, efficient, proper and ethical. In the case of an emergency where s or material exchanged via documentation may reasonably need to be reviewed or accessed, the CEO and / or General Counsel may obtain access to staff accounts and obtain copies of any relevant s. An Acceptable Usage Policy is displayed when staff login to their computers. Unlawful Use of Communications Equipment The following uses of STC s communication devices, including text messages on official mobile phones, are prohibited and such usage may result in disciplinary action: to seek out, access or send any material of an offensive, obscene, pornographic, threatening, abusive or defamatory nature; to make or send fraudulent, unlawful, or abusive information, calls or messages; and any intentional action that could damage the reputation of STC, be misleading or deceptive, result in victimisation or harassment, lead to criminal penalty or civil liability. Staff who receive threatening, intimidating or harassing telephone calls or electronic messages should immediately report the incident to their manager. Any staff member who initiates fraudulent, unlawful or abusive calls or messages may be subject to disciplinary action and possible criminal prosecution. S:\common\LEGAL\WILLCOX\\Workplace Surveillance policy_ May 11 FINAL.doc 5

6 The use of a hand held mobile telephone while driving is an offence under the Motor Traffic Act and STC will not be responsible for the payment of any fines incurred while travelling on official business. Personal Use STC acknowledges that family and community responsibilities impact on work. It therefore accepts that its communication devices may need to be used for personal reasons. Such use should be reasonable, infrequent and brief, and should not involve activities that might be questionable, controversial or offensive, such as gambling, accessing chat lines, transmitting inappropriate jokes, and sending junk programs or mail. Personal use does not extend to the sending of non-business related written material to any political organisation. Personal use of STC s communication devices is not considered private, and staff using such devices do not have the same personal privacy rights as they would have when using private or public (eg. coin or card operated telephone) communication devices. Employees reasonably suspected of abusing personal use of STC s communication devices may be asked to explain such use (which may be monitored as part of STC's responsibility to implement appropriate control mechanisms). Monitoring of use of Facilities Microsoft documents Microsoft software contains an audit trail of users in most documents and an employee's use of a document can be seen by any user. Security Access Keys Staff are provided with a security access key to enable access to STC work premises. The use of security keys can be monitored by STC and will be monitored if the CEO considers there may be or has been a security risk or improper use of the key. Information available includes dates and times of access and the particular door accessed. Similar monitoring is available with access to the building and the lifts. Telephone Calls STC is able to monitor employees' use of office telephones. The information that can be monitored includes: calls made from an extension number, including the number called; calls received by an extension number, including the number of the caller, except where excluded by the caller; and length of phone call. S:\common\LEGAL\WILLCOX\\Workplace Surveillance policy_ May 11 FINAL.doc 6

7 This information is collected for billing purposes but will be reviewed if the CEO considers there may be an abuse of phone facilities. Use of Fax Machines Staff are encouraged to rely on the transmission confirmation received from STC s fax machine when sending an outgoing fax. A transmission report is printed each time a fax is sent which confirms whether the transmission was successful. STC s fax machine also produces a transmission summary report which contains information on all numbers to which faxes were sent from STC and the number of pages in each fax and the date and time of sending. Although the transmission summary report serves as a safety measure when confirming that faxes were transmitted successfully, it will be reviewed if the CEO considers there may be improper use being made of the fax machine. Policy on Surveillance conducted by STC The Workplace Surveillance Act 2005 outlines the overt and covert surveillance activities which can be lawfully undertaken by an employer. This policy is to make employees aware of and understand the computer surveillance undertaken by STC. Any change to this policy will be notified in writing to employees at least 14 days in advance. Such notice may be by . Covert surveillance (ie surveillance undertaken without 14 days notice) is an offence unless authority is obtained from a Magistrate. and internet access Employees should be aware that STC does monitor internet usage and activity in a general sense to ensure compliance with its usage policy. While individual employees' s and use of the internet are not monitored they can be if the CEO considers there may be improper use. This right is in addition to any access the CEO and/or General Counsel may need to your s in an emergency. STC has installed anti virus, anti spam and anti porn software to enable the efficient use of electronic communications. The anti virus service entails all inbound and outbound , including attachments, being directed through a scanning service where they are digitally examined before being delivered. Where inbound or attachments are found to contain a virus, an automatic alert is dispatched to the sender and the intended recipient. With outbound , the sender is alerted. The infected is sent to a secure server for destruction after 30 days. S:\common\LEGAL\WILLCOX\\Workplace Surveillance policy_ May 11 FINAL.doc 7

8 The anti spam service protects against unsolicited or unwanted . The source of inbound s is checked against known sources of spam. Suspected spam s are deleted. The anti porn service is designed to protect from unsolicited and unwanted pornographic content sent via . Inbound and outbound is checked using image technology which uses artificial intelligence analysis to detect suspect poses, facial expressions, clothing and overall image content. This monitoring is continuous and will be ongoing. A prevented delivery notice will not be issued to the sender of an if delivery was prevented by the anti virus, anti spam or anti porn software. Staff who attempt to access inappropriate websites will receive a pop-up message advising that the website contains inappropriate material and is not able to be accessed. Video Surveillance STC does not engage in video surveillance on its tenancy, however building management monitors access to 83 Clarence Street for security reasons through the use of cameras outside and within the premises. The following areas are monitored, through the use of video cameras, by building management for security purposes: the streets providing access to the premises; the building lobby on the ground floor; and the car parks in the building situated at lower levels 1 and 2. Subject to building management policy, video records will be monitored if the CEO considers there is a security risk. Any future intention of STC to engage in video surveillance of staff will be notified accordingly. However, it should be noted that surveillance of toilets, change rooms, showers and bathroom facilities is strictly prohibited. Staff should be aware that when working away from the office, for example when conducting a seminar at an alternate venue or visiting the administrator, that location may have surveillance in place in accordance with that particular workplace surveillance policy. Tracking Surveillance (Company Vehicle) Certain STC staff are able to utilise the company leased vehicle to enable them to undertake any necessary travel to perform their duties. Generally, the vehicle will be used by the field staff to conduct member retirement seminars. S:\common\LEGAL\WILLCOX\\Workplace Surveillance policy_ May 11 FINAL.doc 8

9 Monitoring of the Company vehicle through the use of Global Positioning System (GPS) software is not undertaken by STC, nor is it contemplated. Should STC wish to exercise this option in future, a notification advising of this surveillance will be clearly displayed in the vehicle subject to surveillance and employees notified accordingly. Use of Notified Surveillance Use, including disclosure, of surveillance of an employee while at work is limited to: any legitimate purpose related to the employment of staff or STC s legitimate business activities or functions; or certain disclosures to law enforcement officials; or purposes related to the taking of civil or criminal proceedings; or averting imminent threats of serious violence or substantial damage to property. S:\common\LEGAL\WILLCOX\\Workplace Surveillance policy_ May 11 FINAL.doc 9