RIPA (Regulations and Investigatory Powers Act)



Similar documents
U 16 Internet Monitoring Policy & Investigation Protocol

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

PS 172 Protective Monitoring Policy

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & POLICY AND CODE

How To Deal With Social Media At Larks Hill J & I School

SEN15-P69b 24 June University Ordinances

Newcastle University disciplinary procedure

INTERNET, USE AND

The South Yorkshire County Trading Administration Safety Project

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

E-Safety Policy. The following section outlines the e-safety roles and responsibilities of individuals and group within the school.

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review

Internet Use Policy and Code of Conduct

Saint Martin s Catholic Academy

This procedure applies where formal disciplinary action is commenced on or after 11 December 2013

Wotton-under-Edge Town Council

South Ayrshire Council. Report by Head of HR and Organisational Development to Leadership Panel of 19 April 2011

Information & ICT Security Policy Framework

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

LOCAL DISCIPLINARY PROCEDURE

Personal use of computers

Disciplinary policy INTRODUCTION

West Lothian College. and Computer Network Responsible Use Policy. September 2011

Disciplinary and Dismissals Policy

RESEARCH COUNCIL DISCIPLINARY POLICY

DISCIPLINARY POLICY AND PROCEDURE

Caedmon College Whitby

3. MISCONDUCT and GROSS MISCONDUCT The following list provides examples of misconduct which will normally give rise to formal disciplinary action:

PROCEDURE Police Staff Discipline. Number: C 0901 Date Published: 9 May 2013

circumstances where this may interfere with the discharge of your employment duties or the good reputation of Audit Scotland.

Version: 2.0. Effective From: 28/11/2014

BARNTON PARISH COUNCIL (BPC)

SCHOOLS FRAUD RESPONSE PLAN

Oratory R.C. Primary and Nursery School. Shine as to be a light to others E-SAFETY POLICY

Staff Investigation Protocol

WEST MIDLANDS POLICE Force Policy Document

Internet Acceptable Use Policy A council-wide information management policy. Version 1.5 June 2014

ICT Acceptable use Policy. Coláiste Mhuirlinne/ Merlin College Doughiska, Galway City.

Acceptable Use of Information. and Communication Systems Policy

NEWMAN UNIVERSITY DISCIPLINARY POLICY AND PROCEDURE

Electronic Communications Monitoring Policy

POLICY ON USE OF INTERNET AND

Information Technology and Communications Policy

Information Governance Framework. June 2015

INFORMATION SECURITY POLICY

Human Resources Author: Lou Hassen Version: 1 Review Date: Dec 2012 Page 1 of 7. Trinity Academy Disciplinary Policy

Students KS2-3 Acceptable Use Policy

TECHNOLOGY USAGE POLICY

E-Safety Policy & Procedures

How To Behave At A School

POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL

1. INTRODUCTION SCOPE ROLES AND RESPONSIBILITIES REPRESENTATION INVESTIGATIONS SUSPENSION...

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

WELB YOUTH SERVICE INTERNET AND ACCEPTABLE COMPUTER USAGE POLICY

Roles and Responsibilities The following section outlines the e-safety roles and responsibilities of individuals and groups within Heath Farm School:

Disciplinary Policy and Procedure

Dene Community School of Technology Staff Acceptable Use Policy

E-Safety Policy. Please read this policy in conjunction with the policies listed below:

Policy for Management of CCTV on Waste Operation Vehicles

DISCIPLINARY PROCEDURE

E Safety Policy. 6 th March Annually. 26 th February 2014

DISCIPLINARY PROCEDURE TEACHING STAFF

Industrial Accidents - A Review of the Procurement Act, 2005

Roskear Primary & Nursery School. E-Safety Policy

CROWTHORNE PARISH COUNCIL DISCIPLINARY PROCEDURE. Adopted by Council - 5 November Table of Contents

Using Public Computer Services in Somerset Libraries

Rules for the use of the IT facilities. Effective August 2015 Present

How To Use The School Network Safely

2.2 If employees or Board Members wish to use mobile telephones or data devices provided by the Group for personal use they may opt to either:

How to Monitor Employee Web Browsing and Legally

Acceptable Use of Information and Communication Systems Policy

MUSIC, VIDEO AND SOFTWARE PIRACY POLICY

This policy applies equally to all full time and part time employees on a permanent or fixed-term contract.

Video surveillance policy (PUBLIC)

DRUGS AND ALCOHOL POLICY

Compliance Toolkit. Protecting Charities from Harm. Chapter 2: Due Diligence, Monitoring and Verification of End Use of Charitable Funds SUMMARY

Ulster University Standard Cover Sheet

ELECTRONIC MAIL ( ) September Version 3.1

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer

Employee Internet Usage February 15, 2007

HR Services. Employee Handbook. Staff Disciplinary Procedures. 1. Introduction

Policy on Public and School Bus Closed Circuit Television Systems (CCTV)

THE UK S ANTI-MONEY LAUNDERING LEGISLATION AND THE DATA PROTECTION ACT 1998 GUIDANCE NOTES FOR THE FINANCIAL SECTOR. April 2002

SCOTTISH CHILDREN S REPORTER ADMINISTRATION

DEPARTMENT FOR BUSINESS INNOVATION AND SKILLS (BIS) ENGLAND ILLEGAL MONEY LENDING PROJECT

Forbes Shire Council Internet Access Policy

Corporate Information Security Management Policy

Housing Benefit & Council Tax Benefit. Fraud Prosecution Policy

Local Disciplinary Policy

Conditions of Use. Communications and IT Facilities

The Bishop s Stortford High School Internet Use and Data Security Policy

APPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5

33500 POLICY USE OF SOCIAL MEDIA

OFFICE OF THE POLICE & CRIME COMMISSIONER IT, Communications, Internet and Social Media Policy

NATIONAL JOINT COUNCIL FOR STAFF IN SIXTH FORM COLLEGES

Disciplinary and Dismissal Procedure

Data Breach Management Policy and Procedures for Education and Training Boards

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES

Transcription:

Dartmoor National Park Authority INTERNET MONITORING POLICY & INVESTIGATION PROTOCOL Approved: February 2010 Review Date: September 2010 1. Introduction Private use of the computer facilities is covered by other policies, (Computer Security Policy and Internet Code of Practice). This policy is provided to assist management with its approach to determining what constitutes misuse and provides guidance with investigation procedures and protocols to ensure a consistent approach is taken in dealing with potential misuse. Internet Monitoring Policy & Investigation Protocol There are a number of pieces of legislation which determine what can and cannot be undertaken when monitoring Internet and email activity. These include: Data Protection Act 1998 Freedom of Information Act 2000 Human Rights Act RIPA (Regulations and Investigatory Powers Act) Law Business Practices Regulations. Computer Misuse Act 1990 Monitoring logs will be retained for a period of 93 days and will be used for the purpose of sample testing user activity on the Internet. 2. Procedures Monitoring of Internet activity will be undertaken by the Head of ICT. It is also the responsibility of managers who suspect their staff of inappropriate use to request the ICT Team to undertake an analysis of the member of staff s activities. Where misuse of the internet is suspected, it should be confirmed and then classified as one of the five levels detailed in this document. Management should then take the following action according to the level of misuse. Steps will be taken in the monitoring process to determine whether activity is as a result of the employee s action of typing a URL address, searching or as a result of automatic updates to web pages where the page is left open in the background.

Evidence should be maintained of all issues raised with employees and management at what ever level to provide support in the case of challenge by any employee. As part of the monitoring process any potential misuse should be ratified by reference to the employees working hours and the time recording entries where possible. Where an employee has previously been warned about their use of the Internet additional monitoring will be undertaken on that employees activity. A monthly review of 3 days activity will be evaluated. 3. Definition of Misuse Level 5 1. Viewing or searching for inappropriate images of children and/or paedophile activity, including visiting sites, posting, downloading and saving images. 2. Intentionally visiting web sites containing illegal content, which results in the employee breaking the law 3. Knowingly posting viruses to web pages. 4. Hacking or attempting to hack web sites. 5. Attempting to defraud by use of the Internet or computer system. In all cases above (apart from item 1 which should be reported to the police without delay) police involvement should only be with the agreement of a Director and after consultation with the Head of Legal & Democratic Services / Assistant Solicitor. Level 4 1. Viewing or searching for inappropriate web sites, including visiting sites, downloading and saving images, whether in the employee's own time or business time [for the purposes of this clause "inappropriate" shall include but not be limited to pornography, racism, hate crime etc] 2. Consistently spending more than 3% of their working time each week on nonbusiness related Internet use (for full time employees this equates to 60 minutes). [for the purposes of this clause consistently shall mean for two or more consecutive weeks] 3. Contributing to a web site or social networking site comments which are potentially harmful to the organisation.

Level 3 Level 2 Level 1 Consistently spending more than a total of 10 minutes a day of working time on non-business related internet use. [for the purposes of this clause consistently shall mean on five or more working days in any 10 day period] Spending more than a total of 5 minutes in a day during working time on nonbusiness related internet use Spending up to a total of 5 minutes in a day during working time on non-business related internet use. NB for the purposes of this clause, spending a total period of 2 minutes or less on a day shall be disregarded For all of the above, the matter may be considered more serious and dealt with at a higher Level if there is repeated activity and action has previously been instigated and recorded on the employee s personnel file. 4. Procedures for dealing with suspected misuse Level 1 Misuse (least serious) The Head of ICT should ask the employee to confirm in writing that their use of specified web sites is for legitimate business reasons. If there is any doubt about the explanation provided, the Head of ICT will inform the employee s line manager. Level 2 Misuse The Head of ICT will inform the employee s line manager of the suspicions of misuse. They will also be provided with date and times and details of site names visited.

Level 3 Misuse The Head of ICT will inform the employee s line manager and appropriate Director of the suspicions of misuse. They will also be provided with date and times and details of site names visited. If the misuse has taken place after a previous warning under this policy, consideration should be given as to whether disciplinary action is necessary and this will need to be undertaken in accordance with HR policies. Where Internet access is not required as part of the employee's day to day job, the line manager, in consultation with the Head of ICT and Head of HR, should also consider whether Internet access should be withdrawn for a defined period of time. NB: in any of the above, the Head of ICT must be informed of the outcome of any investigation for future internet monitoring purposes. Level 4 Misuse The Head of ICT will inform the employee s line manager of the suspicions of misuse. They will also be provided with date and times and details of site names visited. The relevant Director must also be informed. Consideration should be given to the suspension of the member of staff from Internet access during which time an extended analysis of Internet usage may be undertaken using the three months of data available within the monitoring logs. If necessary computer forensic analysis can be obtained from Devon Audit Partnership to support the evidence identified in Internet log files. This facility ensures that the investigation does not change any data on the hard drive of the user s computer. The line manager or other senior officer designated by the relevant Director shall, in consultation with the Head of ICT, investigate the circumstances of the suspected misuse and establish whether it appears there has been misuse within the meaning of this policy. If misuse is admitted or established, consideration should be given as to whether formal disciplinary action is necessary and this will need to be undertaken in accordance with HR policies. Level 5 Misuse (most severe) If it appears that misuse has occurred which may amount to a criminal offence, a Director shall be informed as a matter of urgency. The Director, in consultation with the Head of Legal & Democratic Services / Assistant Solicitor and the Head of ICT shall make arrangements for the police to be informed without delay. If it is believed that the misuse is so serious that it may amount to gross misconduct, the Director in consultation with the Head of HR shall make arrangements for the suspension of the employee, pending a disciplinary investigation.

If a police investigation does not take place, the relevant Director shall appoint a senior office to investigate, in consultation with the Head of ICT, the circumstances of the suspected misuse and establish whether there appears to have been misuse within the meaning of this policy. If misuse is admitted or established, formal disciplinary action shall be undertaken in accordance with HR policies. NB: if any investigation reveals inappropriate images of children and/or possible paedophile activity the investigation must be halted immediately and the matter reported to the Police. If further investigation is undertaken after the discovery of inappropriate images of this nature the person investigating runs the risk of prosecution.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information