Dartmoor National Park Authority U 16 Internet Monitoring Policy & Investigation Protocol February 2010 This document is copyright to Dartmoor National Park Authority and should not be used or adapted for any purpose without the agreement of the Authority. Target Audience: Everyone
Contents Document Control 2 Document Amendment History 2 1. Introduction 3 2. Procedures 3 3. Definition of Misuse 3 4. Procedures for dealing with suspected misuse 5 Document Control Organisation Dartmoor National Park Authority Title Internet Monitoring Policy & Investigation Protocol Creator Ali Bright Source Approvals Distribution Filename 4-U16-DNPA Internet Monitoring Policy and Investigation Protocol.docx Owner Head of ICT Subject Information Security Protective Marking None Review date September 2010 Document Amendment History Revision Originator of Date of No. change change 1 Ali Bright Feb 2010 Created Change Description Only current as an electronic version on Parknet Page 2 of 6
1. Introduction Private use of the computer facilities is covered by other policies, (Computer Security Policy and Internet Code of Practice). This policy is provided to assist management with its approach to determining what constitutes misuse and provides guidance with investigation procedures and protocols to ensure a consistent approach is taken in dealing with potential misuse. There are a number of pieces of legislation which determine what can and cannot be undertaken when monitoring Internet and email activity. These include: Data Protection Act 1998 Freedom of Information Act 2000 Human Rights Act RIPA (Regulations and Investigatory Powers Act) Law Business Practices Regulations. Computer Misuse Act 1990 Monitoring logs will be retained for a period of 93 days and will be used for the purpose of sample testing user activity on the Internet. 2. Procedures Monitoring of Internet activity will be undertaken by the Head of ICT. It is also the responsibility of managers who suspect their staff of inappropriate use to request the ICT Team to undertake an analysis of the member of staff s activities. Where misuse of the internet is suspected, it should be confirmed and then classified as one of the five levels detailed in this document. Management should then take the following action according to the level of misuse. Steps will be taken in the monitoring process to determine whether activity is as a result of the employee s action of typing a URL address, searching or as a result of automatic updates to web pages where the page is left open in the background. Evidence should be maintained of all issues raised with employees and management at what ever level to provide support in the case of challenge by any employee. As part of the monitoring process any potential misuse should be ratified by reference to the employees working hours and the time recording entries where possible. Where an employee has previously been warned about their use of the Internet additional monitoring will be undertaken on that employees activity. A monthly review of 3 days activity will be evaluated. 3. Definition of Misuse Only current as an electronic version on Parknet Page 3 of 6
Level 5 1. Viewing or searching for inappropriate images of children and/or paedophile activity, including visiting sites, posting, downloading and saving images. 2. Intentionally visiting web sites containing illegal content, which results in the employee breaking the law 3. Knowingly posting viruses to web pages. 4. Hacking or attempting to hack web sites. 5. Attempting to defraud by use of the Internet or computer system. In all cases above (apart from item 1 which should be reported to the police without delay) police involvement should only be with the agreement of a Director and after consultation with the Head of Legal & Democratic Services / Assistant Solicitor. Level 4 1. Viewing or searching for inappropriate web sites, including visiting sites, downloading and saving images, whether in the employee's own time or business time [for the purposes of this clause "inappropriate" shall include but not be limited to pornography, racism, hate crime etc] 2. Consistently spending more than 3% of their working time each week on nonbusiness related Internet use (for full time employees this equates to 60 minutes). [for the purposes of this clause consistently shall mean for two or more consecutive weeks] 3. Contributing to a web site or social networking site comments which are potentially harmful to the organisation. Level 3 Consistently spending more than a total of 10 minutes a day of working time on nonbusiness related internet use. [for the purposes of this clause consistently shall mean on five or more working days in any 10 day period] Level 2 Spending more than a total of 5 minutes in a day during working time on nonbusiness related internet use Level 1 Spending up to a total of 5 minutes in a day during working time on non-business related internet use. NB for the purposes of this clause, spending a total period of 2 minutes or less on a day shall be disregarded Only current as an electronic version on Parknet Page 4 of 6
For all of the above, the matter may be considered more serious and dealt with at a higher Level if there is repeated activity and action has previously been instigated and recorded on the employee s personnel file. 4. Procedures for dealing with suspected misuse Level 1 Misuse (least serious) The Head of ICT should ask the employee to confirm in writing that their use of specified web sites is for legitimate business reasons. If there is any doubt about the explanation provided, the Head of ICT will inform the employee s line manager. The employee's line manager should check whether the use meets their expectations and if misuse is suspected the matter should be discussed with the employee. If misuse is admitted or established, the employee should be warned in writing as to their future use of the Internet and a copy placed on their personnel file. Level 2 Misuse The Head of ICT will inform the employee s line manager of the suspicions of misuse. They will also be provided with date and times and details of site names visited. The employee's line manager should check whether the use meets their expectations and if misuse is suspected the matter should be discussed with the employee. If misuse is admitted or established, the employee should be warned in writing as to their future use of the Internet and a copy placed on their personnel file. Level 3 Misuse The Head of ICT will inform the employee s line manager and appropriate Director of the suspicions of misuse. They will also be provided with date and times and details of site names visited. The employee's line manager should check whether the use meets their expectations and if misuse is suspected the matter should be discussed with the employee. If misuse is admitted or established, the employee should be warned in writing as to their future use of the Internet and a copy placed on their personnel file. If the misuse has taken place after a previous warning under this policy, consideration should be given as to whether disciplinary action is necessary and this will need to be undertaken in accordance with HR policies. Where Internet access is not required as part of the employee's day to day job, the line manager, in consultation with the Head of ICT and Head of HR, should also consider whether Internet access should be withdrawn for a defined period of time. NB: in any of the above, the Head of ICT must be informed of the outcome of any investigation for future internet monitoring purposes. Level 4 Misuse Only current as an electronic version on Parknet Page 5 of 6
The Head of ICT will inform the employee s line manager of the suspicions of misuse. They will also be provided with date and times and details of site names visited. The relevant Director must also be informed. Consideration should be given to the suspension of the member of staff from Internet access during which time an extended analysis of Internet usage may be undertaken using the three months of data available within the monitoring logs. If necessary computer forensic analysis can be obtained from Devon Audit Partnership to support the evidence identified in Internet log files. This facility ensures that the investigation does not change any data on the hard drive of the user s computer. The line manager or other senior officer designated by the relevant Director shall, in consultation with the Head of ICT, investigate the circumstances of the suspected misuse and establish whether it appears there has been misuse within the meaning of this policy. If misuse is admitted or established, consideration should be given as to whether formal disciplinary action is necessary and this will need to be undertaken in accordance with HR policies. Level 5 Misuse (most severe) If it appears that misuse has occurred which may amount to a criminal offence, a Director shall be informed as a matter of urgency. The Director, in consultation with the Head of Legal & Democratic Services / Assistant Solicitor and the Head of ICT shall make arrangements for the police to be informed without delay. If it is believed that the misuse is so serious that it may amount to gross misconduct, the Director in consultation with the Head of HR shall make arrangements for the suspension of the employee, pending a disciplinary investigation. If a police investigation does not take place, the relevant Director shall appoint a senior office to investigate, in consultation with the Head of ICT, the circumstances of the suspected misuse and establish whether there appears to have been misuse within the meaning of this policy. If misuse is admitted or established, formal disciplinary action shall be undertaken in accordance with HR policies. NB: if any investigation reveals inappropriate images of children and/or possible paedophile activity the investigation must be halted immediately and the matter reported to the Police. If further investigation is undertaken after the discovery of inappropriate images of this nature the person investigating runs the risk of prosecution. Only current as an electronic version on Parknet Page 6 of 6