3.2 IT and Communications Policy

RELEVANT CHAPTER

POLICY

We propose to make the most of the advantages offered by modern electronic communication. All computers provided are primarily for business use. Limited personal use of the computer system is permitted if it does not interfere with an individual’s or other employee’s work performance and complies with security and use guidelines set out in this document.

There are 4 main laws which have been taken into consideration when developing our communications policy:

Data Protection Act 1998 – gives individuals the right to see information held about themselves – see Guidelines. Staff are welcome to see what information is kept about them either manually or on computer. Young people have access to their own files as set out in the Files (Young People) procedure.
Human Rights Act 1998 – gives individuals the right to privacy
Lawful Business Practice Regulations – gives employers the lawful authority to intercept communications in controlled circumstances
Regulation of Investigatory Powers (RIP) Act 2000 – gives a legal framework to protect the confidentiality of communications and govern their interception.

Any problems occurring from any misuse of company computers may result in staff or YPs being charged for any repairs or maintenance that may be needed or the need for disciplinary or grievance proceedings.

1.	Computer Usage
2.	E-Mail
	2.1	Security
	2.2	Internal and External Mail
3.	Internet Access
	3.1	Downloading Information
4.	Telephone Communications
5.	Monitoring
6.	Use of Disciplinary and Grievance Procedures
7.	General IT Efficiency
	7.1	Software Licences and Piracy
	7.2	Computer Environments
	7.3	Protection Against Computer Virus
	7.4	Use of Folders for Young People and Home Files
	7.5	Backups and Archiving
	7.6	Dealing with Problems encountered on Computers or Printers
8.	Guidelines
	8.1	Data Protection
	8.2	Statement of the Law of Defamation
	8.3	Email Disclaimer
	8.4	Statement Banning Pornography
	8.5	Monitoring employees communications without their consent

1. Computer Usage

Office computers are for staff access only, unless they have been specially set up for use by YPs as well. If computers are used by staff and YP’s , all users will be given User passwords to enable them to access their own part of the computer. If computers are located in rooms which are also bedrooms, then YP’s will not be allowed in.

Any new/additional software used by the YP’s should be cleared with the Director of Operations in consultation with the Director of Care/Area Manager before it is installed. Only authorised staff should install the software. YP’s are only allowed to install software under the guidance of an authorised member of staff

2. E-Mail

The company email system and staff email addresses are for business use and work related use. Personal use is not acceptable.

2.1 Security

All staff have a responsibility to help reduce the possibility of theft of computers and the information they contain. This can be done in 2 ways:

Locking the office in which computer is situated after use.
Where workstation is left running or used by other staff – Either log off after using or do not leave computer unattended with files open. Where staff access a network, they should log off the network if they leave their computer for long periods.

Your access password is the primary key to computer security. For your own protection, and for the protection of the company’s resources, you must keep your password secret and not share it with anyone else.

Any damage or loss to any computer and associated material should be reported immediately to the Director of Care/Area Manager.

It is a disciplinary offence to access another individual’s e-mail facility by using their password without their permission.

2.2 Internal and External mail

All e-mails should be written carefully using correct English (not “texting” language) and contain the name of the sender at the end of the email message. Emails should be written with the same degree of formality as sending a business letter to recipients outside the company or memo to recipients inside the company.

Emails should not discriminate against, bully or harass individuals or misrepresent the company. In addition Email should not be used to libel or slander anyone - see Statement of the Law of Defamation in Guidelines.

The distribution of chain letters, inappropriate humour, explicit language or offensive images is not allowed via company e-mail.

As e-mail is an insecure system, care should be taken not to send any confidential information when sending external e-mails.

No e-mail messages composed, received or sent on the company network should be considered for private viewing only. The company reserves the right to monitor e-mail messages in accordance with its monitoring procedure – see later.

Penalties for breach of e-policy may range from suspension of e-mail services to termination of employment.

Incoming emails should either be deleted immediately or saved /attached to an appropriate folder.

If members of staff receive virus warnings via e-mail, they should take no action whatsoever other than informing the Director of Care/Area Manager immediately.

3. Internet Access

There have been occasions when staff have been using the Internet at work for extended periods of time and for their personal use. At best this is an internal Disciplinary matter for misuse of company time and money and at worst possibly criminal.

We do however recognise the usefulness and necessity for our young people to continue to have access to the Internet as a valuable learning tool whilst also ensuring that staff neither misuse nor allow the misuse of this facility. Therefore only those computers based in our educational settings will be allowed Internet access. This must be done through the Director of Care/Area Manager, who will liaise with the relevant manager to ascertain their approval. He will also ensure that all authorised access to the Internet is properly supervised.

Use of company computers for Internet access is limited to company business only. The use of the internet for the following is banned:

private use
carry out freelance work
buy or sell goods unrelated to employer’s business
gamble
contribute to internet news groups
play games
conduct political activities
access pornography

Access is only allowed on authorised computers up and staff should not attempt to set up their own internet connections using company computers.

Surfing the Internet on company business should not, however, interfere with business, your job or the job of other employees and should comply with this policy.

No orders may be placed through any Website addresses unless this has been authorised by the Director of Care/Area Manager.

3.1. Downloading of Information

Information should only be downloaded onto company computers if it is related to company business or of educational value to our young people or staff doing training courses. Use of any material should be in line with the laws of copyright.

It should also be remembered that information on the Internet may not necessarily be accurate, up-to-date or reliable.

4. Telephone Communications

Staff are only permitted to use company telephones for company use. Private calls may only be made with the permission of the staff member’s line manager.

Employees are expressly forbidden to access, view, download, display or distribute any material that constitutes pornography or which is sexually explicit, sexist, racist or otherwise offensive. This will include transmitting any such material by email or email attachment, whether to colleagues or people outside the organisation.

Young people are allowed to use company telephones in accordance with the procedures laid down at each home.

Managers and Team Leaders should ensure that all staff are shown how to answer the telephone in a professional and standard manner, how to take messages and deal with enquiries.

5. Monitoring

Employees should be aware that emails and internet use cannot be regarded as private and that the company has the right to monitor these under existing laws.

All outgoing mail will contain a statement that incoming communications are subject to monitoring by the organisation. In addition company literature or advertising will also make it clear that e-mail messages may be intercepted by the employer.

Monitoring is done to protect the company’s business interests - see the circumstances in which it is lawful for employers to monitor employees’ communications without their consent in Section 8.5.

Any questions or concerns about monitoring should be addressed to the Director of Care/Area Manager.

6. Use of Disciplinary and Grievance Procedures

Any breaches of this policy will be dealt with via the company disciplinary procedure, depending on the type of offence. Any member of staff who experiences problems concerning abuse of the electronic communication facility should use the Grievance Procedure set out elsewhere.

Breaches which may be construed as child protection issues and/or pornography will be considered gross misconduct and lead to summary dismissal.

See Disciplinary Procedure

See Grievance Procedure

7. General IT Efficiency

7.1 Software Licences and Piracy

Only the Director of Care/Area Manager or an authorised member of staff are allowed to alter, amend or add anything to any company computers.

In addition no software should be installed on company computers unless it is properly licensed and its installation has been agreed and/or installed by the Director of Care/Area Manager. This includes any software found on free CDs or brought from home computers.

7.2 Computer Environments

Where possible, computers should be situated in a clean clutter free area with space to sit and work. In addition, all computer equipment should be regularly dusted and cleaned – computers, monitors, keyboards, printers and disk drives.

Food and drink should kept well away from equipment.

7.3 Protection against Computer Viruses

A computer virus is a program designed to copy itself into other programs. The virus may also be designed to cause the loss or alteration of data on a computer, or in extreme cases, to completely disable a computer. The virus is activated when the program “infected” by it is executed on a computer.

To guard against viruses, in addition to the ban on unauthorised software, the use of Floppy Disks to transfer files from one machine is to be discouraged. Check with Director of Care/Area Manager about better ways of managing your files. If Floppy Disks are used, they should be virus checked before using on a new machine.

If any computer becomes infected by a virus, it should be reported immediately to the Director of Care/Area Manager.

7.4. Use of Folders for Young People and Home files

New folders should be made on all computers (home and HQ) to keep files relating to the same topics together ie individual YP folders, general reports, monthly financial spreadsheets, etc. These can then be backed up individually and also finding files can be made easier.

Once a young person leaves, files on the computer should be deleted after it has been checked that there are hard copies in the young person’s file.

7.5 Backups and Archiving

All Managers are responsible for making sure that important files on their computers are regularly backed up, either onto Floppy Disks or onto a Data disks (if a Backup tape is part of the computer).

7.6. Dealing with Problems encountered on Computers and Printers

All recurring problems relating to computers and their peripherals should be notified to the Director of Care/Area Manager.

However most computer crashes can be solved by restarting the computer in the correct way and printer jams just need careful removal of paper and re-starting of the computer and printer.

Please note: If any employee does not know how to switch off and re-start a computer correctly or is unsure how to sort a printer jam, they should contact the Director of Care/Area Manager for support.

8. Guidelines

8.1 Data Protection Act

The company is registered under the Data Protection Act 1998 as we hold personal information about staff and young people for legal reasons as a registered care home and employer.

We are required to follow the data protection principles when holding this information. These are:

Personal information should be kept in a fair and lawful way.
The purpose of keeping information is to comply with the legal Requirements of our business i.e. the care and schooling of vulnerable young people and as an employer, etc.
Information kept has to be adequate, relevant and not excessive.
Information should be accurate and up to date.
Information should not be kept longer than the purposes required.
Information should be kept in accordance with the rights of the individual it concerns.
Security measures are in force to guard against unauthorised or unlawful use of personal information and against accidental loss, damage or destruction of personal information.
Personal information should not be transferred to a country outside the EU unless that country has an adequate level of protection for the rights and freedoms of data subjects.

8.2 Statement of the Law of Defamation

Employees who, in the course of their duties, communicate internally and/or externally by email or the internet, must note the law of defamation. The same laws apply to email and internet communication as to any other documents. Written material will be defamatory if it involves the publication of an untrue statement which tends to lower a person in the estimation of right thinking members of society generally.

It is therefore important to ensure that all statements made in emails or through internet communication are accurate and not misleading. Employees must not under any circumstances write any derogatory statements about an individual or another organisation. These rules apply equally to internal and external communications.

If any member of staff is in doubt about the content of an email message or internet communication, they should seek advice from their line manager before the communication is sent.

8.3 Email Disclaimer

The following disclaimer should be included in all outgoing email:

The information contained in this message and any attachments is confidential and may be legally privileged. It is intended only for the addresses. Access to this email by anyone else is unauthorised.

Please advise the sender immediately if this message has been transmitted to you in error.

Any views or opinions contained in this message are those of the author only and do not necessarily represent the views or policies of the company.

The company may monitor the content of emails sent and received via its network for the purposes of ensuring its compliance with its policies and procedures.

8.4 Statement banning Pornography

Access to the internet is provided for employees so that they may use it in the course of their work. However, as pornographic material is widely available on the internet, you are asked to note the following:

If an employee accidentally accesses a website they consider to be pornographic or offensive, the employee should report the matter immediately to their line manager or the IT manager. Similarly if an employee receives any such material by email or email attachment, the matter should be immediately reported to management. The offending material will then be deleted from the computer by the Director of Care/Area Manager.

For the avoidance of doubt, the deliberate accessing, viewing, downloading or distributing of pornographic or otherwise offensive material is regarded as gross misconduct under the company’s disciplinary procedure. Any employee found to have been engaging in such activities will be subject to summary dismissal.