Document Control

Organisation / London Borough of Croydon
Title / Email, Electronic Messaging and Internet Policy
Author / Kiff Paddon
Filename / Email Electronic Messaging and Internet Policy - LBC v2.7.doc.
Owner / ICT Service Delivery Manager
Subject / ICT Policies
Protective Marking / Not Protectively Marked
Review date / Annual - October

Revision History

Revision Date / Reviser / Version / Description of Revision
14/04/08 / Kiff Paddon / 2 / Approved version
01/05/09 / Manoj Patil / 2.1 / Formatting changes only
12/08/09 / Srinivas Dokku / 2.2 / Updated review comments from Hayley Lewis
19/03/10 / Srinivas Dokku / 2.3 / HR & OD Approval updates
21/09/2011 / Isabel Blazquez / 2.4 / Review
28/10/2011 / Mike Fake / 2.5 / Included ICT Steering Group decision.
Updated to includereference to NWOW, email access and restrictions on non-productive social media usage.
16/11/2011 / Mike Fake / 2.6 / John Gladman minor changes
20/01/12 / Mike Fake / 2.7 / Included HR recommended changes, consistent with AUP.

Document Approvals

This document requires the following approvals:

Sponsor Approval / Name / Date
Corporate Services / Director, Corporate Services / 31 October 2011
HR&OD / Director, HR & OD / Consultation 11 January 2012
ICT Steering Group / Director, Corporate Services / 31 October 2011

Document Distribution

This document will be distributed to:

Name / Job Title / Email Address
All Managers / n/a / n/a
Corporate Intranet / n/a / n/a

Contributors

Development of this policy was assisted through information provided by the following organisations:

  • Kiff Paddon (London Borough of Croydon)

  • Duncan Spencer (Capgemini BT)

  • West Midlands Local Government Association

Contents

E-MAIL, ELECTRONIC MESSAGING AND INTERNET POLICY

1.INTRODUCTION

2.MONITORING AND SANCTIONS

3.RESPONSIBILITIES

4.ACCEPTABLE USE OF INTERNET AND E-MAIL

4.4.General Standards

4.5.E-Mail Standards

4.6Internet Standards

4.7Leavers

4.8Personal Use

4.9GCSx Use

5.POLICY COMPLIANCE

6.POLICY GOVERNANCE

7.REVIEW AND REVISIONS

8.REFERENCES

9.TERMINOLOGY

E-MAIL, ELECTRONIC MESSAGING AND INTERNET POLICY

  1. INTRODUCTION
  2. E-mail and the Internet are essential business tools for communication, obtaining and sharing information. Throughout this document all references to e-mail will mean electronic email, SMS messaging (“Short Messaging Service” - text messaging via a mobile phone), instant messaging, electronic posting on website, RSS feeds (Really Simple Syndication – automatic sending or receiving of updates to or from web pages), and all other methods of electronic messaging exchange. For the purposes of this document the term “internet” includes use of the Council’s internal network (intranet).
  3. Although this policy specifically targets use of e-mails, messaging and internet services – the principles herein apply to the use of all Council ICT infrastructure and services.
  4. This policy aims to clarify the standards expected of all users in order to:

-prevent misuse of Internet and e-mail;

-ensure that Internet and e-mail use complies with Council policies and the law;

-protect the Council’s information, data, systems and equipment;

-support the Council’sNew Ways of Working (NWOW);

-restrict the non-productive use of Council systems;

-encourage use that supports the business goals and objectives of the Council.

This policy applies to all users of the Council’s ICT services and includes employees, elected Members, agency workers, contractors, consultants and workers from partner organisations. It also applies regardless of work location and type of computer, laptop, tablet, PDA or other mobile device being used and therefore includes those working from home.

1.4.The Council considers this policy to be extremely important. If your use of e-mail or internet breaches the standards set out in this policy, disciplinary action may be taken which under certain circumstances could lead to your dismissal. You should also be aware that improper use of e-mail or the Internet can result in either you and/or the Council incurring civil or criminal liability. The Council also reserves the right to report suspected illegal activities to the appropriate authorities, including the police.

1.5.To ensure compliance with this Policy and for other legitimate work purposes, the Council monitors and may record, e-mail and Internet use (see section 2).

1.6.All users should familiarise themselves with the standards in this policy and ask their line manager if they are uncertain how the provisions apply. Users should also read the Email Style Guide (which can be found on the Intranet).

1.7.While the Council will take all reasonable care to prevent or block material which may cause offence, the Council takes no responsibility for such material which may become accessible due to circumstances beyond its control. There may be instances where a user will receive unsolicited mass junk email or spam. It is advised that users delete such messages without reading them. Do not reply to the email. Even to attempt to remove the email address from the distribution list can confirm the existence of an address following a speculative e-mail. Before giving your e-mail address to a third party, for instance a website, consider carefully the possible consequences of that address being passed (possibly sold on) to an unknown third party, and whether the benefits outweigh the potential problems.

  1. MONITORING AND SANCTIONS

2.1.To ensure compliance with this and other Council policies and for other legitimate work purposes, the Council routinely monitors e-mail and Internet use. All electronic communication via e-mail, both internal and to external recipients via the Internet will be monitored and all access to Internet sites is recorded. Spot checks will be carried out to ensure compliance with Council policies, standards and the law.

2.2.As part of its monitoring, the Council may at any time and without further notice:

a)Monitor and record how you use e-mail, including: the volume, frequency and size of the e-mails and attachments sent and received by you; and who you regularly send e-mail to and receive e-mail from.

b)Access any e-mails and attachments sent or received by you. All emails and attachments sent or received over the Council’s systems areaccessible by authorised staff. Therefore, you should not regard any e-mail or attachment as being private or confidential to the extent that it will not be viewed by other persons.

c)Monitor and record how you use the internet. This includes monitoring the frequency and total time you spend using the internet generally and the individual internet sites you visit.

2.3.Information gathered from monitoring e-mail and internet usage will be used to verify that the Council’s systems are being used appropriately. Where inappropriate use is identified, the information may also be used in disciplinary proceedings.

2.4.It should also be noted that email and attachments may need to be disclosed under the Data Protection Act 1998 or the Freedom of Information Act 2000. Further information regarding this can be obtained from the Council’s Data Protection officer.

  1. RESPONSIBILITIES
  2. Line managers have the responsibility to ensure that their staff are aware of and agree to the standards in this document, and to take appropriate action to prevent misuse of e-mail and internet.
  3. All users have a duty to help ensure that Council e-mail systems and Internet connection are used responsibly. If you are aware of internet or e-mail use that falls short of the standards in this document you should report the matter to your manager or if this is not appropriate, to the ICT Security Officer.
  1. ACCEPTABLE USE OF INTERNET AND E-MAIL
  2. This section, together with section 5, aim to give you clear guidance about the Council’s expectations and standards that apply to your use of the Council’s internet and e-mail facilities.
  3. The examples are not exhaustive and common sense should be used when using the internet and e-mail facilities. If you suspect that you may be doing something wrong, you probably are. Advice can always be sought from HR&OD or the corporate ICT team.
  4. Breaches of these standards may lead to disciplinary action and serious breaches may result in dismissal from the Council’s employment. What constitutes serious misuse of e-mail or internet will be determined by the precise content of the data, the frequency of use, and/or the impact the misuse may have on the Council or individuals.
  5. General Standards

The following points clarify the terms of acceptable use.

Users must NOT:

  1. Risk the stability or security of Council systems by for example: operating computers without anti-virus protection approved by the Council; disabling anti-virus software; sending computer viruses; sending sustained high volume network traffic; installing unauthorised software;
  1. Connect, or attempt to connect any Council computer directly to the internet OTHER than through an approved interface. If you are in any doubt about what an approved interface is, you should seek advice from the ICT Helpdesk.

Users must understand and agree to comply with the security rules of the Council.

Users must acknowledge that:

  1. Their use of the Council’s network and systems may be monitored and/or recorded for lawful purposes.
  2. E-Mail Standards

Users to confirm that:

  1. all emails that are used to conduct or support official Croydon Council business will be sent using the “@croydon.gov.uk” address allocated to them by the Council.
  1. all emails sent via the Government Connect Secure Extranet (GCSx)13 will be sent using GC Mail13 of the format “@croydon.gcsx.gov.uk”.
  1. any emails containing sensitive (Protectively Marked)13 information will be sent using GC Mail.
  1. the automatic forwarding of emails will NOT be used. This is to prevent sensitive (Protectively Marked) information being forwarded inappropriately.
  1. they accept that all emails that represent aspects of Council business or Council administrative arrangements are the property of the Council and NOT of any individual employee.
  1. they accept that emails held on Council equipment are considered to be part of the corporate record and email also provides a record of their activities
  1. they accept that email and the Internet are provided as business tools to help users with their regular job and assist workplace communications
  1. they accept that all emails and attachments sent or received by them over the Council’s systems may be monitored and are accessible by authorised staff. Therefore employees should not regard an email or attachment as being private and confidential to the extent that it will not be viewed by other persons.

Users to confirm that they will NOT:

  1. send, or encourage the sending of messages, which are restricted by laws or regulations, except for the purposes of enforcement e.g. transmission of pornography or defamatory material
  1. use e-mail in breach of the Data Protection Act or other legislation
  1. use e-mail to send any material that is racist, sexist, hateful, pornographic, contains nudity or which is otherwise objectionable. This includes sending e-mail and attachments which ridicule, belittle or undermine others, particularly in respect of their race, national origin, colour, nationality, gender, marital status, sexual orientation, age, disability or religion. The Council has the right to determine what is “objectionable”. Further guidance and examples of what may be inappropriate behaviour can be found in the Council’s Code of Conduct.
  1. encourage the sending of material referred to above
  1. use e-mail in a way which intimidates, harasses, bullies or distresses others or which interferes with the conduct of Council business
  1. solicit business for personal gain or profit
  1. send messages so that it appears to be from someone else - also known as “Spoofing”
  1. access, or attempt to access, data, files, databases or messages of others without authorisation - also known as “Snooping”
  1. intercept, or attempt to intercept, any electronic communication or transmissions without authorisation
  1. upload, download or otherwise transmit commercial software or copyrighted material in violation of its copyright
  1. reveal or publish confidential or proprietary information which may include financial information, strategies and plans, Council databases and the information contained therein, customer lists, technical product information, computer software source codes, computer network access codes and details of business partnerships
  1. represent personal opinions as those of the Council or which could be interpreted as being those of the Council
  1. send any virus warnings or security warnings or scare stories or any other alarming message of any kind to any other user – either internal or external. It doesn't matter if the warnings have come from an anti-virus vendor or been confirmed by a large company or the police or your best friend. These warnings are almost always hoaxes. If in doubt you may confirm the status of the warning with one of the corporate ICT team
  1. send ‘chain letters’ or inappropriate messages to lists of individuals. “Broadcast” messages to every user on the system are NOT allowed and it is a disciplinary offence to send them
  1. send trivial messages by e-mail
  1. send emails to large groups of staff without authorisation
  1. send emails for the purposes of undermining the Council’s proper business
  1. send business emails greater than 20 MB in size without seeking advice and guidance from ICT on more efficient ways of transferring the data.
  1. send personal emails greater than 2 MB in size.

4.6Internet Standards

Users to confirm that they will NOT:

  1. use the internet as a vehicle to send, or encourage the sending or receiving of messages, which are restricted by laws or regulations, except for the purposes of enforcement e.g. transmission of pornography or defamatory material
  1. use the internet in breach of the Data Protection Act or other legislation
  1. use the internet to view or send, any material that is racist, sexist, hateful, pornographic, contains nudity or which is otherwise objectionable. This includes visiting websites which ridicule, belittle or undermine others, particularly in respect of their race, national origin, colour, nationality, disability, gender, marital status, sexual orientation, age, or religion. The Council has the right to determine what is “objectionable”
  1. use the internet in a way which intimidates, harasses, bullies or distresses others or which interferes with the conduct of Council business
  1. use the internet to regularly access high bandwidth data streaming services, such as video and audio services without authorisation
  1. use the Internet for gambling or illegal activities
  1. use the internet to solicit business for personal gain or profit
  1. use the Internet to upload, download or otherwise transmit commercial software or copyrighted material in violation of its copyright
  1. use the Internet to download software that is NOT authorised
  1. use the internet to reveal or publish confidential or proprietary information which may include financial information, strategies and plans, Council databases and the information contained therein, customer lists, technical product information, computer software source codes, computer network access codes and details of business partnerships
  1. use the internet to represent personal opinions as those of the Council
  1. Other than as allowed under Personal Use (see following), use the internet for NON work-related personal collaboration activities (email, messaging, profile updates). Examples include use of Facebook, Twitter, YouTube or similar social sites, as well as blogs, special interest forums and user communities, which are collectively known as “Social Media”.

4.7Leavers

Users to confirm that:

  1. if they are about to leave the Council, they will inform their manager prior to departure of any important information held in their account and manage their account in accordance with the Council’s email and information management policy. They will return to their manager all Council property including ID cards, keys, portable computer equipment, mobile phones, PDAs and removable media, in accordance with the Council’s leaver’s procedures.

4.8Personal Use

  1. Staff may make limited personal use of the Council’s e-mail and internet under the following conditions:
  • personal use is only allowed outside their working hours. This means before or after work or during authorised breaks, such as a lunch break.
  • personal use must be kept to a minimum and where reasonably possible be restricted to before 9.00am and after 5.00pm. This is in order to help prevent the Council’s systems being compromised by excessive use during peak working times.
  • personal use must NOT contravene health and safety policies in relation to the need for proper breaks for those using computers.
  • personal e-mails should be deleted once read and responded to, if appropriate.
  • any personal use of the Council e-mail system or the Council internet connection must NOT impact on their productivity and effectiveness at work or that of their colleagues.

Examples of how this can occur include:

  • using a computer for their personal use when other staff need to use one for Council purposes
  • forwarding e-mails to colleagues that are NOT work-related
  • maintaining communications with NON-work related social media during their working hours
  • personal use must adhere to the standards set out in this document. Personal use which contravenes the standards in this document may lead to disciplinary action being taken.

4.9GCSx Use

GCSx is the Government Connect Secure Extranet which provides secure access with central government departments and agencies through the Croydon Secure Network (CSN).

For the purposes of this policy and the Acceptable Usage Policy the CSN is deemed to include the following protected networks:

  • Government Connect Secure Extranet (GCSx)13
  • London Public Services Network (LondonPSN)13
  • National Health Network (N3)13.

Other networks may be included in the CSN and users will be advised accordingly.

Users need to understand and agree to comply with the CSN security rules of the Council.

Users to acknowledge that: