Transfer Mechanisms: , Fax, Post, Handover & Taking Data of Premises. Loss of ICT Devices and Data Misuse of ICT Devices and Data

Transcription

1 STAFF ACCEPTABLEUSE OF SCHOOL ICT FACILITIES CONTENTS 1. INTRODUCTION 1.1 Intrductin 1.2 Definitin f a User 1.3 Dcument Structure 1.4 Purpse 1.5 Scpe 1.6 Assciated Dcuments 2. POLICY STATEMENTS 2.1 General Use f ICT 2.2 Use f Hardware 2.3 Use f Sftware 2.4 Internet Use Plicy Internet Use Scial Netwrking Web Filtering 2.5 Use f Plicy External Internal Persnal Use f 2.6 Use f Mbile and Remte Cmputing Facilities 2.7 Use f Persnally Owned Cmputer Devices 2.8 Data Security Data Strage Secure Data Transfer Transfer Mechanisms: , Fax, Pst, Handver & Taking Data f Premises Lss f ICT Devices and Data Misuse f ICT Devices and Data 2.9 Use f Cameras and Taking Phtgraphs f Individuals and Grups Page 1

2 3. LEGAL ISSUES 3.1 General 3.2 Data Prtectin 3.3 Freedm f Infrmatin 3.4 Human Rights 3.5 Harassment, Victimisatin, Discriminatin and Defamatin 3.6 Equality Legislatin 3.7 Sftware Licensing and Cpyright 3.8 Cmputer Misuse 3.9 RIPA, the Lawful Business Practices Regulatins and Emplyment Practices Data Prtectin Cde: Mnitring at Wrk 3.10 Obscene Publicatins, Prngraphy etc 4. USERS RESPONSIBILITIES 4.1 General 5. MONITORING User respnsibilities; and Cmpliance with plicy statements 4.2 Use f ICT Facilities Internet 4.3 Wh t Cntact 5.1 General 5.2 Nn-cmpliance APPENDIX A Vicarius Liability (including the Authrity s disclaimer) APPENDIX B Sftware APPENDIX C Statement f Agreement t use Schl s ICT Facilities Staff Cde f cnduct fr ICT Page 2

3 1. INTRODUCTION 1.1 This Acceptable Use Plicy applies t emplyees, and ther external adult users f the Schls ICT (Infrmatin Cmmunicatin Technlgy) facilities prvided r supprted by the Schl r Wrexham Cunty Brugh Cuncil (WCBC). 1.2 ICT facilities include: Desktp and Mbile Cmputing facilities Audi-Visual equipment Access t the schls / WCBC netwrk Access t systems and data prvided fr schl business use Access t the Internet and schls Intranet fr business use Access t the schls system; and Any ther apprved ICT facilities. 1.2 Definitin f a User A user is defined as any member f staff, including teachers, teaching assistants, gvernrs, temprary wrkers, cntractrs and any ther adult user wh has been assessed and apprved fr cntrlled access, and wh is prvided with schl ICT facilities either n a standalne basis r with cntrlled access t the schls / WCBC netwrk. 1.3 Dcument Structure These guidelines are divided int five sectins which set ut: 1. Wrexham Cunty Brugh Cuncil s plicy statements fr the acceptable use f ICT facilities, cvering: General use f ICT facilities Use f ICT hardware - PCs, laptps, hand held devices, printers, telephnes, scanners etc. Use f sftware systems applicatins, databases, utilities [eg MS Office] etc. Internet use use Use f mbile and remte cmputing facilities Use f persnally wned cmputer and remvable media devices (e.g. laptps, mbile phnes, PDA s, MP3 players etc.) Data Security 2. Users respnsibilities and what Acceptable Use f the facilities means. 3. What mnitring will take place t cnfirm cmpliance with the plicies. 4. What will happen in the event f nn-cmpliance. 5. The main legal issues that the plicies need t address. Page 3

4 1.4 Purpse The purpse f this plicy is t prvide a framewrk fr the acceptable use f ICT facilities within WCBC schls. These rules are in place t prtect the user and Schl. Inapprpriate use f ICT facilities expses the schl, WCBC and emplyees t risks including virus attacks, cmprmise f netwrk systems & services, data security and legal/emplyment issues. 1.5 Scpe This plicy applies t all emplyees and casual/relief/supply staff and ther adults using the Schl s ICT facilities, including all persnnel affiliated with third parties. This plicy applies t all services, systems and equipment that is wned r leased by WCBC r the Schl. The ICT Acceptable Use plicy applies whether r nt the systems are used utside schl hurs r utside the schl Frm time t time this plicy dcument may need t be amended t ensure that plicies n acceptable use remain relevant in the light f technlgical, legal r rganisatinal develpments. In such instances a cpy f the revised plicy will be published t the Schls Intranet and a glbal will be sent prviding a link t the revised plicy. Users shuld therefre peridically visit the Authrity s Schls Intranet site t check fr changes t the plicy and guidelines Users shuld ensure that they are familiar with what is expected in the use f ICT facilities and with the plicies gverning their use. Failure t cmply with the plicies may result in disciplinary actin This plicy will be reviewed peridically, and fllwing apprpriate cnsultatin will be re-issued; as stated in abve If there is anything in the guidelines that is unclear, r if yu have any specific questins abut the plicies r cncerns abut ICT mnitring, please cntact yur headteacher r the ICT Helpdesk ( r by sending an t icthelpdesk@wrexham.gv.uk) 1.6 Assciated Dcuments This dcument shuld be read in cnjunctin with the fllwing guidance and plices: Lcal Authrity esafety Guidance dcument published September 2009 The schls wn esafety Plicy The schls wn Child Prtectin Plicy The Schls wn guidance / plicy n Data Prtectin and Security 2. POLICY STATEMENTS 2.1 General Use f ICT The schls ICT resurces are intended fr educatinal and management purpses, and may nly be used fr activities cnsistent with the rules f the schl. Any expressin f a persnal view abut the schl r WCBC matters in any electrnic frm f cmmunicatin, including scial netwrking sites, must be endrsed t that effect. Any use f the netwrk that wuld bring the name f the Schl r WCBC int disrepute is nt allwed The Schl and WCBC prvide these ICT facilities n the basis that users: Page 4

5 Read, understand and abide by the plicy statements cntained within this dcument; and Sign the Staff Cde f Cnduct fr ICT (See Appendix C) t shw their acceptance f the plicy statements cntained therein WCBC and the Schl will ensure that its ICT facilities are prtected including: Anti Virus Sftware Anti SPAM and Malware prtectin Web Filtering Users shuld d nthing t endanger the security r integrity f the Schl s systems. External files, such as thse listed belw, can intrduce malicius sftware, such as cmputer viruses r wrms, that can damage the Schl s systems and netwrks: Received as attachments Dwnladed frm the internet Received n CD/DVD disks r ther cmputer media On USB memry sticks; r Received via any ther data strage device It is imprtant that users d nt pen r distribute external files unless they were expecting t receive them frm a knwn surce r unless authrised t d s by the WCBC, IS Department. Users shuld immediately cntact their schls Netwrk Manager r telephne the IS Helpdesk n if they suspect that an external file cntains a virus. Suspect files must nt be pened, upladed r distributed until the Netwrk Manager / IS department has cmpleted its investigatin All ICT activity is mnitred fr apprpriate use - See Sectin Use f Hardware ICT Hardware (PCs, laptps, PDAs, scanners, digital cameras, printers, telephnes, mbile phnes etc.) prvided by WCBC r the Schl must nly be used fr wrk purpses relating t the Schl s business r as directed by the Headteacher. The exceptins t this are the limited persnal use f described in paragraph The use f persnally wned ICT equipment, e.g. laptps, mbile phnes, PDA s, MP3 players, USB memry sticks etc., t cnnect, uplad r dwnlad data n the schls netwrk is nt permitted withut the knwledge and cnsent f the Headteacher. See ntes n Data Security and Strage in sectin Use f Sftware ICT Sftware (MS Office, Educatinal sftware, graphic and design packages etc.) prvided by the Schl must nly be used fr wrk purpses relating t the Schl s business r as directed by the Headteacher Users must nt make unauthrised cpies f cpyrighted sftware r digital cntent, except as permitted by law r the wner f the cpyright Installatin f sftware and upgrades prvided by vendrs fr existing applicatins shuld nly be laded with the prir agreement f the Netwrk Manager, Schls ICT crdinatr r IS Department as apprpriate. Page 5

6 2.3.4 Installatin f sftware dwnladed frm the Internet is nt permitted withut the prir agreement f the Netwrk Manager, Schls ICT crdinatr r IS Department as apprpriate Lading unauthrised r persnally wned sftware (which has nt been apprved by the schl r IS department) can expse the schl netwrk t viruses and cause damage t cmputer perating systems and the wider netwrk. It is therefre nt permitted fr users t lad persnal r nn-business related sftware r files n t any schl r WCBC wned ICT equipment Users shuld be aware that any installatin f sftware must be in accrdance with the licensing agreement fr that sftware It is prhibited fr users t recklessly access r transmit infrmatin abut, r sftware designed fr, breaching security cntrls r fr creating cmputer viruses All users are respnsible fr ensuring that they act with due care and vigilance in respect f prtecting the Schl s ICT assets frm malicius sftware, such as viruses. 2.4 Internet Use The Schl recgnises that access t the Internet is an essential tl and can prvide significant educatinal and prfessinal benefits fr teachers and schl staff Users may use the Internet t view r dwnlad infrmatin nly fr the purpse(s) f: Researching and dwnlading cntent that is relevant t the users wrk within the schl, part f nging prfessinal develpment r relevant t the users rle as a member f the schl cmmunity; r Participating in frums, news grups and ther infrmatin exchanges that are relevant t the users wrk with the schl, part f nging prfessinal develpment r relevant t the users rle as a member f the schl cmmunity; r researching tpics as directed by the Headteacher. Access t the Internet is prvided by the Authrity s link t Wales Public Sectr Bradband Netwrk. Usage f the netwrk is gverned by a cnnectin agreement which stipulates that the Authrity is liable fr any breaches f the terms f the agreement by end users, including WCBC staff, schl emplyees r any ther user prvided with access. All users must cmply with the terms set ut in sectin 3 f this plicy relating t Legal Issues when using Internet facilities. Scial Netwrking Sites Members f staff, emplyees and casual/relief/supply staff will nt engage in dialgue abut the schl r with parents and pupils thrugh the use f scial netwrking sites withut the express permissin f the Headteacher The inapprpriate use f scial netwrking sites by staff is gverned under Wrexham s Crprate Cde f Cnduct and the General Teaching Cuncil fr Wales Cde f Prfessinal Cnduct and Practice fr Registered Teachers Where Scial Netwrking Sites are being used as part f the schl curriculum r as part f the schl s business they shuld nly be used with the express permissin f the Headteacher and shuld be set up expressly fr that purpse. Advice shuld be sught frm the schl s ICT Advisry team ( / ) n apprpriate sites t use and privacy settings. Page 6

7 2.4.6 The uplading t scial netwrking sites, frums r internet web sites f any phtgraph s f individuals r grups taken n schl premises is nt permitted withut the express permissin f the individuals cncerned. See sectin 2.9 n the taking f phtgraphs. Internet Web Filtering Access t the Internet frm the Schl s netwrk is filtered using a web-filtering system. This system mnitrs all web access and classifies web sites depending n the subject and infrmatin present. The system can therefre prevent access t certain types f inapprpriate web sites If users are aware that a web site is blcked when access is actually required fr valid reasns, then a request can be made t allw access t the site. Where a schl has lcal cntrl t its web-filtering server, as is the case in mst secndary schls, this can be dne internally fllwing the schls web site unblcking prcedures. Fr primary schls and ther facilities that d nt have lcal access t release sites, an initial request shuld be made t the IS ICT Helpdesk n Where further clarificatin is needed the IS ICT Helpdesk will cntact the schls wn ICT Adviser Where access t web sites is required fr use with learners then sufficient time shuld be allwed t check the site can be accessed r released befre the lessn. 2.5 Use f Plicy All members f schl staff have access t a schl accunt prvided by WCBC and managed by the IS department. This shuld be used in all situatins where cmmunicatin is used as part f either WCBC r schl business a) External All external will autmatically include the Authrity s standard bilingual disclaimer statement, which is included in Appendix A. Users shuld nt pen any file attached t an external unless they were expecting t receive it frm a knwn surce. If yu are nt certain f the rigin f a file, DO NOT pen it. Telephne the IS ICT Helpdesk n and they will check the cntent. If there is a requirement t send persnal and/r sensitive infrmatin via then the infrmatin must be encrypted prir t being sent. Further guidance n hw t encrypt s using WinZip is available n the schls intranet. Fr any further clarificatin cntact the IS ICT Helpdesk n T prtect ptentially persnal and/r sensitive infrmatin which is received: b) Internal via s frm external rganisatins and individuals; r frm ther internal users within Wrexham r the schl the setting f rules t aut-frward s t external accunts is nt permitted. Page 7

8 is acceptable as a standard frm f internal cmmunicatin except fr crrespndence: that requires the signature f a Headteacher this shuld be sent by mem; marked persnal r cnfidential, which cntains sensitive r persnal infrmatin relating t an individual r identifiable persn c) Persnal Use f Headteachers may allw facilities t be used t send persnal messages prvided this des nt impinge upn its use fr fficial purpses and is cnfined t utside wrking hurs. T ensure privacy, users shuld include the wrd Persnal in the subject line f any persnal messages sent. s marked Persnal will be subject t nrmal mnitring but will nt be pened fr mnitring purpses unless there are exceptinal circumstances, fr example when serius miscnduct / crime is suspected. All f Wrexham s facilities are mnitred. If thrugh this mnitring it is discvered that s are being sent which cntain defamatry, bscene discriminatry, libellus, ffensive r harassing cntent; r cntain any ther attachments r cntent which may be cnsidered inapprpriate r illegal, then disciplinary and/r legal actin may be taken against thse cncerned. 2.6 Use f Mbile and Remte Cmputing Facilities WCBC and the schl recgnises that mbile cmputing facilities prvide a valuable educatinal benefit t the Schl. This includes prvisin f Authrity r Schl supplied laptp, PDA, palmtp, Smartphne and ther handheld cmputers, and culd include facilities fr remte access t the Cuncil and Schl netwrk frm hme r ther remte lcatins, in supprt f wrk life balance and ther initiatives Fr laptps and ther mbile devices it is strngly recmmended that encryptin sftware be applied t the device, particularly if it is likely t be used fr sensitive and/r persnal infrmatin. Fr further advice and guidance relating t encrypting such devices, cntact the IS ICT Helpdesk Any user prvided with mbile cmputing facilities must: Use them respnsibly and cmply with all relevant plicies and prcedures as if they were using the systems in the their nrmal place f wrk Take apprpriate measures t ensure the physical prtectin f equipment frm lss, theft, damage etc. Ensure that any passwrds required fr access are kept secure Return the equipment t the Schl r IS department when requested t d s fr rutine maintenance r ther purpses In additin any user prvided with mbile cmputing facilities must nt: Stre files which cntain persnal and/r sensitive infrmatin n the device fr lnger than necessary unless adequate passwrd and encryptin prtectin has been put in place. Page 8

9 Dwnlad files frm the Internet t Authrity supplied equipment unless therwise agreed with the Headteacher. Install sftware, withut the prir apprval f the schls Netwrk Manager r Headteacher. Leave the equipment unattended, even fr a few minutes, particularly when travelling away frm the ffice r attending events. Take schl s ICT equipment, including laptps, PDA s, cellular telephnes etc. abrad withut specific apprval f the Headteacher 2.7 Use f Persnally Owned Cmputer Devices With regard t cmputer devices wned persnally by users (e.g. handheld devices, laptps, digital cameras, mbile phnes, USB memry sticks, MP3 Players etc.), which are nt supplied by the WCBC r the Schl, Users must nt: Use their wn mbile devices t stre (dwnlad r uplad) any rganisatinal infrmatin, phtgraphs, recrd audi r vide f children r ther members f staff withut the express permissin f the Headteacher; r Cnnect such devices t the Schl netwrk (whether remtely r n-site) fr any purpse unless withut the express permissin f the Headteacher. 2.8 Data Security In carrying ut their functins, Schls are ften required t hld certain persnal and/r sensitive infrmatin relating t staff, pupils, parents and ther partner rganisatins r infrmatin relating t Cuncil business. As the custdians f this infrmatin it is critical that we maintain high levels f data security at all times t ensure it remains safe and secure WCBC and the Schl have a duty t ensure persnal data is managed in accrdance with the Data Prtectin Act. This includes cmplying with Principal 7 f the Act which states that Apprpriate technical and rganisatinal measures shall be taken against unauthrised r unlawful prcessing f persnal data and against accidental lss r destructin f, r damage t, persnal data All staff shuld make themselves aware f the requirements f the Data Prtectin Act and further guidance is available n the Schl s Intranet As a minimum when staff are away frm their desks they shuld ensure that access t their cmputer / data is prevented by using the Ctrl-Alt-Delete cmmand t lck their PC. Data strage Wherever pssible the use f remvable media shuld be avided fr transferring r string data, and users shuld nt use any persnally wned remvable media r cmputing device t dwnlad sensitive and/r persnal schl data n pupils r ther staff. This includes exam related data Strage devices such as remvable hard drives r USB memry sticks that d have t be used t transfer r stre persnal and/r sensitive data must be encrypted and surced frm Wrexham s IS department The USB memry sticks prvided by the IS department are fully encrypted with enfrced passwrd prtectin. These devices prtect the data n them thrugh the use f strng encryptin sftware Page 9

10 and can nly be accessed by secure passwrd. These USB memry sticks can be purchased thrugh the IS department by cntacting the IS ICT Helpdesk n As encryptin sftware cannt be easily applied t DVD s and CD s they shuld never be used t stre persnal and/r sensitive infrmatin / data. Similarly flppy disks, althugh an lder technlgy, must never be used t stre persnal and/r sensitive infrmatin Media cards, such as thse used in digital cameras and mbile phnes, are nly permitted t be used fr defined business reasns where this has been apprved by the Headteacher. Such devices must nt be cnnected t any schl ICT equipment unless therwise agreed by the Headteacher. They must nt be used t stre any persnal and/r sensitive data. Secure Data Transfer There are many valid reasns why schls will need t share infrmatin with external bdies and partners in rder t deliver services r meet cntractual arrangements. The external bdies invlved can include ther schls, WCBC, ther Lcal Authrities, Welsh Assembly Gvernment, examinatin bdies, public rganisatins (such as the Health sectr), Plice, UK and devlved gvernment agencies; as well as private sectr cmpanies r individuals prviding services r supprt A Privacy Statement has nw replaced the Fair Prcessing Ntice and this sets ut fr data subjects the main reasns fr transferring infrmatin between schls, WCBC, ther Lcal Authrities and Welsh Assembly Gvernment etc. This ntice is kept under review and can be viewed n the schls intranet site and WCBC internet site In all cases the reasns fr needing t share infrmatin shuld be prperly assessed and fully justified. This assessment must include cnsideratin f the degree f sensitivity f the infrmatin invlved, whether the data is really needed and, if s, can it be kept t the abslute minimum required fr the purpse Where regular transfers f infrmatin take place systems and guidance will have already been issued and shuld be used t supplement this dcument Any data which relates t individuals must be dealt with in accrdance with the Data Prtectin Act (DPA) and the Schls Data Prtectin plicy. Befre any persnal data is transferred apprpriate justificatin must be cnsidered and safeguards fllwed Transfer Mechanisms Where transfer must ccur, this shuld be thrugh secure electrnic transfer, s that disks are phased ut where pssible. Where data has t be put nt remvable devices r media, such as external hard drives, CD/DVD disks, USB Sticks r laptps etc., these must be encrypted. Wherever pssible, data shuld nt be transferred but accessed directly thrugh the primary hst system where the infrmatin is stred, r accessed remtely via a secure channel By Page 10

11 is nt a secure methd f transfer and shuld nt be used fr sending persnal r sensitive data unless ther viable transfer ptins have been prperly cnsidered and excluded first. Persnal r sensitive infrmatin shuld never be included in the bdy f an . If, having cnsidered alternative ptins, is cnsidered t be the nly viable ptin fr sending the data, then strng encryptin must be applied t the data. within the Wrexham schls hsted netwrk is secure but encryptin shuld be used. (All schls have been prvided with sftware t supprt passwrd prtectin f files If is used yu must carefully check the address f the external recipient(s) befre sending and cntact them afterwards t cnfirm receipt By Fax Persnal r ther sensitive data must nt be sent by fax. Sending by Fax is nt a secure methd f transfer as there are inherent risks. It may be pssible t send nn-sensitive data by fax prvided the fllwing safeguards are fllwed. If sending nn-sensitive data by fax transfer yu must carefully check the fax number f the external recipient befre sending. Infrmatin shuld nly be sent t safe haven fax machines situated in a secure cnstantly staffed area and nt accessible by the public. In all cases, the recipient shuld be infrmed prir t transfer and a cvering sheet addressed t the recipient shuld be sent with the data. The cvering sheet shuld nt include any details f persnal r sensitive data By pst (fr example in paper frm, r, n a CD-ROM r DVD-ROM) Sending by pst has sme risk but prvided that strng encryptin is applied t data in electrnic frm and a secure pstal service used, the risk is likely t be acceptable. Befre sending any infrmatin t external bdies yu must have the apprval f the Headteacher. If the data is persnal r sensitive then strng encryptin must be applied (If required cntact the IS ICT Helpdesk n fr advice n apprpriate encryptin levels befre sending sensitive data by pst). The encrypted data must be sent via tracked/secure mail r curier and nt via standard pst. Yu must carefully check the address f the external recipient(s) befre sending and cntact them afterwards t cnfirm receipt By handver f data t an individual frm anther rganisatin This has sme risk but culd be an acceptable methd f transfer if an authrised schl emplyee is visiting r can deliver direct t a named external recipient, r, alternatively, if the named external recipient can cllect in persn. If the data is sensitive then the risk must be cnsidered and the need fr strng encryptin must be assessed Page 11

12 Taking data ff the premises Users shuld assess the risks f taking data ff the premises t meetings r t wrk n elsewhere. Particular care shuld be taken during transprtatin t prevent lss r theft and items shuld nt be left unattended. Infrmatin in paper hard cpy frm shuld be secured in a bx r briefcase/bag and if transprting by vehicle the data shuld be placed in the bt and remain ut f view. Infrmatin stred in electrnic frm (cntained in laptps, CD-ROM, DVD-ROM r PDAs) must have adequate encryptin applied t the device. Persnal and sensitive data in electrnic frm r paper hard cpy shuld nt be left in vehicles vernight r fr any extended perid f time. When handing persnal and sensitive data ver t a recipient frm an external bdy, the methd f transprt must be agreed in advance. The IS department can prvide advice n the use f encryptin. Page 12

13 Lss f ICT Devices and Data It is the duty f all users t immediately reprt any actual r suspected breaches in infrmatin security t the Headteacher If a schl ICT device is lst r stlen then it must be reprted immediately t the Headteacher and IS Department (IS ICT Helpdesk ), this wuld include the lss f USB memry sticks Full details f the equipment and any ptential data lss must be prvided s that the implicatins f the lss can immediately be assessed. If the device has been stlen it may als be necessary t cntact Nrth Wales Plice t reprt the incident. This shuld be determined by discussin with the Headteacher and IS Department. Misuse f ICT Devices and Data Yu shuld raise yur cncern with yur line manager, the headteacher, the chair f gvernrs, r the gvernr nminated fr whistleblwing r [ther named persn and cntact number]. The persn t be apprached depends t an extent n the seriusness and sensitivity f the issue and wh is thught t be invlved If yu feel yu cannt express yur cncerns within the schl, it is pen t yu t raise yur cncern with smene utside the schl setting frm the list f rganisatins in the sectin f this plicy Taking the Matter Further, with key rganisatins t cntact suggested as the LEA, Public Cncern at Wrk and the trade unins. If yu remain cncerned and/r feel unable t raise the matter as detailed abve, please refer t the mdel Whistleblwing Plicy fr Schls, prduced by the Welsh Gvernment at: English versin pjvbxtyyjvgbknbrg8x2pd5yn2fh6rq6mtqy9x9! ?lang=en Welsh versin w.pdf;jsessinid=mqpqqhpdjzp6ypjvbxtyyjvgbknbrg8x2pd5yn2fh6rq6mtqy9x9! ?lang=e n r in the Cuncil s Whistleblwing Plicy n the Intranet at: Use f Cameras and Taking Phtgraphs f Individuals r Grups In a public place we d nt have a right t privacy. Anybdy can take a phtgraph f anther persn in a public place. On private prperty hwever if the wner f the prperty has expressly said n t phtgraphs and this is made clear, then yu cannt take phtgraphs. Page 13

14 2.9.2 Schls are private prperties and users are nt permitted t take the phtgraph f an individual r grup withut their express permissin. Page 14

15 3. LEGAL ISSUES 3.1 General Prviding emplyees with access t ICT facilities is increasingly expected in tday s wrking envirnment. Hwever, misuse f these facilities by emplyees culd have serius legal implicatins fr the emplyees cncerned (see belw), the Schl and fr Wrexham Cunty Brugh Cuncil as a result f vicarius liability, which is explained in mre detail in Appendix A. 3.2 Data Prtectin The Schl hlds a wealth f cnfidential infrmatin relating t its staff, custmers, clients and suppliers, much f it in electrnic frmat. The unauthrised release f such infrmatin, fr example via , n external strage media wuld be in breach f the Data Prtectin Act 1998 and culd make individual emplyees and the Authrity liable t substantial fines. 3.3 Freedm f Infrmatin The Freedm f Infrmatin Act 2000 ("the Act") is fully in frce frm the 1 January The aim f the Act is t make public bdies mre pen and accuntable by creating a right fr any persn t request any infrmatin held by them (subject t exemptins). As a public bdy, the Cuncil is subject t the Act and is cmmitted t cmplying with it. As an emplyee yu shuld familiarise yurself with the Cuncil s plicy n Freedm f Infrmatin a cpy is available n Wrexnet. 3.4 Human Rights The Human Rights Act 1998 gives individuals the right t respect fr private and family life, hme and crrespndence. By encuraging users t identify s as persnal in the subject heading, the Authrity is lking t safeguard the privacy f emplyees crrespndence. s marked Persnal will be pened fr mnitring purpses nly in exceptinal circumstances, fr example, where serius crime/miscnduct is suspected. They will hwever, still be subject t the nrmal mnitring described in Sectin Harassment, Discriminatin, Victimisatin and Defamatin If emplyees transmit bscene r discriminatry materials r harass r victimise ther individuals by r any ther ICT facility, this may cause ffence and incur liability fr the individuals cncerned, as well as fr the Authrity. Similarly, if emplyees use the ICT facilities t make defamatry r discriminatry statements they (and the Authrity) culd face legal actin. Users shuld make themselves aware f the cntents f the Equality Act 2010 and ther UK legislatin and regulatins cvering issues f race; gender; gender reassignment; age, disability, sexual rientatin, religin r belief; marriage r civil partnership, and pregnancy and maternity. The Equality Act 2010 als prvides prtectin fr staff frm harassment during the curse f their emplyment frm third parties (S40 (2a and b). If any staff feels that they have been harassed by a third party including via ICT such as r the internet as part f their emplyment this shuld reprted immediately t the Headteacher. Where ICT is used as part f the harassment the Headteacher will infrm the IS Department as part f preventative actin against the harassment. See belw fr useful links t Equality legislatin and guidance. : Page 15

16 3.6 Equality Legislatin Wrexham Cunty Brugh Cuncil is cmmitted t preventing the use f its cmputer systems and netwrks fr the distributin, publicatin r viewing f material which culd be cnsidered as discriminatry, harassment r victimisatin. This wuld include discriminatin, harassment r victimisatin n the basis f gender; gender reassignment; race; age; disability; sexual rientatin, religin r belief, marriage and civil partnership and pregnancy and maternity. This is in line with the requirements f Equality Act 2010 and related regulatins and guidance and any ther UK equality legislatin and emplyment regulatins. The authrity is als cmmitted t fulfilling its Public Sectr duties under the Equality Act 2010 and related regulatins and guidance. This plicy supprts the general public sectr duty t: eliminate discriminatin, harassment, victimisatin and any ther cnduct prhibited by the Act. t advance pprtunity between persns wh share a relevant prtected characteristic and persns wh d nt share it. t fster gd relatins between persns wh share a prtected characteristic and thse wh d nt. 3.7 Sftware Licensing and Cpyright Only sftware that is develped by the Schl, WCBC r licensed r prvided by the develper t the Schl shuld be used n the Schl s ICT facilities. Under n circumstances shuld users cpy sftware frm ne PC t anther withut the apprpriate licence agreement. The Schl culd be liable t substantial fines if it was discvered using sftware withut the apprpriate licence. (Appendix B explains hw t btain sftware.) Users shuld take care in cpying material btained thrugh attachments t s r, frm infrmatin surces via the Internet. There may be cpyright r ther restrictins n such material (ften identified by, r ) and unauthrised use including cpying r nward transmissin may be an infringement f cpyright (sectin 17, Cpyright, Designs and Patents Act 1988). 3.8 Cmputer Misuse The Cmputer Misuse Act 1990 makes it illegal t gain unauthrised access t a cmputer system (hacking), t extract data frm the system (cnfidentiality) r t amend the system withut permissin (including intrducing viruses). The Schl and WCBC has a duty t put prcedures in place t prevent unauthrised access. If the Authrity and Schl fails t d this it is likely t be in breach f the Data Prtectin legislatin and culd be liable t substantial fines. 3.9 RIPA, the Lawful Business Practices Regulatins and Emplyment Practices Data Prtectin Cde: Mnitring at Wrk The Regulatin f Investigatry Pwers Act 2000 (RIPA) states that the interceptin f cmmunicatins in the curse f transmissin withut cnsent is prhibited except in specific limited circumstances such as cvert surveillance peratins and fr reasns f natinal security. The Lawful Business Practices Regulatins 2000 set ut the exceptins t RIPA and prvide the basis under which the Authrity s mnitring activity can take place. The Emplyment Practices, Data Prtectin Cde gives further guidance n hw mnitring shuld be carried ut. It aims t strike a balance between the rights f individuals (their privacy) and thse f the emplyers (their ability t mnitr activities t ensure their business is perating Page 16

17 effectively). The Authrity has used the benchmarks and practical guidance in the Cde t help develp the plicy fr the Acceptable Use f ICT Facilities, particularly in relatin t the mnitring f Obscene Publicatins, Prngraphy etc. WCBC and the Schl are cmmitted t the preventin f publicatin n its netwrks f any material which it may cnsider prngraphic, excessively vilent r which cmes within the prvisins f the Obscene Publicatins Act r the Prtectin f Children s Act. In n circumstances shuld users send s cntaining prngraphy r ther bjectinable r ptentially criminal material. If users receive an that they believe may cntain prngraphy r, n pening an find such material, fr example in an attachment, they shuld immediately clse it and reprt the incident t Cmputer Audit (either by t cmputer audit r by telephne n ). Any use f the Schl s ICT systems t publish, distribute, r gain access t bscene, discriminatry, prngraphic r excessively vilent material will lead t disciplinary actin being taken. 4. USERS RESPONSIBILITIES 4.1 General Users are respnsible fr ensuring that they d: Understand and abide by all the plicy statements cntained within the dcument. Fr the avidance f dubt, users are required t fully cmply with all plicy statements shwn in sectin 2. Cmply with the plicies and the underlying laws shwn in sectin 3, (Cmputer Misuse Act 1990, Data Prtectin Act 1998 etc.) Use the ICT facilities fr wrk purpses nly. Where permitted by Headteacher/Gvernrs the exceptins are: Limited persnal use f ; r Limited persnal use f Internet - if allwed by the schl and in each case prviding this is dne utside wrking hurs. Use the Ctrl, Alt, Delete cmmand t lck their PC when away frm their desk fr extended perids f time Users are respnsible fr ensuring that they d nt: Attempt t use the ICT facilities fr any unauthrised purpse. Misuse r damage any ICT facilities. Lad / dwnlad unauthrised sftware r files nt any f the Schl s r Authrity s PC s, laptps r any ther schl wned equipment. Allw external rganisatins t cnnect their ICT equipment t the Schl netwrk. Page 17

18 Divulge their passwrd t anyne else r leave their passwrd visible n a piece f paper r Pst-it nte, etc, left n r near their mnitr. Page 18

19 4.2 Use f ICT Facilities In additin t 4.1 abve, when using , users must ensure that they d nt: Send sensitive r cnfidential infrmatin by - unless therwise in accrdance with the prcesses utlined in sectin t ( s are nt encrypted and may pass thrugh several different servers befre reaching their destinatin and culd be intercepted at any stage) Use ffensive, harassing r discriminatry language; (Jkes r cmments that may seem inncent t ne persn can cause serius ffence t anther. The Authrity has strict rules gverning equality, discriminatin and harassment that, when applied, can lead t disciplinary prceedings. In additin, the Authrity s and r Schl s reputatin can be affected, and they can becme liable t legal actin, where such travels utside the schl with the Authrity s dmain name (wrexham.sch.uk) n it. Send threatening, intimidating r libelus messages. (Users may be expsed t a ptential legal liability that affects them as individuals, their line management and the Authrity) Enter int a cntract n behalf f the Authrity Use f ICT Facilities Internet In additin t 4.1, when using the internet, users must ensure that they d nt: Access web sites which are nt wrk related, unless therwise agreed with the Headteacher Use the Internet facilities fr persnal use, unless therwise agreed lcally with the Headteacher and utside f wrk hurs. Dwnlad sftware r files frm the Internet withut the permissin f the Headteacher. Uplad infrmatin r data t the Internet unless therwise agreed with the Headteacher. 4.3 Wh t Cntact T make the mst f the ICT facilities, users shuld cntact: Their Netwrk Manager, MIS / ICT Crdinatr r the ICT Advisry team: Fr all ICT training needs (if yu dn t knw hw t d it, then ask!) Fr requests fr nn-standard ICT sftware Supprt relating t the curriculum use f ICT; T reprt any suspected misuse f the Schl s ICT facilities r infrmatin and data. The schl Netwrk Manager / Technician r IS ICT helpdesk immediately fr any: Prblems with the ICT facilities Accidental damage t the ICT facilities Page 19

20 Viruses r suspicius files r attachments received in s. Reprting lst r stlen ICT equipment Or any ther issued utlined in this plicy dcument. The schls e-safety Crdinatr r Child Prtectin Crdinatr immediately fr any: ICT incidents, fr example if yu find evidence f prngraphy; hacking r deliberate misuse f ICT equipment; inapprpriate internet sites visited accidentally. 5. MONITORING 5.1 General In line with the Lawful Business Practice Regulatins 2000, these guidelines make it clear that all ICT activity in Wrexham Cunty Brugh Cuncil is subject t mnitring. Mnitring takes place t prtect the Authrity s and Schl s ICT facilities and reputatin and t cnfirm cmpliance with the relevant legislatin and Wrexham Cunty Brugh Cuncil s ICT plicies All users must give their frmal cnsent t the Schl / Authrity mnitring their ICT activity. Schl staff d this by accepting this plicy dcument under their terms and cnditins f emplyment. Other adult schl ICT users d this by cmpleting and signing the Statement f Agreement in Appendix C Much f the Authrity s mnitring is carried ut autmatically: The firewall detects s cntaining malicius files, such as viruses s are autmatically screened fr apprpriateness and security. This mnitring is based n sets f rules, fr example file attachment types t be quarantined r sensitive wrds t be quarantined r deleted. These sets f rules are regularly reviewed and updated t deal with emerging threats. All internet activity is lgged autmatically t prvide statistical infrmatin. All websites are autmatically screened t ensure that they are apprpriate. Access t inapprpriate websites is prevented. The IS Department carries ut mnitring in rder t prtect the Authrity s netwrk and cmputer systems and t cnfirm cmpliance with legal requirements and the Authrity s plicies. 5.2 Nn-cmpliance If the mnitring in 5.1 abve identifies: evidence f misuse f the ICT facilities - this may lead t disciplinary actin, up t and including dismissal evidence f pssible criminal activity - this may be passed n t the plice As a user yu have a respnsibility t reprt any misuse f the Authrity s and Schl s ICT facilities and data t yur Headteacher r t the WCBC ICT Manager. Page 20

21 APPENDIX A Vicarius Liability (including the Authrity s Disclaimer) A.1 Basically, the term vicarius liability means that the Authrity r Schl may be held respnsible fr actins by staff r agency wrkers if they are deemed t be cmmitted in the curse f emplyment. This applies when: the wrngder is emplyed under a cntract f emplyment (Generally speaking, an emplyer is nt respnsible fr the activities f an independent cntractr); and the emplyee is acting in the curse f their emplyment. A.2 Schl s shuld be aware that the wrngful act f a member f staff r cntractrs will be deemed t be dne in the curse f emplyment if it is: an act authrised by management, r a wrngful and unauthrised mde f ding sme act authrised by management. A.3 Whether an act is an independent act r ne fr which an emplyer will be held vicariusly liable is a questin f fact that will be determined by the apprpriate curt with reference t the particular circumstances. A.4 Anyne using the Internet shuld nte that althugh certain materials may be cnsidered legal in their place f rigin, this des nt mean that they are necessarily legal in the UK. S, if thse materials are cnsidered t be illegal in the UK, they will be subject t the applicatin f UK law. Disclaimer A.5 Where the schl has implemented an disclaimer this shuld be attached t all utging s. Page 21

22 APPENDIX B Sftware B.1 The basic sftware necessary fr emplyees t d their jb shuld be installed n their cmputers by the IS Department r Schl ICT Technician. Respnsibility fr arranging this fr new emplyees lies with their line manager. B.2 Sme jbs in the Schl require the use f specialist sftware. Users wh want t btain specialist sftware shuld cntact the IS helpdesk r their relevant MIS r ICT c-rdinatr. All sftware must be purchased in line with the Schl s ICT Prcurement Plicy and Guidelines. B.3 Users shuld nt, in any circumstances, pen an attachment cntaining a sftware applicatin withut first btaining apprval frm the IS Department r schl s Netwrk Manager. If in dubt, cntact the IS ICT Helpdesk ( icthelpdesk@wrexham.gv.uk r telephne ). Failure t d s might result in the system r netwrk failing and might, in sme circumstances, infringe licence agreements. Page 22

23 APPENDIX C - Staff Cde f Cnduct fr ICT T ensure that members f staff are fully aware f their prfessinal respnsibilities when using Infrmatin Systems and when cmmunicating with pupils, they are asked t sign this cde f cnduct. Members f staff shuld cnsult the schl s e-safety plicy and the ICT Acceptable Use Plicy fr further infrmatin and clarity. Use f ICT systems: I understand that it is a criminal ffence t use a schl ICT system fr a purpse nt permitted by its wner. I appreciate that ICT includes a wide range f systems, including mbile phnes, hand held devices, digital cameras, , scial netwrking and that ICT use may als include persnal ICT devices when used fr schl business. I will nt leave laptp cmputers r any ther easily transprtable ICT equipment unattended at any time. I understand that schl infrmatin systems may nt be used fr private purpses withut specific permissin frm the headteacher. I understand that shuld nt be cnsidered a private medium f cmmunicatin and that my use f schl infrmatin systems, Internet and may be mnitred and recrded t ensure plicy cmpliance. I will ensure that electrnic cmmunicatins with pupils and parents including , IM and thrugh scial netwrking sites are cmpatible with my prfessinal rle and that messages cannt be misunderstd r misinterpreted. I will ensure that my private and prfessinal use f scial netwrking sites remains separate. I will respect system security and I will nt disclse any passwrd r security infrmatin t anyne ther than an authrised system manager. I will ensure that persnal data is stred securely and is used apprpriately, whether in schl, taken ff the schl premises r accessed remtely. I will nt install any sftware r hardware withut permissin. I will nt intrduce flppy disks, CDs, memry sticks r any ther device int the system withut first having checked them fr viruses. I will respect cpyright and intellectual prperty rights. I will reprt any incidents f cncern regarding children s safety t the e-safety Crdinatr, the Designated Child Prtectin Crdinatr r Headteacher. I will prmte e-safety with students in my care and will help them t develp a respnsible attitude t system use, cmmunicatins and publishing. I will nt take the phtgraph f any individual r grup fr which I d nt have their express permissin. The Schl may exercise its right t mnitr the use f the schl s infrmatin systems and Internet access, t intercept and t delete inapprpriate materials where it believes unauthrised use f the schl s infrmatin system may be taking place, r the system may be being used fr criminal purpses r fr string unauthrised r unlawful text, imagery r sund. I have read the schls acceptable use plicy and agree t fllw the schls cde f cnduct. Full name:. Date: Signed:.. Accepted fr the Schl: Date: Page 23