Access to personal email accounts and lawful business monitoring Contents Policy statement... 2 Access to personal emails... 2 Manager suspects misuse... 3 Lawful business monitoring... 4 Additional information... 6 Access to personal emails and lawful business monitoring Page 1 of 6
Policy statement Summary West Yorkshire Police will allow access to personal emails that are administered by the force, by a designated person ensuring the efficiency and integrity of the organisations whilst safeguarding the individual from unnecessary access. The force will also have a framework for the ethical monitoring, interception and recording of communications within the workplace which are transmitted using West Yorkshire Police systems. This policy explains how users authorise others to access their personal mailbox, how line managers can access mailboxes in cases such as unplanned absences and how line managers can deal with suspected misuse. The policy also explains the process lawful business monitoring. Scope This policy applies to all individuals who use Force communication systems including police officers, police staff, police community support officers, special constables, volunteers, temporary staff, agency staff, ex-employees and any contractors. Access to personal emails Introduction There will be occasions when a mailbox will need to be accessed by your line manager, such as when absence is short notice and unplanned. It is advisable to allow your line manager access, but the authority can be withdrawn at any time. The procedures to be adhered to when requesting access to mailboxes are covered in this policy. Shared mailboxes will already be accessible by line managers and colleagues, the access to these will differ, however a designated person will need to be appointed whilst there is an absence. Principles All Force computer terminals and systems are for business use only. You should not use Force email for personal purposes, unless deemed necessary where Force business is involved e.g. sending Force work to your home email. The designated person must always consider any issues of confidentiality and legal privilege that may be contained within email messages and deal with them accordingly. Any access to mailboxes is granted for 14 days, then a new request must be submitted for further access time. When granted access, items from the mailbox can be forwarded, as required, however items must not be deleted. Access to personal emails and lawful business monitoring Page 2 of 6
If the owner of the mailbox is a representative of either the: Police Federation; Trade Union; or Superintendents Association, then the Federation or Superintendents Association Chair or Secretary, or the Union Branch Secretary should be consulted before the mailbox is accessed. Line manager responsibilities Line managers are responsible for: submitting a request via the IT Self Service Portal for permission of access; applying an Out of Office reply with appropriate wording; appointing a designated person access to the mailbox to deal with existing messages; ensuring relevant emails can be identified and forwarded to the appropriate recipient by the IT Department; reviewing access in respect of necessity, proportionality and collateral intrusion; when access is no longer required, notifying IT Self Service Portal without any undue delay; and informing the owner that you have access their mailbox when they return. Manager suspects misuse Introduction There will be occasions when there is suspected misuse of a mailbox and there will be a need to examine the contents overtly. This must be reported to the Professional Standards Department and the principles and responsibilities below adhered to. Definition Misuse of a mailbox may consist one or more of the following: using the mailbox to abuse position; and not using the system for a policing purpose. Principles Line managers have the discretion to report employees for suspected misuse of a mailbox. Any emails containing inappropriate content must be reported to the Professional Standards Department through the Confidential Reporting Procedure or Anonymous Messenger. The Head of Professional Standards Department is responsible for granting access to mailboxes where misuse is suspected. Line manager responsibilities Line managers are responsible for: submitting a report to the Head of Professional Standards Department, requesting access to the mailbox due to suspected misuse. You must consider: o necessity; Access to personal emails and lawful business monitoring Page 3 of 6
o proportionality; o how collateral intrusion is to be minimised; and o circumstances leading to the request. once authorised, submitting a request, documenting minimal details for access to be granted to a designated person via the IT Self Service Portal NOT including any details of the suspected misuse; and sending information to the IT Security Officer who will co-ordinate the request with the appropriate team. Designated officer The designated officer will then be granted access to the mailbox and their name will appear on the access control list. Lawful business monitoring Introduction The force allows for the monitoring and recording of communication within the workplace that has been transmitted using West Yorkshire Police systems. The aim is to review information for the purposes of training, standards or disciplinary proceedings. Definition Lawful business monitoring means: the obtaining of historic data and information to enable an audit of an individual s activity within the Force s communications systems; and interception, i.e. the live recording of, or the listening to conversations or communications and can involve the recording of anything witnessed. Both can extend to off duty use of Force communications systems. Principles Lawful business monitoring includes electronic communications, e.g. telephone calls, fax transmissions, emails and internet access on systems such as (but not limited to) Outlook accounts, storage drives, work mobile phones, electronic pocket notebooks, computer terminals and work laptops. There can be no monitoring or recording of personal or public telephone networks under lawful business monitoring. However, if individuals use a Force device for both private and business purposes then this policy procedure will apply. Lawful business monitoring requires that all individuals who use Force communications systems understand that: o their conversations and all other communications may not be considered private; and o West Yorkshire Police can record and monitor the use of Force communication systems and, as a result of any such monitoring, may instigate any of the below actions: Access to personal emails and lawful business monitoring Page 4 of 6
review standards of training or service delivery; review standard operating procedures or Force policy, procedures or guidance; or consider or instigate criminal or disciplinary proceedings. Force undertaking All staff should be reassured that monitoring and recording will only be adopted when necessary and the level of intrusion will be proportionate to the issue being considered. In criminal and misconduct cases, lawful business monitoring will be considered on a case by case basis with application, in the first instance, via the PSD s senior leadership team. Professional Standards Department responsibilities Lawful business monitoring as a result of intelligence or as part of a criminal investigation, is the responsibility of Professional Standards Department (PSD). The monitoring will not be speculative or random. PSD will assess intelligence and handle it in accordance with the principles of the Code of Ethics and Data Protection Act 1998 and it will be properly evaluated with regards to the necessity and proportionality of such activity. Applications for intelligence led lawful business monitoring will be made via PSD to a member of the Chief Officer Team. Access to personal emails and lawful business monitoring Page 5 of 6
Additional information Compliance This Policy complies with the following legislation and guidance: Data Protection Act 1998 Computer Misuse Act 1990 Regulation of Investigatory Powers Act 2000 Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 Human Rights Act 1998 Policy database administration Item Details Document title: Access to personal email and lawful business monitoring Owner: Professional Standards Author / Reviewer: Date of last review: 07/03/2016 Date of next review: 07/03/2017 The Equality and Human Rights Assessment for this policy is held on Force Registry which can be accessed via this link. The table below details revision information relating to this document: Topic title Date Policy revised into new format with the addition of 07/03/2016 lawful business monitoring. Agreed by JNCC. Access to personal emails and lawful business monitoring Page 6 of 6