Access to personal accounts and lawful business monitoring

Similar documents
Access Control Policy

Responsible Officer Approved by

PS Mailing Services Ltd Data Protection Policy May 2018

Information Security Incident Response and Reporting

Policy General Policy GP20

Virginia Commonwealth University School of Medicine Information Security Standard

Use of Personal Mobile Phone Whilst on Duty

Information Security Policy

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Privacy Impact Assessment

RMU-IT-SEC-01 Acceptable Use Policy

INFORMATION ASSET MANAGEMENT POLICY

The University of British Columbia Board of Governors

Information Security Incident Response Plan

Electronic Communications with Citizens Guidance (Updated 5 January 2015)

University of Liverpool

Corporate Information Security Policy

UCL Policy on Electronic Mail ( )

Institute of Technology, Sligo. Information Security Policy. Version 0.2

Malpractice and Maladministration Policy

ICT User Access Security Standard Operating Procedure

Information Security Incident Response Plan

Acceptable Use Policy

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

Company Policy Documents. Information Security Incident Management Policy

GDPR Draft: Data Access Control and Password Policy

INFORMATION TECHNOLOGY SECURITY POLICY

MNsure Privacy Program Strategic Plan FY

Data Protection Policy

IEEE Electronic Mail Policy

Policy & Procedure Privacy Policy

Notebooks and PDAs. Standard Operating Procedure

SCOTTISH ENVIRONMENT PROTECTION AGENCY. Information Technology Acceptable Use Procedure. Final Version 5.10 Page 1 of 7

Mobile Communication Policy

DATA SUBJECT ACCESS REQUEST PROCEDURE

This procedure sets out the usage of mobile CCTV units within Arhag.

ACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010

Motorola Mobility Binding Corporate Rules (BCRs)

DATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:

We reserve the right to modify this Privacy Policy at any time without prior notice.

INFORMATION TO BE GIVEN 2

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

Data Breach Notification Policy

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

DATA PROTECTION POLICY THE HOLST GROUP

Data Encryption Policy

Credit Card Data Compromise: Incident Response Plan

Information Security Strategy

Springfield, Illinois Police Department

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

PS 176 Removable Media Policy

II.C.4. Policy: Southeastern Technical College Computer Use

Eco Web Hosting Security and Data Processing Agreement

2.1 The type of personal information that auda collects about you depends on the type of dealings you have with us. For example, if you:

REGULATION BOARD OF EDUCATION FRANKLIN BOROUGH

Leiden University Regulations on ICT and Internet Use. Version

DATA PROCESSING TERMS

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

DATA PROTECTION POLICY

Severn Trent Water. Telecommunications Policy and Access Procedure

ICT User Policy. for use in Essa Academy Essa Primary Academy Essa Nursery and Support Services

UWC International Data Protection Policy

University of Ulster Standard Cover Sheet

INFORMATION CODE OF CONDUCT

Access to University Data Policy

State of West Virginia Department of Health and Human Resources (DHHR) Office of Management Information Services (OMIS)

UCSU Student and Applicant Data Privacy Statement

ICT Acceptable Use Policy (AUP)

Communication and Usage of Internet and Policy

Brasenose College ICT Systems Privacy Notice (v1.2)

Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice

Article I - Administrative Bylaws Section IV - Coordinator Assignments

Information Governance Incident Reporting Procedure

Information Governance Incident Reporting Policy and Procedure

Information Governance Incident Reporting Policy

PCA Staff guide: Information Security Code of Practice (ISCoP)

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

Standard for Security of Information Technology Resources

E RADAR. All Rights Reserved. Acceptable Use Policy

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

1 Privacy Statement INDEX

Acceptable Usage Policy (Student)

IT Appropriate Use - Best Practice for Guidelines. Section 1 - Purpose / Objectives. Section 2 - Scope / Application. Section 3 - Definitions

Information Technology Access Control Policy & Procedure

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

01.0 Policy Responsibilities and Oversight

ICT Portable Devices and Portable Media Security

Network Account Management Security Standard

The John Fisher School ICT Policy

Enterprise Income Verification (EIV) System User Access Authorization Form

LifeWays Operating Procedures

DCU Guide to Subject Access Requests. Under Irish Data Protection Legislation

The General Data Protection Regulation

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018

Complaints and Compliments Policy. Date Approved: 28 September Approved By: Governing Body. Ownership: Corporate Development

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

INFORMATION SECURITY AND RISK POLICY

To use centralised systems for remote control of computers and deployment of software, system images and security updates.

TELEPHONE AND MOBILE USE POLICY

Data Protection Policy

Transcription:

Access to personal email accounts and lawful business monitoring Contents Policy statement... 2 Access to personal emails... 2 Manager suspects misuse... 3 Lawful business monitoring... 4 Additional information... 6 Access to personal emails and lawful business monitoring Page 1 of 6

Policy statement Summary West Yorkshire Police will allow access to personal emails that are administered by the force, by a designated person ensuring the efficiency and integrity of the organisations whilst safeguarding the individual from unnecessary access. The force will also have a framework for the ethical monitoring, interception and recording of communications within the workplace which are transmitted using West Yorkshire Police systems. This policy explains how users authorise others to access their personal mailbox, how line managers can access mailboxes in cases such as unplanned absences and how line managers can deal with suspected misuse. The policy also explains the process lawful business monitoring. Scope This policy applies to all individuals who use Force communication systems including police officers, police staff, police community support officers, special constables, volunteers, temporary staff, agency staff, ex-employees and any contractors. Access to personal emails Introduction There will be occasions when a mailbox will need to be accessed by your line manager, such as when absence is short notice and unplanned. It is advisable to allow your line manager access, but the authority can be withdrawn at any time. The procedures to be adhered to when requesting access to mailboxes are covered in this policy. Shared mailboxes will already be accessible by line managers and colleagues, the access to these will differ, however a designated person will need to be appointed whilst there is an absence. Principles All Force computer terminals and systems are for business use only. You should not use Force email for personal purposes, unless deemed necessary where Force business is involved e.g. sending Force work to your home email. The designated person must always consider any issues of confidentiality and legal privilege that may be contained within email messages and deal with them accordingly. Any access to mailboxes is granted for 14 days, then a new request must be submitted for further access time. When granted access, items from the mailbox can be forwarded, as required, however items must not be deleted. Access to personal emails and lawful business monitoring Page 2 of 6

If the owner of the mailbox is a representative of either the: Police Federation; Trade Union; or Superintendents Association, then the Federation or Superintendents Association Chair or Secretary, or the Union Branch Secretary should be consulted before the mailbox is accessed. Line manager responsibilities Line managers are responsible for: submitting a request via the IT Self Service Portal for permission of access; applying an Out of Office reply with appropriate wording; appointing a designated person access to the mailbox to deal with existing messages; ensuring relevant emails can be identified and forwarded to the appropriate recipient by the IT Department; reviewing access in respect of necessity, proportionality and collateral intrusion; when access is no longer required, notifying IT Self Service Portal without any undue delay; and informing the owner that you have access their mailbox when they return. Manager suspects misuse Introduction There will be occasions when there is suspected misuse of a mailbox and there will be a need to examine the contents overtly. This must be reported to the Professional Standards Department and the principles and responsibilities below adhered to. Definition Misuse of a mailbox may consist one or more of the following: using the mailbox to abuse position; and not using the system for a policing purpose. Principles Line managers have the discretion to report employees for suspected misuse of a mailbox. Any emails containing inappropriate content must be reported to the Professional Standards Department through the Confidential Reporting Procedure or Anonymous Messenger. The Head of Professional Standards Department is responsible for granting access to mailboxes where misuse is suspected. Line manager responsibilities Line managers are responsible for: submitting a report to the Head of Professional Standards Department, requesting access to the mailbox due to suspected misuse. You must consider: o necessity; Access to personal emails and lawful business monitoring Page 3 of 6

o proportionality; o how collateral intrusion is to be minimised; and o circumstances leading to the request. once authorised, submitting a request, documenting minimal details for access to be granted to a designated person via the IT Self Service Portal NOT including any details of the suspected misuse; and sending information to the IT Security Officer who will co-ordinate the request with the appropriate team. Designated officer The designated officer will then be granted access to the mailbox and their name will appear on the access control list. Lawful business monitoring Introduction The force allows for the monitoring and recording of communication within the workplace that has been transmitted using West Yorkshire Police systems. The aim is to review information for the purposes of training, standards or disciplinary proceedings. Definition Lawful business monitoring means: the obtaining of historic data and information to enable an audit of an individual s activity within the Force s communications systems; and interception, i.e. the live recording of, or the listening to conversations or communications and can involve the recording of anything witnessed. Both can extend to off duty use of Force communications systems. Principles Lawful business monitoring includes electronic communications, e.g. telephone calls, fax transmissions, emails and internet access on systems such as (but not limited to) Outlook accounts, storage drives, work mobile phones, electronic pocket notebooks, computer terminals and work laptops. There can be no monitoring or recording of personal or public telephone networks under lawful business monitoring. However, if individuals use a Force device for both private and business purposes then this policy procedure will apply. Lawful business monitoring requires that all individuals who use Force communications systems understand that: o their conversations and all other communications may not be considered private; and o West Yorkshire Police can record and monitor the use of Force communication systems and, as a result of any such monitoring, may instigate any of the below actions: Access to personal emails and lawful business monitoring Page 4 of 6

review standards of training or service delivery; review standard operating procedures or Force policy, procedures or guidance; or consider or instigate criminal or disciplinary proceedings. Force undertaking All staff should be reassured that monitoring and recording will only be adopted when necessary and the level of intrusion will be proportionate to the issue being considered. In criminal and misconduct cases, lawful business monitoring will be considered on a case by case basis with application, in the first instance, via the PSD s senior leadership team. Professional Standards Department responsibilities Lawful business monitoring as a result of intelligence or as part of a criminal investigation, is the responsibility of Professional Standards Department (PSD). The monitoring will not be speculative or random. PSD will assess intelligence and handle it in accordance with the principles of the Code of Ethics and Data Protection Act 1998 and it will be properly evaluated with regards to the necessity and proportionality of such activity. Applications for intelligence led lawful business monitoring will be made via PSD to a member of the Chief Officer Team. Access to personal emails and lawful business monitoring Page 5 of 6

Additional information Compliance This Policy complies with the following legislation and guidance: Data Protection Act 1998 Computer Misuse Act 1990 Regulation of Investigatory Powers Act 2000 Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 Human Rights Act 1998 Policy database administration Item Details Document title: Access to personal email and lawful business monitoring Owner: Professional Standards Author / Reviewer: Date of last review: 07/03/2016 Date of next review: 07/03/2017 The Equality and Human Rights Assessment for this policy is held on Force Registry which can be accessed via this link. The table below details revision information relating to this document: Topic title Date Policy revised into new format with the addition of 07/03/2016 lawful business monitoring. Agreed by JNCC. Access to personal emails and lawful business monitoring Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback