• No results found

RIPA (Regulations and Investigatory Powers Act)

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "RIPA (Regulations and Investigatory Powers Act)"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Dartmoor National Park Authority

INTERNET MONITORING POLICY & INVESTIGATION

PROTOCOL

Approved: February 2010 Review Date: September 2010

1. Introduction

Private use of the computer facilities is covered by other policies,

(Computer Security Policy and Internet Code of Practice). This policy is provided to assist management with its approach to determining what

constitutes misuse and provides guidance with investigation procedures and protocols to ensure a consistent approach is taken in dealing with potential misuse.

There are a number of pieces of legislation which determine what can and cannot be undertaken when monitoring Internet and email activity. These include:

• Data Protection Act 1998

• Freedom of Information Act 2000 • Human Rights Act

• RIPA (Regulations and Investigatory Powers Act) • Law Business Practices Regulations.

• Computer Misuse Act 1990

Monitoring logs will be retained for a period of 93 days and will be used for the purpose of sample testing user activity on the Internet.

2. Procedures

Monitoring of Internet activity will be undertaken by the Head of ICT. It is also the

responsibility of managers who suspect their staff of inappropriate use to request the ICT Team to undertake an analysis of the member of staff’s activities.

Where misuse of the internet is suspected, it should be confirmed and then classified as one of the five levels detailed in this document. Management should then take the following action according to the level of misuse.

Steps will be taken in the monitoring process to determine whether activity is as a result of the employee’s action of typing a URL address, searching or as a result of automatic updates to web pages where the page is left open in the background.

(2)

Evidence should be maintained of all issues raised with employees and management at what ever level to provide support in the case of challenge by any employee.

As part of the monitoring process any potential misuse should be ratified by reference to the employees working hours and the time recording entries where possible.

Where an employee has previously been warned about their use of the Internet additional monitoring will be undertaken on that employees activity. A monthly review of 3 days activity will be evaluated.

3. Definition of Misuse Level 5

1. Viewing or searching for inappropriate images of children and/or paedophile activity, including visiting sites, posting, downloading and saving images.

2. Intentionally visiting web sites containing illegal content, which results in the employee breaking the law

3. Knowingly posting viruses to web pages. 4. Hacking or attempting to hack web sites.

5. Attempting to defraud by use of the Internet or computer system.

In all cases above (apart from item 1 which should be reported to the police without delay) police involvement should only be with the agreement of a Director and after consultation with the Head of Legal & Democratic Services / Assistant Solicitor.

Level 4

1. Viewing or searching for inappropriate web sites, including visiting sites,

downloading and saving images, whether in the employee's own time or business time [for the purposes of this clause "inappropriate" shall include but not be limited to pornography, racism, hate crime etc]

2. Consistently spending more than 3% of their working time each week on non-business related Internet use (for full time employees this equates to 60 minutes). [for the purposes of this clause “consistently” shall mean for two or more

consecutive weeks]

3. Contributing to a web site or social networking site comments which are potentially harmful to the organisation.

(3)

Level 3

Consistently spending more than a total of 10 minutes a day of working time on non-business related internet use. [for the purposes of this clause “consistently” shall mean on five or more working days in any 10 day period]

Level 2

Spending more than a total of 5 minutes in a day during working time on non-business related internet use

Level 1

Spending up to a total of 5 minutes in a day during working time on non-business related internet use.

NB for the purposes of this clause, spending a total period of 2 minutes or less on a day shall be disregarded

For all of the above, the matter may be considered more serious and dealt with at a higher Level if there is repeated activity and action has previously been instigated and recorded on the employee’s personnel file.

4. Procedures for dealing with suspected misuse Level 1 Misuse (least serious)

The Head of ICT should ask the employee to confirm in writing that their use of specified web sites is for legitimate business reasons.

If there is any doubt about the explanation provided, the Head of ICT will inform the employee’s line manager.

The employee's line manager should check whether the use meets their expectations and if misuse is suspected the matter should be discussed with the employee.

If misuse is admitted or established, the employee should be warned in writing as to their future use of the Internet and a copy placed on their personnel file.

Level 2 Misuse

The Head of ICT will inform the employee’s line manager of the suspicions of misuse. They will also be provided with date and times and details of site names visited.

The employee's line manager should check whether the use meets their expectations and if misuse is suspected the matter should be discussed with the employee.

If misuse is admitted or established, the employee should be warned in writing as to their future use of the Internet and a copy placed on their personnel file.

(4)

Level 3 Misuse

The Head of ICT will inform the employee’s line manager and appropriate Director of the suspicions of misuse. They will also be provided with date and times and details of site names visited.

The employee's line manager should check whether the use meets their expectations and if misuse is suspected the matter should be discussed with the employee.

If misuse is admitted or established, the employee should be warned in writing as to their future use of the Internet and a copy placed on their personnel file.

If the misuse has taken place after a previous warning under this policy, consideration should be given as to whether disciplinary action is necessary and this will need to be undertaken in accordance with HR policies.

Where Internet access is not required as part of the employee's day to day job, the line manager, in consultation with the Head of ICT and Head of HR, should also consider whether Internet access should be withdrawn for a defined period of time.

NB: in any of the above, the Head of ICT must be informed of the outcome of any investigation for future internet monitoring purposes.

Level 4 Misuse

The Head of ICT will inform the employee’s line manager of the suspicions of misuse. They will also be provided with date and times and details of site names visited. The relevant Director must also be informed.

Consideration should be given to the suspension of the member of staff from Internet access during which time an extended analysis of Internet usage may be undertaken using the three months of data available within the monitoring logs.

If necessary computer forensic analysis can be obtained from Devon Audit Partnership to support the evidence identified in Internet log files. This facility ensures that the

investigation does not change any data on the hard drive of the user’s computer. The line manager or other senior officer designated by the relevant Director shall, in consultation with the Head of ICT, investigate the circumstances of the suspected misuse and establish whether it appears there has been misuse within the meaning of this policy. If misuse is admitted or established, consideration should be given as to whether formal disciplinary action is necessary and this will need to be undertaken in accordance with HR policies.

Level 5 Misuse (most severe)

If it appears that misuse has occurred which may amount to a criminal offence, a Director shall be informed as a matter of urgency. The Director, in consultation with the Head of Legal & Democratic Services / Assistant Solicitor and the Head of ICT shall make arrangements for the police to be informed without delay.

If it is believed that the misuse is so serious that it may amount to gross misconduct, the Director in consultation with the Head of HR shall make arrangements for the suspension of the employee, pending a disciplinary investigation.

(5)

If a police investigation does not take place, the relevant Director shall appoint a senior office to investigate, in consultation with the Head of ICT, the circumstances of the suspected misuse and establish whether there appears to have been misuse within the meaning of this policy.

If misuse is admitted or established, formal disciplinary action shall be undertaken in accordance with HR policies.

NB: if any investigation reveals inappropriate images of children and/or possible paedophile activity the investigation must be halted immediately and the matter reported to the Police.

If further investigation is undertaken after the discovery of inappropriate images of this nature the person investigating runs the risk of prosecution.

References

Download now ( PDF - 5 Page - 28.66 KB )

Related documents

arxiv: v5 [physics.flu-dyn] 6 Nov 2019

Based on this new expression for Ca c , a three-regime theory is formulated to describe the interface (in)stability: (i) in Regime I, the growth rate is always negative, thus the

Langmans Medical Embryology test bank questions

The corona radiata consists of one or more layers of follicular cells that surround the zona pellucida, the polar body, and the secondary oocyte.. The corona radiata is dispersed

MEDICAL FACILITIES - SECL (Dtd )

26 NCPH HOSPITAL, NCPH COLLIERY Dispensary CHIRIMIRI 60.. 27 GM

We Have Sinned: When Churches Say we are Sorry and the Politics of Apology and Reconciliation

This essay asserts that to effectively degrade and ultimately destroy the Islamic State of Iraq and Syria (ISIS), and to topple the Bashar al-Assad’s regime, the international

Journal of Applied Pharmaceutical Science

Standardization of herbal raw drugs include passport data of raw plant drugs, botanical authentification, microscopic & molecular examination, identification of

Assessing the Impact of Biodiversity Conservation in the Management of Maize Stalk Borer (Busseola f  

Field experiments were conducted at Ebonyi State University Research Farm during 2009 and 2010 farming seasons to evaluate the effect of intercropping maize with

TECHNICAL AND VOCATIONAL EDUCATION AND TRAINING (TVET) SYSTEM\ IN INDIA FOR SUSTAINABLE DEVELOPMENT

National Conference on Technical Vocational Education, Training and Skills Development: A Roadmap for Empowerment (Dec. 2008): Ministry of Human Resource Development, Department

Generating whole bacterial genome sequences of low-abundance species from complex samples with IMS-MDA

However, obtaining bacterial genomic information is not always trivial: the target bacteria may be difficult-to-culture or uncultured, and may be found within samples containing