Registered Charity No: 1081381 - Company Reg’d in England & Wales No: 4024662 Boscombe Link, 3-5 Palmerston Road, Bournemouth BH1 4HN. Tel & Fax: 01202 466130 email: contactus@bournemouthcvs.org.uk IT & Electronic Communications Policy (Including Social Media and use of Mobile Technology This document outlines Bournemouth CVS’s policy and trustee, volunteer and employee responsibilities for communication sent or received via the organisation’s systems, it covers both internal and external communication, including e-mail text messages, and social media. (This Policy replaces the BCVS IT Policy –Use of Telephones, E-mail and Internet first introduced in September 2002 and reviewed in January 2004). 1. Purpose and scope 1.1 Bournemouth CVS (BCVS) provides information and communication technology systems that enable us all to work efficiently. We recognise that electronic communications (e.g. emails; text messages; social media postings) play an essential role in the conduct of our organisation and that the way in which we all communicate with people not only reflects on us as individuals but also on us as a organisation. 1.2 In addition, BCVS provides access to the vast information resources of the internet to help us all do our job and be well informed. The facilities that we provide represent a considerable commitment of resources. This policy is designed to help you understand our expectations for the use of those resources and to ensure that you use those resources wisely. 1.3 This policy covers all individuals working for BCVS including trustees, employees, consultants, contractors, volunteers. 1.4 The electronic communications and IT equipment referred to in this policy includes, but is not limited to, computers, internet access, remote access connections, email servers, file storage, webmail, personal digital assistants (Blackberry’s, iPhones, iPads, Smart-Phones etc), telephones, mobile phones and computing and networking facilities owned and operated by BCVS 2. Policy 2.1 Information and electronic communication technology systems are provided to enable us all to work efficiently. They provide a means for communicating both internally and externally and, a means for storing 2 information, including personal or sensitive information. All users are therefore expected to use the systems provided in ways which: comply with legislative requirements (e.g. data protection, equality legislation, health and safety etc.) enhance efficiency and productivity enhance the reputation of BCVS 2.2 We recognise that the internet provides unique opportunities to participate in interactive discussions and share information on particular topics using a wide variety of social media, such as Facebook, Twitter, blogs and wikis. However, your use of social media can pose risks to our confidential information and reputation and can jeopardise our compliance with legal obligations. To minimise these risks, to avoid loss of productivity and to ensure that our IT resources and electronic communications systems are used only for appropriate business purposes, we expect adherence to this policy. 2.3 Breach of this policy may result in disciplinary action up to and including dismissal. Disciplinary action may be taken regardless of whether the breach is committed during working hours, and regardless of whether our equipment or facilities are used for the purpose of committing the breach. Guidance on how to use electronic communications and what would constitute a breach are given in sections 4, 6, 7 and 8 of this policy. Anyone suspected of committing a breach of this policy will be required to co-operate with our investigation, which may involve handing over relevant passwords and login details. 2.4 You may be required to remove internet postings which are deemed to constitute a breach of this policy. Failure to comply with such a request may in itself result in disciplinary action. 2.5 Third parties who have access to our electronic communication systems and equipment are also required to comply with this policy. 3. Implementing the policy 3.1 The Chief Executive has overall responsibility for the effective operation of this policy, but has delegated day-to-day responsibility for its operation to the Data Protection Officer. Responsibility for monitoring and reviewing the operation of this policy and making recommendations for change to minimise risks also lies with the Data Protection Officer. 3.2 All managers have a specific responsibility for operating within the boundaries of this policy, ensuring that all staff understand the standards of behaviour expected of them and taking action when behaviour falls below requirements. 3 3.3 We are all responsible for the success of this policy and should ensure that we take the time to read and understand it. Any misuse of social media should be reported to the Chief Executive. Questions regarding the content or application of this policy should also be directed to the Chief Executive. 4. Compliance with related Policies and Procedures 4.1 The Organisation’s policies and procedures (e.g. Disciplinary, Equality & Diversity Policy, Bullying and Harassment) apply equally to behaviour online as off-line. The IT resources and social media should never be used in a way that breaches any of our other policies. For example, if an internet post would breach any of our policies in another forum, it will also breach them in an online forum. You should never provide references for other individuals on social or professional networking sites, as such references, positive and negative, can be attributed to and create legal liability for both the author of the reference and BCVS. 5. Monitoring 5.1 The contents of our IT resources and communications systems are our property. Therefore you should have no expectation of privacy in any message, files, data, document, facsimile, telephone conversation, social media post, conversation or message, or any other kind of information or communications transmitted to, received or printed from, stored or recorded on our IT and communications systems. 5.2 We reserve the right to monitor, intercept and review, without further notice, your activities using our IT resources and communications systems, including but not limited to social media postings and activities, to ensure that our rules are being complied with and for legitimate business purposes and you consent to such monitoring by your acknowledgement of this policy and your use of such resources and systems. This might include, without limitation, the monitoring, interception, accessing, recording, disclosing, inspecting, reviewing, retrieving and printing of transactions, messages, communications, postings, log-ins, recordings and other uses of the systems as well as keystroke capturing and other network monitoring technologies. 5.3 We may store copies of such data or communications for a period of time after they are created, and may delete such copies from time to time without notice. 5.4 Do not use our IT resources and communications systems for any matter that you wish to be kept private or confidential from BCVS. 5.5 While an email that is clearly private does not fall within the definition of a communication that is relevant to BCVS business, we maintain a right to monitor such a communication where there is a reasonable suspicion that the 4 content breaches the policy, for example, by transmitting confidential information or pornography. 5.6 BCVS exercises the right to intercept emails and internet access under the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 for the following reasons: to investigate or detect the unauthorised use of the systems, e.g. to ensure that this policy is being observed, that no discriminatory or offensive content appears in emails etc. to maintain an adequate level of security for our computer systems to detect any computer viruses to check mailboxes of absent employees. 5.7 To exercise our right under the Regulations, the Organisation must have made all reasonable efforts to inform every person who may use the system that interception may take place. We believe that the communication of this policy to trustees, volunteers and employees meets this requirement. 6 Computer procedures 6.1 You are responsible for any actions carried out using your logon-id and password, therefore you must not: 7. use another person’s logon-id unless expressly authorised by management; attempt to gain unauthorised information concerning passwords or any other security measures; knowingly use a BCVS computer to attempt to gain unauthorised access to any other internal or external computer system; use any disk or CD ROM from outside the Organisation’s business unless it has been checked for viruses using an approved virus checker; forward virus warnings to anyone other than the Data Protection Officer regardless of who sent the warning. The use of email, social media or texting 7.1 The following sections of the policy provide common-sense guidelines and recommendations for using email, social media or texting responsibly and safely. 5 7.2 Protecting our reputation 7.2.1 You must not post disparaging or defamatory statements about BCVS or its users 7.2.2 You should avoid communications that might be misconstrued in a way that could damage our reputation, even indirectly. 7.2.3 Unless you are clearly speaking as part of your role within BCVS you should make it clear in social media postings that you are speaking on your own behalf. Write in the first person and use a personal e-mail address when communicating via social media. 7.2.4 You are personally responsible for what you communicate in social media. Remember that what you publish might be available to be widely read (including by BCVS itself, future employers and social acquaintances) for a long time. Keep this in mind before you post content. You should take particular care with jokes, off the cuff remarks and never assume that what you write will remain private. 7.2.5 You should ensure that your profile and any content you post are consistent with the professional image you present on behalf of BCVS. 7.2.6 Avoid posting comments about sensitive business-related topics, such as our performance. Even if you make it clear that your views on such topics do not represent those of BCVS, your comments could still damage our reputation. 7.2.7 You must not post anything of a confidential nature or which could reasonably be expected to be confidential. 7.2.8 If you are uncertain or concerned about the appropriateness of any statement or posting, refrain from making the communication until you discuss it with your manager or the Chief Executive. 7.2.9 If you see content in social media that disparages or reflects poorly on BCVS you should contact your manager or the Chief Executive. All staff are responsible for protecting our reputation. 7.3 Respecting colleagues, customers and partners 7.3.1 Do not post anything that your colleagues, customers, or partners, would find offensive, including discriminatory comments, insults or obscenity. 7.3.2 Do not post anything related to your colleagues, customers, or partners, without their written permission. 6 7.4 Receipt of Email or text 7.4.1 Should you receive an email or text message which has been wrongly delivered to your address you should redirect the message to that person. Further, in the event the email or text message contains confidential information, you must not disclose or use that confidential information. Should you receive an email which contravenes this policy the e-mail should be brought to the attention of your line manager. If you receive offensive material from an external source by email or text, you should not respond to it and should delete it immediately. 7.5 Personal Messages 7.5.1 Personal messages may be sent or posted on web logs but these should respect the primary purpose of the electronic communications system. This means the system should not be used for spreading gossip, or for personal gain or in breach of any of BCVS standard employment policies or practices on issues such as equal opportunities, sexual, racial and disability discrimination and harassment. If an external message or web log posting is personal, you should make it clear that the message is not being sent on behalf of BCVS. BCVS reserves the right to restrict or forbid such use. 7.6 Legal Action against the Organisation 7.6.1 Messages sent over the electronic communications system or by web log can give rise to legal action against BCVS. Claims of defamation, breaches of confidentiality or contract could arise from a misuse of the system. It is therefore vital for email or web log messages to be treated like any other form of correspondence and where necessary hard copies to be retained. You are also reminded that messages may well be disclosed in any legal action commenced against BCVS relevant to the issues set out in the electronic communication. 7.7 Business use of social media 7.7.1 If your duties require you to speak on behalf of the organisation in a social media environment, you must still seek approval for such communication from your manager, who may require you to undergo training before you do so and impose certain requirements and restrictions with regard to your activities. 7.7.2 If you are contacted for comments about the organisation for publication anywhere, including in any social media outlet, do not respond without prior approval. 7.8 Respecting intellectual property and confidential information 7.8.1 Our policies and contracts of employment restrict use and disclosure of our confidential and intellectual property. You should treat our valuable trade 7 secrets and other confidential information and intellectual property accordingly and not do anything to jeopardise them through the use of social media. 7.8.2 In addition, you should avoid misappropriating or infringing the intellectual property of other companies and individuals, which can create liability for BCVS, as well as the individual author. 7.8.3 Do not use our logos, brand names, slogans or other trademarks, or post any of our confidential or proprietary information without prior written permission. 7.8.4 To protect yourself and BCVS against liability for copyright infringement, where appropriate, reference sources of particular information you post or upload and cite them accurately. If you have any questions about whether a particular post or upload might violate anyone's copyright or trademark, ask your line manager before making the communication. 8. Organisation mobile phones 8.1 If you have been provided with a mobile phone by BCVS this section of the Policy will apply. 8.2 You should always bear in mind that conversations on your mobile may be overheard. Please ensure that you do not discuss information of a confidential nature in public where others may be able to hear your discussion. 8.3 You may use the phone for some personal calls and messages but you should respect that the primary purpose of the phone is for business use. BCVS reserves the right to charge you for personal use of the phone and/or to limit your personal use in particular if in the opinion of BCVS your personal use of the phone is excessive or inappropriate. 8.4 BCVS is responsible for insuring the phone and therefore if the phone is lost or damaged you agree to inform the Finance Officer immediately so that the insurers can be notified. 8.5 BCVS is also responsible for repairing and maintaining the phone and you should notify the Finance Officer as soon as possible if any maintenance or repairs are required so that appropriate arrangements can be made. The written permission of BCVS must be obtained before any maintenance or repair work is undertaken. 8.6 The phone remains the property of BCVS at all times and should be returned upon request. Upon the termination of your employment you must return the phone to the Finance Officer in good condition subject to reasonable wear and tear, and must notify BCVS of any passwords necessary to access the phone. 8 8.7 You should be aware that as the phone is the property of BCVS our usual rules regarding interception of communications apply. You agree that all your communications (including telephone conversations, text messages and/or use of the Internet) made using the BCVS phone may be monitored and/or recorded by the Organisation. Date: Signed: Chair of BCVS Board Policy agreed: Reviewed: Chief Executive BCVS