Well ... it depends.
In the case where an employer is a public authority, probably, UNLESS
you provide an alternative (can they access GMail, for example).
(In fac we don't allow access to hotmail etc, for security reasons, but
we provide an alternative personal mailbox instead)
Check out the Lawful Business Practice Regulations or whatever they are
called in England.
We developed the following policy (Caveat: Guernsey law is EXTREMELY
similar to the UK in DP and Humanr Rights, but self-evidently is NOT the
UK) which may be of interest.
Policy
On use of computers, networks, email, telephone systems and the Internet.
The provisions of this policy apply to all members of staff and
contractors, and references to ‘employee’ should be construed accordingly.
Summary
Computer, telephone and internet facilties (including email) are made
available by the company to staff and contractors so they can can
effectively carry out their responsibilities in furthering the
objectives of the Company’s business.
In order to comply with the law, and for the benefit both of employees,
and the company as employer, we recognise that we should provide you
with guidance about what is (and what is not) appropriate use of these
faciltiies net in order to safeguard the interests both of you as
employees, and of the company.
Although access to these facilities does not form part of your employe
benefits, we do understand that occasionally there are times when you
might legitimately make private use of company facilities. For example,
to make or receive calls, to use a computer to send and receive personal
email or use the Internet for personal reasons. This policy is intended
to make clear what constitutes legitimate use in order that employees
can use these facilities to their full potential on company business and
understand what does and does not constitute acceptable use.
The policy is not intended to be restrictive.
Instead its aim is to give you a high measure of security and confidence
about your use of computers, email, telephones and the Internet whilst
you are at work.
It has been designed to safeguard the legal rights of employees under
the terms of both the Bailiwick’s Data Protection legislation (the Data
Protection (Bailiwick of Guernsey) Law 2000) and the Lawful Business
Practice Regulations issued by the Home Department (Guernsey Statutory
Instrument 28 of. 2004) as well as to protect the interests of the company.
Use of Computer Systems
Appropriate Use of Computers
Employees are encouraged to use the computer facilities and the Internet
in order to further the goals and objectives of their work
Examples of such activities would include, but not be limited to:
· Communicating with fellow employees, business colleagues, clients or
customers of the company within the context of your responsibilities.
· Acquiring or sharing information necessary or related to the
performance of your responsibilities.
· General use for the purpose of extending or expanding an individual's
personal knowledge or expertise in relation to their function within the
company.
· Reasonable use for communication purposes, independent learning,
access to public services etc.
Inappropriate Use
Computer and Internet use must not interfere with others’ use of the
network (i.e. the company’s internal network(s) and the public
Internet). At all times you must comply with the law in your use of
computer facilities and the Internet.
Examples of inappropriate activities might include, but not be limited to:
· Acting in a way that is not consistent with the professional status of
the company, which misrepresents the compahy, or would be likely to
bring the company into disrepute.
· Any illegal or unlawful purposes such as copyright infringement,
obscenity, libel, slander, fraud, defamation, harassment, intimidation,
forgery, or impersonation,
· Creation, transmition, storage, downloading or displaying of any
offensive, obscene, indecent or menacing images, data or other material
capable of being resolved into such material.
· Unreasonable or extensive personal use or use which does not enhance
or conflicts with an employee’s role within the company. For example
conducting commercial activities unrelated to company business (whether
competitive to the company’s business or not), dissemination of
unsolicited mass mailings or chain letters, providing access to
computing and network resources for non-employees etc.
· Inappropriately viewing, copying, altering, or destroying data,
software, documentation, or data communications belonging to the company
or another without permission.
· Sharing computer accounts or loaning accounts or passwords to other
people.
· Installation, distribution and use of illegally copied software
· Use of company systems to gain unauthorised access or attempt to gain
unauthorised access to any other computer systems, whether external or
internal.
· Deliberate computer tampering such as introducing malicious programs
into company comptuers or the network eg, computer viruses or worms.
· Deliberately attempting security breaches or attempting to bypass
legitimate security devices such as firewalls. Attempting to access or
circumvent authorised access to servers or network attached equipment
the user does not have authority to access is strictly prohibited.
· Disruption of network communication or integrity (including activities
such as network monitoring, packet spoofing, forging, flooding, port
scanning or attempting denial of service attacks).
· Physically moving, damaging or tampering with any compahy owned IT
system.
· Abuse of email facilities. Sending forged email, unsolicited or junk
email, harassing people via email etc. (Please also see the email policy
guidelines, below.)
You should be aware that your use of company computers may be monitored
and/or recorded for one or more of the lawful purposes which set out in
Statutory Instrument 2004/28 (The Guernsey Lawful Business Practice
Regulations). For example, for training and quality control, or the
prevention or detection of crime. A copy of these Regulations is
available on request.
Telephony
It is recognised that there will be occasions when you might need to
make short, personal telephone calls using company facilities in order
to deal with both urgent and occasional routine domestic matters. This
is entirely acceptable.
However, under no circumstances are ‘09’ or other premium-rate numbers
to be called. It should also be emphasised that calls to mobile
telephone numbers and the ‘087’ numbers used by some company’s call
centres can be much more expensive than to ‘geographical’ numbers and
you are expected to use your judgement so that the duration of such
calls is kept to the minimum necessary.
Where this is possible, you should try to make non-urgent personal calls
during breaks or outside of the normal working day so that they do not
interfere with your normal work. If your employment is for part of the
day only, such routine calls should normally be made outside work-time
if this is possible.
We also consider that it is legitimate for you to receive short calls
about personal and domestic matters or arrangements, providing the
number and/or duration of such calls does not interfere adversely with
your work.
Use of company telephone facilities (regardless of whether it is for
private or company purposes) which is in any way excessive (i.e. outside
of the guide defined above), defamatory, obscene or otherwise
inappropriate, will be regarded as misconduct. In serious cases this
may amount to gross misconduct and could lead to dismissal.
Information about calls made on any company telephone or line (such as
duration or destination) or the content of such calls may be recorded
for any of the legitimate purposes set out in the Lawful Business
Practice Regulations.
Email
As with telephones it is recognised that employees can use email for
personal means in certain circumstances.
However, please note that it is company policy that you are not
permitted under any circumstances to use a company email address (such
as [log in to unmask] or [log in to unmask] to send or receive personal
email. If you wish to send or receive personal email, a personal email
box will be provided upon request (e.g. [log in to unmask]) for that purpose.
For security reasons, it is company policy that external webmail
facilties (such as Hotmail, etc) must not be used from the company
network under any circimstances and that you are not allowed to use the
HTML setting on any email reader. (Please note: If you prefer to use an
existing external personal email address to send and receive personal
email, please ask for guidance as to whether this is possible, and how
it should be set up).
Email should be treated like any other form of written communication
and, as such, what is normally regarded as unacceptable in a letter or
memorandum is equally unacceptable in an email communication.
It is legitimate for employees to make use of email outside of normal
working time for personal reasons to send messages over the company
network provided they are not indecent, defamatory or otherwise
inappropriate. Personal email use should not interfere, either because
of its timing or extent, with the performance of your normal duties.
You must never open any email attachments (irrespective of whether they
are addressed to your work or to a personal address) except with
specific permission.
Please note that there is no longer any need to send or receive emails
with attachments except in exceptional circumstances (such as a failure
of private networking links), and you should be extremely wary of
unexpected email with an attachment which arrives from outside the
company as it is very highly likely to contain a virus.
If you receive an indecent or defamatory email, whether unwittingly or
otherwise,from whatever source, you must not forward the email to any
other address, and should report the matter immediately.
The use of email (regardless of whether it is in the course of the use
of company or personal email) to send or forward messages or attachments
which are in any way defamatory, indecent or otherwise inappropriate
will be treated as misconduct under the appropriate disciplinary
procedure. In serious cases this could be regarded as gross misconduct
and lead to dismissal.
The company may monitor the destination, source and content of all email
for any of the legitimate purposes set out in the Lawful Business
Practice Regulations. .The company also reserves the right to access
your email account in case of your unexpected or prolonged absence (e.g.
due to sickness) in order to allow it to continue to undertake the
employee's normal role.
Use of Internet
The primary reason for the provision of Internet access is for the easy
retrieval of information in order to enhance your ability to undertake
your role in the company..
However, as with email, we consider it legitimate for you to make use of
the company’s access to Internet in its various forms outside of normal
working hours for personal purposes as long as it is not used to view or
distribute improper material (such as text, messages or images which are
derogatory, defamatory or obscene). We also recognise that there can be
occasions where it is sensible for the employee to make occasional use
of the Internet for personal reasons such as a private transaction,
rather than having to spend considerably more time out of the office.
(Examples of this might include a bank transaction or the booking of a
holiday.)
Wherever such personal use is in non-working hours (such as during a
break), then it is always permissible. Where it is is within working
hours, there should be a good reason for the particular use (e.g. urgent
booking of a flight). In any event personal Internet use must not
interfere, either by its timing or extent, with the performance of your
duties.
Use of the Internet outside of these policy guidelines will be treated
as misconduct and in serious cases it could be treated as gross
misconduct and may lead to dismissal.
The Company reserves the right to monitor the use of the Internet from
particular computers or accounts where it suspects misuse of the
facility. The company may record or monitor any use of the Internet for
training, quality control and any of the legitimate purposes set out in
the Lawful Business Practice Regulations.
Tim Turner wrote:
> I'm possibly wearing my Devil's Advocate Hat - why should they (we) be
> allowed to do send personal emails at work? It might be nice, it might be
> useful, it might be more conducive to good employer / employee relations,
> but is it so terrible to refuse to allow staff to send personal emails? Is
> it in any way illegal to do so?
>
> Tim Turner
> Data Protection / FOI Officer
> Legal and Property Services
> Wigan Council
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Roland Perry
> Sent: Wed 11 April 2007 14:16
> To: [log in to unmask]
> Subject: Re: [data-protection] European Court of Human Rights: Personal
> calls and Internet usage from work are (maybe) protected
>
> In message <[log in to unmask]>, at
> 12:06:10 on Wed, 11 Apr 2007, Ian Welton <[log in to unmask]> writes
>> Individual levels of freedom as an element of privacy and the potential
>> contrast/conflict with organisational control/management generally
>> appears clearly in these types of cases.
>
> The aspect I'm most interested in is the ability of the (desk bound)
> employee to be able to send/receive important personal emails while at work.
> Due regard needs to be given to how much that distracts from their job (I
> wouldn't expect people to be able to run an eBay auction from
> work) but they should be allowed to do it (rather than it being absolutely
> banned) and when they do send/receive such emails there should be an
> adequate and reasonable degree of privacy.
> --
> Roland Perry
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All user commands
> can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses using Sophos
> anti-virus software.
>
> www.mimesweeper.com
> www.sophos.com
> **********************************************************************
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|