Policy

Acceptable Use Policy for Staff

Standards of Behaviour at Work - the Use of Electronic Communications

Policy

1. The Policy

The electronic communications policy covers internal and external electronic communications. They apply to all resources provided for UWE Staff and consultants/contractors, including but not limited to:

    • Audio-visual equipment

    • Blogs

    • Computers

    • Computing software

    • E-mail

    • Fax

    • Instant Messaging/Collaborative applications

    • Internet and Intranet

    • Mobile devices i.e. laptops, mobile phones, blackberries, PDA’s, IPhones etc…

    • Network

    • Photocopiers

    • Printers

    • Remote access service e.g. XA (Xternal Access)

    • Scanners

    • Telephone or videophone

    • Text

    • Voicemail

Note 1: In this policy, staff may also be referred as users.

Note 2: Contractors need to abide to this policy and other Security policies in the same way as a member of UWE staff.

2. Introduction

2.1 This policy should be read in conjunction with the University's policy statements on ‘Dignity at Work’ and other Human Resources Policies.

2.2 This document outlines the expectations placed on staff in relation to their use of Electronic Communications in the workplace.

2.3 This document must also be read in conjunction with the Computer-related legislation. See appendix 3.

2.4 The University believes it is important that staff have a clear understanding of the expectations that the University places on them and the standards to which they are expected to work. These relate both to the work they undertake and the way in which they conduct themselves at work.

2.5 UWE is connected to the internet via the Joint Academic Network (JANET). As well as this policy, JANET’s own Acceptable Use Policy must be adhered to. Please visit http://www.ja.net/services/publications/policy/aup.html

3. Approach

The underlying philosophy is that the University's Electronic Communications facilities should be used in a manner which is ethical, legal, and appropriate to the University's aims. The facilities must be used in a manner which does not obstruct the work of others and which encourages a scholarly atmosphere to be maintained. The system is a shared resource and each user has responsibility to learn how to use it appropriately. The University encourages the use of its Electronic Communications systems and services, but discourages behaviour which may inconvenience other users.

4. Scope

This policy applies to all users of Electronic Communications facilities in relation to:

  • Electronic Communications facilities owned, leased, hired or otherwise provided by the University, connected directly or remotely to the University's network or Electronic Communications facilities, or used on the institution's premises, or individuals connecting their equipment to the network e.g. personal laptops

5. Access to and the Use of Electronic Communications Facilities

5.1 No one may use Electronic Communications facilities without prior registration, except where the facility is offered as a service to the public (for example, the University web site for which Terms and Conditions are available at http://www.uwe.ac.uk/info/termsAndConditions.shtml).

5.2 Registration to use the University's Electronic Communications facilities constitutes acceptance of this policy.

5.3 Staff are given access to those parts of the system which are appropriate to their role. Users, including UWE staff and contractors, are therefore not normally expected to seek access to other parts of the system unless authority is given. Unauthorised access to data is not acceptable and may result in disciplinary action.

5.4 The granting of access rights to Electronic Communications facilities will be by the provision of access cards, user IDs and passwords giving access to locations, hardware and/or software facilities. The provision of such user references and passwords will constitute access rights for the use of those Electronic Communications facilities under the conditions applicable to those facilities.

5.5 Staff must notify IT Services of any change in their duties which may affect their access and right to use Electronic Communications facilities.

5.6 Contractors working on behalf of UWE must comply with the Acceptable Use Policy and other Security policies in the same way as a UWE member of staff.

5.7 Staff using Electronic Communications facilities are expected to comply with the conditions of use which include the following. Users must not:

  • disclose user ids, personal passwords which give access to the system (NB personal passwords should be changed regularly. Please refer to Important Information on Passwords on the ITS web site.). In exceptional circumstances, a password may be disclosed to a UWE member of staff, e.g. for the prevention or detection of crime or for securing the health, safety and welfare of people at work.
  • enable unauthorised third party access to the system
  • use a University user id or password intended for the exclusive use of another user, unless under exceptional circumstances (see first bullet point).
  • deliberately damage Electronic Communications equipment
  • delete, amend or otherwise corrupt the data or data structures of other users without their explicit permission
  • knowingly introduce viruses or other harmful programs or files
  • connect to any internal Electronic Communications facility without the permission of the appropriate manager
  • attempt to gain deliberate unauthorised access to external facilities or services
  • attempt to access, download or store, illegal materials from the Internet
  • use the Electronic Communications facilities to send unsolicited, unauthorised commercial or illegal advertising or other material
  • load software for which no licence is held
  • modify software
  • attempt deliberate or reckless overloading of networks, websites or other IT and Communications facilities
  • use the Electronic Communications facilities of the University for commercial gain without the explicit permission of the appropriate authority.

5.8 Much of the information held on the University's Electronic Communications systems is confidential and must not be disclosed to other parties. Should staff be in any doubt about disclosing information, then they should seek advice from their manager or other appropriate managers. In addition, if staff are in doubt about whether an action might constitute unacceptable use, he/she should consult the IT Security Coordinator in IT Services.

6. Equipment

6.1 Staff are responsible for ensuring that they are sufficiently familiar with the operation of any equipment they use to make their use safe and effective.

6.2 No equipment or other Electronic Communications facility may be moved without the prior agreement of IT Services.

6.3 No equipment may be connected to the University's networks without the prior agreement of IT Services.

6.4 Staff must ensure that they have up-to-date Anti-Virus software installed plus a firewall running at all times on equipment connected to the UWE network.

6.5 Serious damage or the theft of Electronic Communications equipment should be reported to the University's security staff who will advise the University’s Insurance Officer and IT Services.

7. The Use of electronic messages (including e-mails, texts, instant messaging, blogs, wikis etc…)

7.1 Electronic Communications such as e-mails, texts, instant messaging, blogs etc… are fast and convenient means of communicating information. However, because of this there may be a temptation not to take sufficient care when initiating messages and sending replies. It is important that users recognise the need to pay the same care and attention to the composition of electronic messages as to other forms of written communication. An informal communication may be appropriate in some circumstances, for example when communicating with colleagues on an informal topic. It will not however be appropriate when the issue is more formal or when communicating externally. Care should be exercised in constructing messages, for example, the use of capitals is considered to be the equivalent of shouting. Electronic messages lack the cues and clues that convey the sense in which what you say is to be taken, and the wrong impression can easily be conveyed.

7.2 Electronic messages are a valuable means of communication and can be the most appropriate mechanism in a variety of circumstances. For example, for short memos, when the purpose of the communication is to convey straightforward information, where speed of communication is important and where a consistent message to a number of people is required. However there are also a number of situations where it is unlikely to be the most appropriate, for example:

  • when the information to be communicated is complex and/or lengthy
  • when discussion about a topic is likely to be necessary and hence face to face contact is more appropriate
  • when a signature is required on a communication

7.3 Electronic messages should not be used:

  • where the type of information being communicated is such that it would be better conveyed face to face or in writing. This could include information of a sensitive, personal or confidential nature. It should also be remembered that there is inevitably an increased risk of information sent via electronic messages being misdirected. Please refer to the Data Security and UWE IT Security Policies.
  • as a substitute for conveying information personally when this would be more appropriate.

7.4 When an electronic message is used to communicate simple messages to all staff, it must be supplemented by some other form of communication for those categories of staff who do not have access to a computer (if the message is in the form of an e-mail); or a mobile phone if it’s a text or any other devices used to send the electronic message) in their daily activities.

8. The Use of E-Mail

8.1 The e-mail system can be accessed by all users whose role and responsibilities require them to use the computing network. Its use is therefore extensive and hence it is important that all of its users recognise that, whilst such a system can have many benefits, there are also limitations.

Users should note that e-mail is considered by the University as a standard communication mechanism. Those staff who are given access to the system will therefore be expected to access the facility as regularly as necessary to send and receive information.

8.2 The e-mail system should not be used as a means of storing important information.

8.3 E-mail is not always the best way to communicate information as e-mail messages can often be misunderstood, and the volume of e-mail messages people receive can be prohibitive to receiving a meaningful reply because of e-mail overload.

It is the responsibility of the person sending an e-mail message to decide whether e-mail is the most appropriate method to communicate the information. The decision to send an e-mail should be based on a number of factors including:

• The subject of the message

• The recipient’s availability

• The speed of transmission

• The speed of response

• The number of recipients

8.4 For further guidance on using e mail, please see the appendix 1 and 2 on ‘E-mail best practice’ and ‘E-mail etiquette’ at the end of this document.

8.5 There will be occasions on which the University may need to monitor personal e-mail accounts, and hence will require access to the relevant personal e-mail account. These occasions will be exceptional. Where this is necessary, the individual concerned will be advised.

9. Contracts

Users should be aware that enforceable contracts may be formed over the internet and e-mail, and staff should therefore take care to avoid entering into any written commitments which might be legally binding where they do not have the appropriate authority to do so.

10. The Use of UWE Discussion Boards and Forums

The Discussion Boards and Forums belonging to UWE (including Blackboard and UWE Facebook sites) are for staff and students to exchange, discuss and share valuable and helpful pieces of information.

Users of discussion boards and forums should be aware of the following:

10.1 About your posting:

The discussion boards and forums must not be used to:

  • post information of a sensitive, personal or confidential nature;
  • post messages which are discriminatory, sexually harassing or offensive to others on the grounds of race, age, disability, gender, religion or sexual orientation;
  • post messages using inappropriate language;
  • post commercial or promotional messages;
  • post images from other sites;
  • post illegal content

Your postings should be:

  • to the point and concise;
  • fair and reasonable;
  • non-defamatory, legal and clean (libellous, illegal or obscene postings will not be tolerated and may result in legal action);
  • posted once only.

10.2 About the law:

Use of the UWE notice boards and forums is bound by the terms and conditions of the UWE acceptable use policy and legislation such as the Data Protection Act and the Copyright laws. Please refer to sections 18 and 19, and See appendix 3.

10.3 We reserve the right to:

  • prohibit or delete a posting without notice if we consider it inappropriate;
  • trace the identity of a person who posted a message that breaches the rules and regulations stated in this policy;
  • take further action and apply penalties (including legal action), if the message posted has caused serious harm to an individual, a group or an organisation;

11. Publishing to the UWE web site

Please be aware that web pages published on the UWE web site may be copied by an external party and posted onto another web site without the consent of the University. In this case, the University has limited control or no control to stop the copying and what ensues. It is therefore strongly advised not to post personal data and/or data which could be used in a defamatory context on another site.

Other guidelines must be respected when publishing to the UWE web site. Please visit the Web Standards: http://info.uwe.ac.uk/standards/web/

12. Access to the Internet

The University allows lawful access to the internet. However, the rules listed in this policy must be respected.

Staff must access the internet responsibly and for conducting UWE related businesses. The right of access is subject to the UWE requirement of the member of staff and must not cause any harm, either directly or indirectly, to the staff or other members of staff, or the University.

Access to a site may be granted. However, it does not state that the access to the site is acceptable and/or appropriate.

The University reserves the right to carry out general checks to ensure appropriate use of facilities including internet access, and employs relevant technology to facilitate this. Regular checks may be carried out if inappropriate use has been suspected.

Inappropriate use includes accessing, storing and disseminating material that is:-

    • Illegal (including sites encouraging unlawful activity)

    • Obscene or deliberately offensive in nature

    • Discriminatory (on the grounds of age, disability, faith or belief, gender, race or sexual orientation)

    • Likely to result in harassment or bullying of others

13. The Use of printing equipment

Printing and photocopying equipment is provided only for work-related activities. It is recognised that a small amount of personal use may take place but frequent and heavy usage is not permitted. Printing & Stationery Services welcome private printing work, charge competitive rates and deliver professional results.

The University aims to reduce the environmental and cost impact of printing and staff should note the following guidance;

Colour printing typically costs 10 times that of black only printing and should therefore only be used where the use of colour is absolutely necessary to enhance understanding of a document.

Print on both sides of the paper wherever facilities exist to reduce the environmental impact and costs.

Desk-top ink jet and small laser printers should only be used for one or two pages at a time. Larger print runs should be sent to departmental laser printers or MFDs (currently the Canon machines) as these are cheaper for the University, many offering additional finishing options and duplex (double-sided) printing.

If the print run is in excess of 50 pages plan time to send to Printing & Stationery Services as this is the cheapest method of print within the University. Details of the services provided can be found here:

http://www.uwe.ac.uk/printing/

If you wish to use the University’s logo on your documents you MUST comply with the standards found here:

http://www1.uwe.ac.uk/webguidance/webdesignguidelines.aspx

There are strict regulations regarding the copying and printing of copyright material, details of which can be found in section 19.

14. The Use of telephones and mobile phones

Desk and mobile telephones are provided to enable staff to carry out their jobs. It is recognised that a small amount of personal use may be necessary but frequent and heavy usage is not permitted, especially to mobile phones and international destinations. Calls to premium rate numbers starting with 09 are not permitted. If your job requires access to an 09 number please contact Telecomms Services to arrange access. Calls to 0870, 0871 and 0844 numbers are restricted and if access is needed this should be arranged via your Faculty/Departmental telephone representative. Calls to numbers which permit onward dialling to other numbers must not be used.

Please note that staff should not use Skype on UWE equipment and network.

15. The Use of audio visual equipment

15.1 DO

    • Take the time to familiarize yourself with the equipment prior to using it

    • Follow the instructions or user guides where they are provided

    • Be aware that you are responsible for the security of the equipment that you have booked

    • Report any problems or faults to the IT Services Support Centre (x 123)

    • Be considerate for the next person to use the facilities and leave them in a tidy state

    • Do remember to return your radio mics to the safe in the room before you leave

    • Leave equipment (eg. visualisers) powered on in lecture theatres. These are timer controlled to save power, but also prevents confusion and time delays for the next person using the room

    • Logout of the PC when you are finished using it (but do not shut down the PC)

15.2 Do NOT

    • Leave "High Risk" equipment such as laptops and camcorders in an unattended or unlocked room. In the event of equipment being stolen without physical evidence of a break-in, the department or the individual concerned may be held financially liable

    • Place any food or drink near any A.V. equipment

    • Use marker or erasers on the projection screens

    • Connect any device other than via designated connection cables/points

    • Look directly into light source from a data projector.

16. The Use of SMS Texting for contacting students

Staff must ensure that all text messages sent by staff to students or by staff to staff follow the codes of conduct stated in this policy. Please refer to the section 17 on Unacceptable Behaviour. Staff must not overload the students or staff by sending an excessive number of texts to an individual or a group.

17. Unacceptable Behaviour (valid for all forms of electronic communications)

Unacceptable behaviour in relation to the use of Electronic Communications systems will not be tolerated and where it is identified a range of informal and formal routes may be followed. These include disciplinary action.

Some forms of behaviour will always be considered to fall below the standard of acceptability. These include:

  • the use of inappropriate language in communications
  • sending inappropriate messages including those which are discriminatory, sexually harassing or offensive to others on the grounds of race, age, disability, gender, religion or sexual orientation
  • the sending of potentially defamatory messages which criticise other individuals or organisations (legally e-mail is classified as a form of publication, governed by the rules of disclosure, libel and employment law).
  • the creation, display, downloading, production, circulation, storage or transmission in any form or medium of inappropriate material. This includes pornographic, offensive or illegal material downloaded from any source such as the Internet.
  • forwarding confidential, sensitive or personal information onto third parties without gaining appropriate consent
  • using the Electronic Communications systems for commercial gain
  • overloading the system by sending inappropriate bulk messages
  • sending messages which are rude, overbearing, aggressive or bullying – the Dignity at Work policy gives further information that could be relevant here

Please note that the University can and will investigate any inappropriate or unacceptable use of the Internet and other sources, if judged necessary.

18. Data Protection and Computer Misuse

The Data Protection Act 1998 outlines the legal position in relation to the use of data. The Computer Misuse Act 1990 makes provision for securing computer material against unauthorised access or modification; and for connected purposes. Under the Act, hacking and the introduction of viruses are criminal offences.

Staff who would like advice about the content or implications of this Act should contact Human Resources, or William Marshall, Director of Finance, the University's Data Controller.

For more information on the Data Protection Act and the Computer Misuse Act, please see Appendix 3.

19. Copyright

Users have a responsibility to ensure that copyright and licensing laws are not breached when composing or forwarding e-mails, e-mails attachments and using the Internet. The laws regarding breach of copyright apply equally to the downloading and copying of information from the Internet. Staff must be clear whether there is an entitlement to download information before using and disseminating this. The University’s policy on this is at: http://imp.uwe.ac.uk/.

Follow the link to ‘Finance’ and type ‘Fin018’ in the field entitled ‘Containing this term’.

There are strict regulations regarding the copying and printing of copyright material, details of which can be found in here: http://www.uwe.ac.uk/library/info/copyright/

Other copyright legislation information can also be found in Appendix 3.

20. Other forms of Electronic Communications systems

The University uses surveillance equipment, in accordance with the Data Protection Act (please refer to section 18), in order to ensure the safety of its staff and security of its property. The University recognises the right of individuals to privacy and hence use of this equipment is restricted and would only be used for other purposes after appropriate staff had been advised of the intention to do so.

21. Electronic Signatures – UWE security protocol

21.1 No electronic signature may be used without authorisation from the signatory, which may be given generally (in which case it must be in writing and signed) or specifically, for example when contained in a print order request. In the case of a print order request, the request must include a valid cost code.

21.2 No electronic signature shall be used except for the purpose for which it was authorised, and in accordance with the terms and conditions of the authorisation.

21.3 The Head of Printing and Stationery shall ensure that no-one has access to scanned signatures held at Printing and Stationery except on the instruction of a senior member of the University.

21.4 Provided these regulations are complied with by the authoriser, the University will indemnify the authoriser against all costs, claims, actions and demands that may be made against the authoriser as a result of unauthorised use of the electronic signature by persons employed or engaged by the University.

21.5 Any unauthorised use of signatures, electronic or otherwise, will be treated by the University as a breach of the employee’s contract of employment and may be made the subject of disciplinary proceedings, apart from any civil or criminal proceedings that may be instituted under the Computer Misuse Act or otherwise.

22. Personal Use of Electronic Communications Systems

The majority of staff needs access to the University's Electronic Communications facilities in order to be able to fulfil the responsibilities of their role. The prime purpose of access to these facilities is therefore work related. Excessive personal use of the University's Electronic Communications systems is not acceptable. Monitoring of individual usage of the Electronic Communications facilities will not be undertaken as a matter of course. However, this may be necessary when concerns arise about the level or nature of personal use of the systems. Disciplinary action may be considered appropriate in such circumstances.

23. Taking Action

23.1 The 'Standards of Behaviour at Work' policy statement is contained within the policy ‘Dignity at Work’ and outlines the action that will be appropriate when problems with behaviour have been identified. This ranges from informal action through to formal disciplinary action and will depend on the nature of the issue. In the majority of cases, informal action will be most appropriate. There will be some circumstances, such as when the behaviour might constitute a disciplinary offence, when formal action may be necessary, in which case a formal investigation will occur. Disciplinary action may then be appropriate depending on the outcome of the investigation.

23.2 Even where a formal complaint is investigated locally and there is no disciplinary action taken as a result, Human Resources must be notified of all such complaints to ensure consistency of approach and decision making throughout the University.

23.3 The use of Electronic Communications facilities and data is subject to relevant legislation.

24. Sources of Advice and Assistance

Several sources of advice have been identified in this statement. Further recommendations on sources of assistance are given in the 'Dignity at Work – Standards of Behaviour at Work' policy statement.

25. Queries about the policy

Any queries about this policy statement should be raised with Human Resources or IT Services as appropriate.

26. Review of this policy

This policy is subject to periodic reviews. The University reserves the right to change this policy from time to time as may be deemed necessary. We therefore recommend that you check its content on a regular basis.

Appendix

Appendix 1 – Email best practice

1. When to Use E-mail

The Subject – E-mail messages can be used for different types of communication and can constitute a formal record of proceedings. The types of communication which e-mail can be used for include general business discussions, disseminating information, agreement to proceed and confirmation of decisions made. Although e-mail can be used for these types of communication, it may be necessary to consider whether the sensitivity of the information would be more appropriately communicated in a different way. Dealing with sensitive subjects in e-mails is addressed in more detail below. It should also be noted that there are certain subjects that should be avoided in e-mail messages as they could be construed as discriminatory; this is covered in more detail in the section on e-mail misuse.

Recipient’s availability – There are times when e-mail might not be the most appropriate way of communicating with people, for example if a message needs to be passed onto a person in the same office, speaking to them face to face might be more productive, particularly if they receive large volumes of e-mail. If the person to whom the message is being delivered is not located in the office, it might be better to phone them, depending on the subject or nature of the communication. When a message needs to be communicated to someone who is difficult to locate, for example they work in more than one office, then an e-mail message should be sent in preference to speaking to them either face to face or via the phone.

Speed of transmission – E-mail messages are a good way of transmitting information if the information is needed quickly and the recipient is expecting the information. Where information needs to be communicated as a matter of urgency, it is better to use the telephone.

Speed of Response – Although e-mail messages can be sent and delivered quickly, there is no guarantee that the message will be read or acted upon immediately. One of the perceived advantages of using e-mail is that it can be responded to at the recipient’s convenience. However, where an immediate action or response is required, it may be better to speak to the person directly and send e-mail confirmation if it is deemed to be necessary.

Number of Recipients – Although e-mail is often considered to be a good way of disseminating information to large groups it should be noted that there are some restrictions. The ability to send an e-mail to everyone is restricted. If a message needs to be conveyed to everyone this should be discussed with ITS. The website, myUWE portal or SharePoint, might be a more appropriate alternative.

E mail messages should only be copied to those people who need to see them. People should not be copied in to e mail messages as a way of exerting pressure on the main recipient.

2.Writing Business E-mail Messages

When writing business e-mail messages it is important that consideration is given to the way in which the message is being conveyed. This includes thinking about the title, the text and the addressees.

Dealing with Sensitive Subjects

The privacy and confidentiality of the messages sent via e-mail cannot be guaranteed. It is the responsibility of all senders to exercise their judgement about the appropriateness of using e-mail when dealing with sensitive subjects. Sensitive information can include commercial information, information about specific individuals or groups. All information of a sensitive nature that is sent via e-mail must be treated with care in terms of drafting and addressing. Sensitive information sent via e-mail that is incorrect might provide a case for initiating legal proceedings against the person sending the information or the University.

When sending e-mail messages that contain sensitive information the following issues MUST be considered:

• E-mail messages containing information that is not intended for general distribution should be clearly marked either in the title or at the beginning of the message.

• E-mail messages containing personal information are covered by the Data Protection Act (See section 18) and must be treated in line with the principles outlined in the Act. Under the Data Protection Act personal information includes opinions about an individual or the personal opinions of an individual. E-mail messages containing this type of information should only be used for the purpose for which the information was provided, be accurate and up to date, and must not be disclosed to third parties without the express permission of the individual concerned.

• E-mail messages that contain information that is not supported by fact should indicate that it is the sender’s opinion that is being expressed.

3. Misuse and Personal Use

There are types of e-mail use that are expressly prohibited and could result in formal disciplinary proceedings. It should be noted that e-mail messages can constitute a formal record and can be used as evidence in legal proceedings.

When writing e-mail messages the following conditions must be met:

• Any behaviour or comments that are not permitted in the spoken or paper environment are also not permitted in e-mail messages.

• Care should be taken when composing e-mail messages to ensure they are inoffensive and cannot be construed as harassment. Downloading and forwarding material of a pornographic, discriminatory or derogatory nature are all prohibited.

• The impersonal nature of e-mail messages can mean that it is easier to cause offence than when speaking. If you are annoyed or angry about something take time to ensure the message does not inflame the situation.

• E-mail messages containing inaccurate information in the form of opinion or fact about an individual or organisation, may result in legal action being taken against the person sending the e-mail message and anyone forwarding the e-mail message on to others.

• The forwarding of chain mail is not permitted.

• Only authorised personnel (i.e. the owner of the e-mail account or someone authorised by the owner) should access e-mail accounts.

A restricted level of personal use of the work e-mail account is permitted provided the following conditions are met:

• The sending of e-mail messages does not interfere with work commitments.

• The e-mail messages do not constitute misuse of e-mail, as detailed above.

To protect the e-mail network e-mail messages are routinely scanned to ensure they do not contain viruses.

The University reserves the right to monitor e-mail messages where it is considered appropriate (for example if it appears that e-mail may be being misused). However, the content of e-mail messages is not currently routinely monitored. If no action is to be taken as a result of monitoring then all the data collected will be destroyed immediately. If action is taken the data will be stored in compliance with the time limits set out in the retention schedule.

4 Managing E-mail Messages

Reasons for Organising your Mailbox

It is everyone’s responsibility to manage their e-mail messages appropriately. Doing so will mean that work can be conducted more effectively as it will help in locating all the information relating to specific areas of business. It will also aid compliance with the Freedom of Information and Data Protection Acts.

To manage e-mail messages appropriately e-mail messages that are records of business activities should be relocated from personal mailboxes (i.e. the inbox, where you receive e-mails which are addressed to yourself and the sent box, where e-mail addressed from you are sent to other people) to appropriate e-mail folders.

There may be occasions when it is necessary to access e-mail messages from an individual’s mailbox when a person is away from the office for an extended period, for example holiday, sickness. The reasons for accessing an individual’s mailbox are to action:

• Subject access request under the Data Protection Act

• Freedom of Information request

• Evidence in legal proceedings

• Evidence in a criminal investigation

• Line of business enquiry

• Evidence in support of disciplinary or grievance action

• Prevention or reduction of a serious and imminent threat to the life or health of the individual to whom the information relates or of another person.

In the event of absence an out of office message stating who should be contacted and the period of absence, should be set-up (this does not apply if working from home and accessing the e-mail system remotely).

Where it is not possible to seek permission from the relevant individual, the procedure for gaining access to their e-mail account is:

• Gain authorisation from the Dean or Head of Service (or Director)

• Submit a request to ITS

• Access is gained in the presence of the Line Manager

• A record is made of the reasons for accessing the mailbox together with the names of the people who were present.

• Inform the person whose mailbox was accessed.

(all the above requirements must be met)

Making your Mailbox Manageable

Managing an e-mail mailbox effectively can appear to be a difficult task, especially if the volume of e-mail messages received is regularly of a large quantity.

There are a number of approaches that you should follow to aid the management of e-mail messages. These include:

• Allocating sufficient time each day or week to read through and action e-mail messages

• Prioritising which e-mail messages need to be dealt with first

• Looking at the sender and the title to gauge the importance of the message

• Flagging where you have been ‘cc’d’ into e-mail messages. These messages are often only for information purposes and do not require immediate/any action.

• Setting rules for incoming messages so they can automatically be put into folders

• Using folders to group e-mail messages of a similar nature or subject together so they can be dealt with consecutively

• Identifying e-mail messages that are records or need to be brought to other people’s attention

• Keeping e-mail messages in personal folders only for short-term personal information. E-mails that are required for longer purpose should be managed as records.

• Deleting e-mail messages that are kept elsewhere as records.

• Emptying deleted e-mail messages from the “Deleted Items” folder

Deleting e-mail messages that are no longer required for reference purposes from the in and out box.

Appendix 2 – Email etiquette

Why have an email etiquette?

    1. Professionalism: by using proper email language your company will convey a professional image.

    2. Efficiency: emails that get to the point are much more effective than poorly worded emails.

    3. Protection from liability: employee awareness of email risks will protect your company from costly law suits.

Important rules for email etiquette at UWE:

    • Read and agree with the Student/Staff Acceptable Use Policy and in particular the Policy relating to the Use of Email. Please consult the Appendix at the end of the policy.

    • Be concise and to the point

    • Answer all questions and pre-empt further questions

    • Use proper spelling, grammar and punctuation

    • Make it personal but stay professional

    • Use templates for frequently used responses

    • Answer swiftly

    • Do not attach unnecessary files

    • Use proper structure and layout

    • Do not overuse the high priority option

    • Do not write in CAPITALS

    • Read the email before you send it

    • Do not overuse Reply to All (unless required)

    • Be aware of the Bulk Mailing rules at UWE. Please refer to:http://www.uwe.ac.uk/its/corporate/news/bulkmailinginfo.shtml

    • Be cautious when using abbreviations and emoticons

    • Be careful with formatting

    • Do not forward chain letters

    • Do not request delivery and read receipts

    • Do not use email to discuss confidential information

    • Use a meaningful subject

    • Avoid using URGENT and IMPORTANT unless necessary

    • Avoid long sentences

    • Do not send or forward emails containing libellous, defamatory, offensive, racist or obscene remarks

    • Do not reply to SPAM

    • Do not reply to emails asking for your username and password. These are phishing scams. Phishing is an attempt by frauders to ‘fish’ for personal information such as the login details that you use for work.

The University do not enforce the use of email disclaimers.

Appendix 3 – Computer related-legislation

1. Computer Misuse Act

The Computer Misuse Act (1990) was introduced to secure computer material against unauthorised access or modification. Three categories of criminal offences were established to cover the following conduct:

1. Unauthorised access to computer material (basic hacking) including the illicit copying of software held in any computer.

Penalty: up to six months of imprisonment or up to a £5,000 fine.

2. Unauthorised access with intent to commit or facilitate commission of further offences, which covers more serious cases of hacking.

Penalty: up to five years of imprisonment and an unlimited fine.

3. Unauthorised modification of computer material, which includes:

i. intentional and unauthorised destruction of software or data;

ii. the circulation of ‘infected’ materials on-line;

iii. an unauthorised addition of a password to a data file.

Penalty: up to five years of imprisonment and an unlimited fine.

You must not:

    • display any information which enables others to gain unauthorised access to computer material (this includes instructions for gaining such access, computer codes or other devices which facilitate unauthorised access);

    • display any information which may lead to any unauthorised modification of computer materials (such modification would include activities such as the circulation of ‘infected’ software or the unauthorised use of a password);

    • display any material which may incite or encourage others to carry out unauthorised access to or modification of computer materials.

2. Copyright

The Copyright, Design and Patents Act (1988) is applicable to all types of creations, including text, graphics and sounds by an author or an artist. This includes any which are accessible through the University's IT facilities and network. Any unloading, downloading or printing of information through on-line technologies, which is not authorised by the copyright owner will be deemed to be an infringement of his/her rights.

Some types of infringement give rise to criminal offences, the penalties for which are up to two years imprisonment or an unlimited fine. It is also possible for the copyright owner to claim compensation or to have infringing activities prevented by injunction.

For further information on Copyright, please see http://www.uwe.ac.uk/finance/sec/copyright/index.shtml

You must not:

    • make, transmit, print or store an electronic copy of copyright material on the University’s IT equipment without the permission of the owner.

3. Data Protection

The Data Protection Act (1998) concerns the processing of information about living individuals. It gives rights to those individuals about whom information is recorded and demands good practice in handling information about people.

Every person or organisation holding personal data (data controller) must be registered with the Information Commissioner.

For further information on Data Protection, please see http://www.uwe.ac.uk/finance/sec/dp/index.shtml

You must:

    • only use personal data for a University related purpose;

    • ensure that the use of University related personal data is restricted to the minimum consistent with the achievement of academic purposes;

    • contact the University's Data Protection Officer before conducting any activity which involves the collection, storage or display of personal data through the University’s IT facilities.

4. Official Secrets Acts

The Official Secrets Acts (1911) establish severe criminal penalties for any person who discloses any material which relates to security, intelligence, defence or international relations and which has come into that person’s possession through an unauthorised disclosure by a crown servant or government contractor. They also cover material which has been legitimately disclosed by a crown servant or government contractor on terms requiring it to be kept confidential or in circumstances in which it might reasonably be expected to be treated as confidential. This means that certain information handled by the University’s departments may be covered by the provisions of the Acts, particularly if such information concerns a project specifically commissioned by a government office.

You must:

    • Ensure that any such material is securely stored and avoid displaying it on the University’s IT facilities.

5. Defamation

Defamation consists of the publication of an untrue statement (which can include an opinion), which adversely affects the reputation of a person or a group of persons. If such a statement is published in a permanent form, as is the case with statements published on the Internet, including messages transmitted by email, an action for libel may be brought against those responsible.

In accordance with the Defamation Act (1996), the University acknowledges the convention of academic freedom, but will take all reasonable care to avoid the dissemination of defamatory material and will act promptly to remove any such material which comes to its attention. Messages which have only one intended recipient may reach a vast audience through the Internet and as a result, the transmission of statements which discredit an identifiable individual or organisation may lead to substantial financial penalties.

You must:

    • ensure that all published facts are accurate;

    • ensure that opinions and views expressed in personal home pages or via bulletin boards do not discredit their subjects in any way which could damage their reputation.

You must not:

    • place links to bulletin boards which are likely to publish defamatory materials.

Remember that your email communications are publications.

6. Obscenity

The University is committed to the prevention of publication through any of the University’s IT facilities of any material which it may consider pornographic, excessively violent or which comes with the provisions of the Obscene Publications Act (1959), the Protection of Children Act (1978) or the Criminal Justice Public Order Act (1994). The University will regard any such publications as a very serious matter, which it will not hesitate to report to the law enforcement agencies. Users of the IT facilities are reminded that these are principally for use in connection with academic purposes, therefore any use of the IT equipment to publish or gain access to obscene, pornographic or excessively violent material is inappropriate, and you may be liable to legal proceedings.

You must not:

    • disseminate, access or encourage access to materials which the institution deems to be obscene, pornographic or excessively violent through the University’s IT facilities.

7. Communications

The Telecommunications Act (1984) and the Interception of Communications Act (1985) make it illegal to communicate any information of an indecent, obscene or menacing character by a public telecommunications system, or to misuse or tap a telecommunications system.

You must:

    • ensure that use of institutional voice and data systems, i.e. telephones and networks, is operated in accordance with the provision of these acts.

8. Health and Safety

The Health and Safety at Work Act (1974), including the Control of Substances Hazardous to Health (COSHH) Regulations (1988), regulates safety in the workplace and contains a number of clauses pertinent to the IT environment, such as the Display Screen Equipment Regulations (1992).

You must:

    • operate in accordance with the institutional code of conduct as detailed in the health and safety section.

9. Computer Evidence

The Police and Criminal Evidence Act (1984) limits the use of certain computer material as evidence in court.

Disclosure of computer held information to the law enforcement agencies may be covered by the provision of this act.

10. Discrimination

Both the Sex Discrimination Act (1975) and the Race Relations Act (1976) are guided by the same principle, which is the prevention of unfair discrimination.

Placing discriminatory advertisements may in certain circumstances be regarded as a criminal offence under both Acts, which establish fines of up to £5,000 for those found guilty of causing such advertisements to be published. Inciting racial hatred by displaying any written material which is threatening, abusive or insulting is an offence under the Public Order Act (1986). Anyone found guilty of the offence of inciting racial hatred may be liable to imprisonment for up to two years.

In addition, European Union legislation can cover situations where discrimination takes place on the grounds of sexual orientation. Therefore, any material located on or disseminated through the University’s IT facilities which may be considered discriminatory or may encourage discrimination on grounds of sex, gender, sexual orientation, race or ethnic origin may be unlawful. Any such material will also be against the University’s Equal Opportunities Policy.

You must not:

    • use the University’s IT services to place or disseminate materials which discriminate or encourage discrimination on grounds of sex, gender, sexual orientation, religion, race or ethnic origin.

11. Criminal Law

The incitement to commit a crime is a criminal offence in itself, regardless of whether a crime has actually been committed or not. This includes the provision of information via IT equipment/services which facilitates crime.

You must not:

    • place links to sites which facilitate illegal or improper use;

    • place links to sites where copyright protected works, such as computer software, are unlawfully distributed;

    • place links to sites which display pornographic materials;

    • place links to bulletin boards which are likely to contain discriminatory statements.

    • post messages which would be in contempt of court.

12. Advertisements and Commercial Activity

The University’s IT facilities must not be used for placing or distributing advertisements relating to any course or business other than those promoting the University’s teaching and research activities or its own trading operations.

You must:

    • remember that all advertisements should be ‘legal, decent, honest and truthful’ and comply with the Code of Practice for Advertisers issued by the Advertising Standards Authority.

13. International Law and the Internet

Since there is no international convention on Internet regulation, caution is necessary in considering what law may be applicable. As a basic rule, all users of the University’s IT facilities must note that although certain materials may be considered legal in their places of origin, that does not prevent the application of UK law if those materials are considered to be illegal under the law in this country. Similarly, material transmitted world-wide is subject to the law of whichever country it is viewed in.

14. Regulation of Investigatory Powers Act 2000 & Lawful Business Practice Regulations

As required by UK legislation, IT Services draws to the attention of all users of the University's Data and Telephones Networks the fact that their communications may be intercepted as permitted by legislation.

The legislation allows an employer and/or organisation to intercept without consent for purposes such as recording evidence of transactions, ensuring regulatory compliance, detecting crime or unauthorised use, and ensuring the operation of their telecoms systems. The employer and/or organisation does not need to gain consent before intercepting for these purposes, although it does need to inform staff and students that interceptions may take place.

15. JANET’s Acceptable Use Policy

UWE is connected to the internet via the Joint Academic Network (JANET). As well as this policy, JANET’s own Acceptable Use Policy must be adhered to. Please visit http://www.ja.net/services/publications/policy/aup.html

16. UWE IT Acceptable Use Policy