Scottish Croquet Association

About This Policy

Our IT and communications systems are intended to promote effective communication and working practices. This policy outlines the standards you must observe when using these systems, when we will monitor their use, and the action we will take if you breach these standards.

Breach of this policy may be dealt with under our Grievances, Disciplinary and Appeals Procedure and, in serious cases, may be treated as gross misconduct leading to summary dismissal.

This policy may be amended from time to time.

Equipment security and passwords

You must only log on to our systems using your own username and password. You must not use another person's username and password or allow anyone else to log on using your username and password.

If you are away from your desk you should log out or lock your computer.

Systems and data security

You should not delete, destroy or modify existing systems, programs, information or data (except as authorised in the proper performance of your duties).

You should exercise particular caution when opening unsolicited e-mails from unknown sources. If an email looks suspicious do not reply to it, open any attachments or click any links in it.

Inform the SCA Webmaster immediately if you suspect your computer may have a virus.

Email

Adopt a professional tone and observe appropriate etiquette when communicating with third parties by email.  Remember that emails can be used in legal proceedings and that even deleted emails may remain on the system and be capable of being retrieved.

You must not send abusive, obscene, discriminatory, racist, harassing, derogatory, defamatory, pornographic or otherwise inappropriate e-mails.

When acting on behalf of the SCA, you should not:

• send or forward emails which you would not want a third party to read;
• send or forward chain mail, junk mail, cartoons, jokes or gossip;
• contribute to system congestion by sending trivial messages or unnecessarily copying or forwarding e-mails to others who do not have a real need to receive them; or
• send messages from another person's email address (unless authorised) or under an assumed name.

Data Protection

Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

• used fairly and lawfully
• used for limited, specifically stated purposes
• used in a way that is adequate, relevant and not excessive
• accurate
• kept for no longer than is absolutely necessary
• handled according to people’s data protection rights
• kept safe and secure
• not transferred outside the European Economic Area without adequate protection

When requesting personal data individuals should be told why their data is need and how it is used.   For example, on a membership application form the following statement might be appropriate:

“Data Protection.   Your details are needed for the normal purposes of a governing body, including administration of the membership records, collection of subscriptions, distribution of newsletters and notices and also to enable other members to contact you.   They are held securely on computers in the UK.    They are only disclosed to other members.”

Monitoring

Our systems enable us to monitor email and access to our systems. For business reasons, and in order to carry out legal obligations in our role as an organisation, your use of our systems may be continually monitored by automated software or otherwise.

We reserve the right to retrieve the contents of email messages or check access to our systems as reasonably necessary in the interests of the business, including for the following purposes (this list is not exhaustive):

• to monitor whether the use of the email system or our systems is legitimate and in accordance with this policy;
• to find lost messages or to retrieve messages lost due to computer failure;
• to assist in the investigation of alleged wrongdoing; or
• to comply with any legal obligation.

Prohibited use of our systems

Misuse or excessive personal use of our email system or inappropriate use of our systems will be dealt with under our Grievances, Disciplinary and Appeals Procedure. Misuse of the internet can in some cases be a criminal offence.

Creating, viewing, accessing, transmitting or downloading any of the following material will usually amount to gross misconduct (this list is not exhaustive):

• pornographic material (that is, writing, pictures, films and video clips of a sexually explicit or arousing nature);
• offensive, obscene, or criminal material or material which is liable to cause embarrassment to us or to our clients;
• a false and defamatory statement about any person or organisation;
• material which is discriminatory, offensive, derogatory or may cause embarrassment to others (including material which breaches our Equity Statement or our Equality and Diversity Policy);
• confidential information about us or any of our staff or clients (except as authorised in the proper performance of your duties);
• unauthorised software;
any other statement which is likely to create any criminal or civil liability (for you or us); or
• music or video files or other material in breach of copyright.

Remote working

The SCA recognises that the majority of the organisation’s ICT working takes place remotely using volunteers’ equipment. When working remotely you should:

• Ensure that you have a safe and comfortable place in which to work. See the Health and Safety Executive Display Screen Equipment Workstation Checklist for further details.
• Ensure your computer, laptop, tablet, phone or other device is protected by a password.
• Log out from your device when it is unattended.
• Never put SCA data on a separate storage device (eg a flash drive) unless it is protected by a password.
• Take care when working in public places that confidential data cannot be seen by anyone else.