Data Protection Policy
Introduction
This Information Technology and Communication (‘ICT’) Acceptable Use Policy (‘ICT Policy’) relates to all employees and other authorised individuals associated with Sir Charles Burrell t/a Knepp Castle Estate, Knepp Farm Partnership, Knepp Castle Home Farm, Edward Burrell t/a Knepp Estate B, Knepp Wildland Safaris, Knepp Energy Ltd, Brookhouse Knepp Ltd, Nancy Burrell, Knepp 1983 Settlement and Knepp 1987 Settlement (‘Knepp’).
Knepp’s ICT systems, services and facilities are provided to enable employees and other authorised individuals to perform their jobs effectively and efficiently. The normal use of these systems in pursuit of a Knepp business, within an employee’s authority to act, is allowed. Illegal activity is not allowed.
The purpose of this policy is to identify proper usage and behaviour for KneppICT systems with the overall aim of protecting the rights and privacy of all employees, and the integrity and reputation of Knepp. It should be read in conjunction with the Social Media Policy.
This policy applies to all authorised individuals and employees of Knepp. The principles of the policy will also be applied, as far as is reasonably practicable, to non-employees working at Knepplocations and making use of Knepp ICT systems (e.g. volunteers, contractors, visitors).
The policy sets the minimum common standards of ICT acceptable use. Breaches of the policy will be dealt with under the Disciplinary Policy. Examples of unacceptable activities are set out in Annex A. It is each authorised individual and employee’s responsibility to read, make themselves fully familiar with, and abide by this policy.
1. Principles
- 1.1 Knepp relies on its ICT systems and facilities to carry out its business. All these facilities can be put at risk through improper or ill-informed use, and result in consequences which may be damaging to individuals and their research, the Knepp community and to reputations.
- 1.2 The policy aims to provide clear guidance to all employees concerning the use of Knepp ICT systems and facilities. It provides a framework to;
-
- enable employees to use Knepp facilities with security and confidence;
- help maintain the security, integrity and performance of Knepp ICT systems;
- minimise both the Knepp and individual users’ exposure to possible legal action arising from unauthorised use of the ICT systems;and
- set the minimum standard for acceptable use across all Knepp ICT systems.
- 1.3 Access to Knepp ICT systems and facilities will be granted to employees and other authorised personnel once they have read and understood this policy. Once access is granted, access toKnepp ICT systems and facilities is restricted to work activity directly related to that user. If access to other Knepp ICT systems and facilities is required, the user must request access permission from their line manager.
- 1.4 It is the Knepp’s responsibility to ensure that employees have access to this policy, both on joining and during their employment.
- 1.5 The policy covers use of all ICT systems and facilities provided either directly or indirectly by Knepp or used to conduct Knepp business, whether accessed from a Kneppsite or remotely, in particular:
- the Internet;
- Electronic communications (in all forms) for example e-mail, social media used for business related communication, etc.;
- Electronic bulletin boards and social media;
- File sharing by whatever means; and
- Computing devices (e.g. Desktops, laptops, printers, removable storage devices, mobile devices etc.) and servers;
- Communications equipment (e.g. telephones (land-line and mobiles), faxes and video conferencing).
- 1.6 Any activity that falls outside acceptable use (see Annex A) may result in disciplinary action.Where the activity is deemed to amount to gross misconduct, this will normally lead to summary dismissal. For non-employees, any action maybe discussed with the individual’s management (as appropriate). Any suspected illegal action will be reported to the police.
- 1.7 Non-employees will also be required to comply withthis policy before they have access to Knepp ICT systems and services.
2. Monitoring
- 2.1 Monitoring Statement
2.1.1 Knepp reserves the right to monitor communications;
2.1.2 Knepp employs monitoring techniques on its ICT systems and services, including e-mail and Internet access, to enable usage trends to be identified and to ensure that these facilities are not being misused;
2.1.3 Monitoring is limited, as far as practicable, to the recording and analysis of network traffic data. To this end, the Knepp keeps logs of:- calls made on communications equipment such as telephones: emails sent by e-mail address; and
- internet sites visited by computer system address. In some cases, this means that the identity of the individuals involved in the communication is readily available. Spot-checks are carried out from time to time to help ensure compliance with this policy. Further authorised investigations may be necessary where there is reasonable suspicion of misuse of facilities.
2.1.4 Since Knepp owns and is liable for data held on its communications equipment and systems, it reserves the right, as part of any investigations, to inspect the contents of any e-mails or any other form of communications that are sent or received and of Internet sites accessed, for compliance with this policy. This will only be done where the volume of traffic or the amount of material being downloaded is excessive, or there are grounds to suspect that use is for ‘unacceptable’ or ‘forbidden’ activities (see examples in Annex A).
2.1.5 Exceptionally, where there is a defined and valid reason for doing so, the inspection may include items marked ‘private’ or ‘personal’. An individual’s e-mail and voice-mail accounts may also be accessed by management when the individual is absent from work to ensure official business matters can be effectively dealt with. Management will make a reasonable attempt to inform and obtain agreement from the user prior to this occurring.
2.1.6 Monitoring/investigations of individuals’ use of Knepp’s communications systems may also happen in the following circumstances:- To detect or prevent crime including detecting unauthorised use of systems, protecting against viruses and hackers and fraud investigation;
- To assist in maintaining the security, performance, integrity and availability of the ICT systems, services and facilities; and
- To provide evidence e.g. of a commercial transaction, to establish regulatory compliance, audit, debt recovery, dispute resolution.
2.1.7 Where monitoring is used, confidentiality will be ensured for all investigations involving personal data, except to the extent that wider disclosure is required to follow up breaches, to comply with court orders or to facilitate criminal investigation. Logged data will not normally be retained for more than one year unless required by regulatory compliance Please refer to the KneppPolicy on Data Protection and Privacy Notice.
2.1.8 In addition, management may conduct random audits on the security of the Knepp’s ICT systems. These audits include examination of a small, randomly selected set of user devices and server systems. The audit checks that these systems have correctly licensed software, do not contain inappropriate material and have not been used to access or view inappropriate material that may violate this Policy.
2.1.9 Where monitoring reveals instances of suspected misuse of the ICT systems (e.g. where pornography or other inappropriate material is found, or where substantial time-wasting or other unacceptable/forbidden use is found), these will be investigated through normal disciplinary procedures and may result in dismissal.
3. Private /Personal Use of ICT Systems, Services and Facilities
- 3.1 It is not permitted to use any of Knepp’s ICT for personal use, without express permission fromyourline manager.
4. Social Media
- 4.1 Knepp recognises the value of using social media in work related communication, this is covered in our Social Media Policy which staff and volunteers must read.
5. Policy Review
- 5.1 This policy will be regularly reviewed to incorporate any legislation or regulatory changes.