Introduction

BSI People has made email and internet access available to staff as a communication channel and business tool.

Use of email is encouraged because:

Background

The internet is a public network of computers which is, generally speaking, unregulated.

However, the internet should be treated no differently to any other mode of communication (like the telephone and the facsimile). Please apply common sense and remember that:

Observation of Email and Internet Policy

BSI People requires all staff to observe the email and internet policy. The policy may curtail some things which may otherwise be done on the internet but it is no different to any of the other policies or procedures which all staff are required to observe. The policy is designed to enable the company to make the widest possible use of its internet access while at the same time minimising the risk associated with making that access available.

This policy is very detailed, as we want to avoid any misunderstanding about the company’s attitude to the use of this technology.

All employees are to adhere to this policy and use the resources in a professional, ethical and lawful manner.

General

The internet connection is a business facility. It must be used primarily for business purposes (i.e. research and messaging). We expect you to act honestly and to observe all of the external rules and conventions, which govern participation in the internet. Unlawful use will damage the company’s reputation.

As a company resource, BSI People has the right to monitor any and all aspects of its computer systems. This means that nothing an employee accesses, creates, stores, sends or receives on the computer system is private. Consequently, BSI People reserves the right to:

* A Short Guide to the Workplace Surveillance Act 2005 (NSW) September 2005

Generally, the Workplace Surveillance Act 2005 : prohibits the surveillance by employers of their employees at work except where employees have been given notice or where the employer has a covert surveillance authority. The Act restricts and regulates the blocking by employers of emails and Internet access of employees at work. In particular it prevents employers from blocking access to emails or Internet sites because the content relates to industrial matters;

General notice requirements:

Written (or emailed) notice must be given at least 14 days prior to any surveillance commencing, indicating if computer surveillance is to be carried out, how the surveillance will be carried out, when the surveillance will start, whether the surveillance will be continuous or intermittent, and whether the surveillance will be for a specified limited period or ongoing. For new employees notification must be given before they start work.

Additional computer surveillance notice requirements:

Notification: Computer/Internet/email surveillance of an employee must not be carried out unless the surveillance is carried out in accordance with a policy of the employer on computer surveillance of employees at work. The employee must be notified in advance of that policy in such a way that it is reasonable to assume that he or she is aware of and understands the policy. The notification requirements are flexible so that employers can meet them in different ways.

It is not true that the Act prevents or even significantly restricts employers from conducting email and internet surveillance. All the Act requires is that notice of surveillance must be given.

Monitoring and recording: It is also not true that all monitoring or recording of the use of a computer is ‘computer surveillance’. The Act requires there to be ‘surveillance’, as that term is ordinarily understood. Computer surveillance therefore does not cover normal business practices such as back-ups of hard drives, network performance monitoring, software licence monitoring, computer asset tracking, computer asset management or the normal saving of documents, because these are not normally considered to be “surveillance” activities. However, if back-ups, for instance, were to be used to conduct surveillance to facilitate the reading of somebody’s emails, that would need to be notified to employees, otherwise it would be considered to be covert surveillance.

This is a common sense approach to the issue of computer surveillance. There are obviously many functions of a computer that require the recording of activities. Only surveillance activities, such as reading emails, or watching every web site a person goes to, or logging individual keystrokes, or covert observation of everything an employee does on their machine, require notification.

Emails: The Act also places restrictions on the blocking of emails. Employers will be required to give notice to an employee on any occasion when an e-mail message sent by or to the employee is blocked (that is, prevented from reaching its intended recipient). Such notice is not required if the email has been blocked because it was spam, contained a virus, or would be regarded by reasonable persons as being, in all the circumstances, menacing, harassing or offensive (for example, if it is pornography or involved criminal activity or was otherwise unlawful). It will be unlawful for an employer to block an e-mail message, or access to a website: otherwise than in accordance with the employer’s stated policy on e-mail and internet use; or merely because the message or website includes information relating to industrial matters.

Internet access: It is not the case that the provisions in relation to access to information relating to industrial matters will require employers to provide Internet access to employees. Nor will the Act prevent employers from blocking all external Internet access, where previously they allowed such access, unless they do so to prevent their employees obtaining access to industrial information. There may be legitimate business reasons, such as cost considerations, for an employer to not have external Internet access.

Internet Policy

Access – Staff who wish to access the internet from a network computer must use the company’s network connection. No access or attempt to access the internet should be made by using a stand-alone modem or by any other process, which circumvents this policy or the security procedures the company has installed.

Software installation – Staff must not use the company’s internet connection for the purpose of uploading or downloading any software application. Downloading of such application is to be by the network administrator who will take responsibility for confirming that the application is lawful, required and ready for use. Uploading is only needed for system maintenance or development and must only be undertaken by the network administrator.

Purchasing products or services – Some products and services can be purchased via the internet. Other sites are provided on a fee for view or service basis. Any purchases made over the internet are subject to the same approvals as general purchases. Credit card details should not be provided over the internet. Staff who purchase goods or services from the web must do so at their expense and at their own risk (of having their credit card details intercepted and unlawfully used by an unauthorised person).

Web Browsing – Browsing the web must only be undertaken for research, which is being undertaken for business purposes. Bandwidth is required for business use – should you need to use the internet for private purposes this must be approved in advance by the network administrator and a time agreed for access. The company’s internet connection must not be used for the purpose of browsing sites (or disseminating information from those sites), which contain pornographic or offensive images or information.

News Groups – The company’s network must not be used by any member of staff to participate in news groups, bulletin boards, chat rooms etc. It is in this area where the risk of inadvertent disclosure of information that is confidential or inappropriate is most likely to occur and opens the network to virus infection.

Computer viruses – A computer virus constitutes a security and business risk. Employees must not knowingly post, transmit or distribute any material that contains harmful or disruptive components. Email also constitutes a significant risk of viruses being introduced to the network. Anti-viral software has been provided and you must ensure that any attachments to email messages that you receive are scanned before they are opened. Please note that new viruses are continually being discovered and despite our best efforts our virus protection efforts may not be effective. You should discourage senders from forwarding attachments on emails they send to you. Attachments that you do not believe to be work related must not be opened. Suspect emails should be deleted and deleted from the “deleted” mailbox. Please contact the network administrator if you require instructions on how to scan documents for viruses or if you receive a suspect or infected email.

Email Policy

The following conventions apply in relation to the use of the email facility whether the message is sent or received internally or externally.

Complaints procedure

If you receive any email that you consider inappropriate or if it causes you any concern or distress whatsoever, you should report it to either the network administrator or your Manager.

Responding to emails that do not comply with this policy

It is each employee’s responsibility not to make their work email address available unnecessarily, and to ensure that potential senders of emails are aware of our policy. Employees may not have control over emails they receive – on receipt of an email that breaches this policy, the employee must inform the sender that receiving these emails are against the company’s policy. A sample response is below.

“It is against our email policy to receive emails/attachments that aren’t work related, would you please delete my email address and any other @BSI People .com addresses from your list. Private emails for necessary exchange of information are acceptable, but must not include attachments.”

Please inform the network administrator if an email includes pornographic or offence material. If from a business address, the domain holder must also be advised that the site is being used in an inappropriate manner.

Consequences of failure to observe policy

Each employee is expected to fully comply with this policy. Please remember that any breach of this policy could make you subject to the company’s disciplinary procedures or even result in legal proceedings being brought against you. The measures which will be taken will vary according to the breach and the circumstances of the breach. However, the right is reserved to immediately terminate the employment of any staff member who BSI People (in its absolute discretion) regards as being in serious breach of this policy.

Privacy Policy

From 21 December 2001, we are complying with the Privacy Amendment (Private Sector) Act 2000. As you may be aware, this new legislation will protect your right to privacy and ensure that information collected about you will not be used for purposes without your permission.

From this date, recruitment organisations such as BSI People Pty Limited come under the jurisdiction of the National Privacy Principles. This means that you will be able to decide who collects your details, if these details are correct and for what reason they have been collected. At BSI People Pty Limited, our purpose in collecting any information from you is so that we can assist you to achieve your career and business goals and we aim to collect only information that is relevant to your working life.

Therefore, because you have full control of the personal details that you have provided us with, you need to let us know when and if these details change.

What information do we collect?

BSI People Pty Limited collects information about you in order to assist you with your career progression and to supply permanent, temporary and contract staff to our clients. The information falls into different categories:

  1. Personal contact details
    This information – such as telephone, email and address details – are used by BSI People Pty Limited to contact you regarding work opportunities or potential candidate details.
  2. Work life details
    This information – such as computer skills you possess, career history, preferred job types and career goals or company history – are used by BSI People Pty Limited to determine whether or not a particular role or candidate may be of interest to you.

How BSI People Pty Limited stores this information

BSI People Pty Limited stores this information in a secure and confidential manner. We do not reveal, disclose, sell, distribute, licence, rent, pass out or share with any third party any personal information that you may have provided us unless we have your express consent to do so – other than in the circumstances set out below:

  1.  We are required to do so by law
  2.  If we sell our business or part of it

We may use your personal information to…

For more information

On behalf of BSI People Pty Limited, we look forward to assisting you reach your professional goals.