Internet, Email and Communications Policy

You must read this policy because it gives important information about:

  • Conviction’s rules on the use of internet, email, telephone and other communications systems at work, including in relation to confidentiality, security and personal use;
  • how Conviction  monitors the use of those systems;
  • your rights and obligations in relation to data protection;
  • the consequences of failure to comply with this policy; and
  • review and training.

Once you have read and understood this policy, please confirm that you have done so by signing and returning the attached copy to Ryan Jarvis..

Introduction

Conviction recognises that the use of email and internet can save time and expense, and is an important part of the way we work. However, it brings with it certain risks, some of which may involve potential legal and financial liabilities for both Conviction and the individual, eg:

  • inadvertently entering into contracts or commitments on behalf of Conviction;
  • introducing viruses into Conviction’s systems;
  • breaching copyright or licensing rights;
  • breaching data protection rights;
  • breaching confidentiality and security;
  • defamation; and/or
  • bullying, harassment and discriminatory conduct.

This policy aims to guard against those risks. It is therefore important that all staff read the policy carefully and ensure that they use the internet, email and other communication systems in accordance with it. If you are unsure whether something you are about to do complies with this policy, you should seek advice from your line manager.

This policy also explains when Conviction monitors the use of email and the internet and the action Conviction  will take if the terms of this policy are breached.

References in this policy to ‘email’ apply equally to other electronic communications, messaging tools and posts.

Conviction expects its computer and communications systems and equipment to be used in an effective and professional manner, and encourages all staff to develop the necessary skills to achieve this. These systems and equipment are provided by Conviction for the purpose of the business, and to assist staff in carrying out their duties effectively. It is the responsibility of all staff to ensure that these systems and equipment are used for proper business purposes and in a manner that does not compromise Conviction or its staff in any way.

Conviction’s principles of integrity, professionalism and ethical business practice must be applied equally to email and internet use. All staff should consider how their reputation and that of Conviction might be affected by how they communicate and conduct themselves online.

Ryan Jarvis  is responsible for the monitoring and implementation of this policy. Any questions about the content or application of this policy or other comments should be referred to Ryan Jarvis.

Scope

This policy applies to all staff, including employees, workers, temporary and agency workers, interns, volunteers and apprentices, and to consultants and other contractors who have access to Conviction computers and other communications systems. It also applies to personal use of Conviction’s systems and equipment in any way that reasonably allows others to identify any individual as associated with Conviction.

This policy applies to the use of Conviction email, telephone and internet systems both in the workplace and from outside it, eg via remote access. It also applies to the use of a Conviction laptop, tablet, mobile phone, smartphone or personal digital assistant (PDA).

All staff must be familiar with this policy and comply with its terms.

Staff should also refer to Conviction’s data protection policy and data protection privacy notice and, where appropriate, to its other relevant policies including in relation to social media, information security, data retention and bring your own device (BYOD).

The Chief Executive Officer is responsible for this policy.

This policy has been drafted with the assistance of a representative of the board of members to ensure that it is clear and easy to understand. We will review and update this policy regularly in accordance with changes in technology and the law, and current business practice. It does not form part of any employee’s contract of employment and we may amend, update or supplement it from time to time. We will circulate any new or modified policy to staff before it is adopted.

Use of Conviction’s computer systems

Staff may use Conviction’s computer systems (including equipment) for authorised purposes only, i.e. for the purposes of Conviction’s business or in accordance with paragraphs 6, 8 and 11 (permitted personal use). If you wish to use Conviction’s systems or equipment for another purpose, you must obtain express permission from your supervisor before doing so.

Use of Conviction’s systems for commercial purposes other than those of Conviction’s business is strictly prohibited.

To reduce the risk to Conviction’s  systems or network of virus infections, hacking and other unauthorised access attempts, you may only access Conviction’s systems or network as follows:

  • from your workplace or other Conviction  premises, using authorised equipment only;
  • remotely, via broadband, dial up, etc using authorised equipment via secure means, eg VPN software only; or
  • remotely, using unauthorised equipment, eg your home computer or an internet café terminal, via Proton VPN only.

Conviction licenses software from a number of sources. Conviction does not own that software and must comply with any restrictions or limitations on use, in accordance with its licence agreements. All staff must adhere to the provisions of any software licence agreements to which Conviction is party.

Staff must not use any software owned or licensed by Conviction for any purpose other than those of Conviction’s business without express permission from the Chief Executive Officer  or as otherwise permitted by the terms of this policy.

Staff must not copy, download or install any software without first obtaining express permission from Ryan Jarvis.

Email use—general

All communications, including email, should reflect the highest professional standards at all times. In particular, all staff must:

  • keep messages brief and to the point;
  • check emails carefully before sending, including spelling and grammar;
  • ensure that all emails sent from Conviction include the current disclaimer wording;
  • ensure that an appropriate heading is inserted in the subject field; and
  • check the recipient(s) before pressing the send button—not only can it be embarrassing if a message is sent to the wrong person, it can also result in the unintentional disclosure of confidential information about Conviction, a client or other third parties.

Staff must not send messages from another person’s email address (unless authorised in the proper performance of their duties), or under an assumed name.

Staff must not send or post messages or material that are offensive, obscene, defamatory or otherwise inappropriate in the work environment. This includes, but is not limited to messages that:

  •  are inconsistent with Conviction’s Equality policy and/or Harassment and bullying policy;
  • criticise Conviction’s competitors or their staff;
  • suggest that there are quality problems with goods or services of suppliers, or clients; or
  • state that anyone is incompetent.

Staff must not send or post any message or material which could be regarded by the recipient or any other person as personal, potentially offensive or frivolous.

Equally, if you receive a message that is offensive, obscene, defamatory or inappropriate in the work environment, you must delete it immediately and not forward it to any internal or external recipient, other than internally to [email protected] in order to report a breach of this or another Conviction policy.

Staff should not send or post anything in an email that they would not be comfortable writing (or someone else reading) in a letter. Emails leave a retrievable record and, even when deleted, can be recovered from Conviction’s back-up system or an individual’s computer. They are admissible as evidence in legal proceedings and have been used successfully in libel and discrimination cases, and they can also be reviewed by regulators.

Staff must not create congestion on Conviction’s systems or network by sending trivial messages, by unnecessary copying or forwarding of messages to recipients who do not need to receive them, or by sending or forwarding chain mail, junk mail, cartoons, jokes or gossip.

Staff must use a Conviction  email address for sending and receiving work-related emails and must not use their own personal email accounts to send or receive emails for the purposes of Conviction’s business. Staff must not send (inside or outside work) any message in Conviction’s name unless it is for an authorised, work-related purpose.

Staff must not send unsolicited commercial emails to persons with whom the individual does not have a prior relationship without the express permission of the relevant manager.

Emails must not use Conviction’s logos or other branding material without the approval of the Chief Executive Officer or your supervisor.

Emails must not provide references, recommendations or endorsements for any third party, unless expressly authorised by the Chief Executive Officer.

Emails containing personal data or special categories of personal data may be retained only in accordance with Conviction’s records retention policy. Client -related emails should be printed and filed within 48 hours of receipt or attached to the Clio document management system within 48 hours of receipt. Emails will generally be stored on the Conviction  server for the duration of a matter, after which they will be permanently deleted. If an individual needs to keep any emails beyond this date that are not client-related, these should be stored on Sharepoint.

Staff must be vigilant when using the Conviction email system. Computer viruses are often sent by email and can cause significant damage to Conviction’s information systems or network. Be particularly cautious in relation to unsolicited emails from unknown sources.

If any individual suspects that an email may contain a virus, they should not reply to it, open any attachments to it or click on any links in it and must contact [email protected] immediately for advice.

Emails—confidentiality

Staff should not assume that emails sent or received internally or externally are private and confidential, even if marked as such. Email is not a secure means of communication and third parties may be able to access or alter messages that have been sent or received.

Do not send any information in an email which you would not be happy being publicly available. Matters of a sensitive or personal nature should not be transmitted by email unless absolutely unavoidable and if so, should be clearly marked in the message header as highly confidential. The confidentiality of internal communications can only be ensured if they are included in a password-protected or encrypted online document.

Emails should be treated as non-confidential. Anything sent through the internet passes through a number of different computer systems, all with different levels of security. The confidentiality of messages may be compromised at any point along the way unless the messages are properly encrypted.

Staff should refer to the Staff or Volunteer Handbook for details of the types of information that Conviction  regards as confidential and which should be treated with particular care.

Lists of contacts compiled by staff during the course of their employment and stored on the Conviction  email application, information manager and/or other Conviction database(s) (irrespective of how they are accessed) belong to Conviction. Such lists may not be copied or removed by staff for use outside their employment or after their employment ends.

Emails—personal use

Although the email system is primarily for business use, the organisation understands that staff may occasionally need to send or receive personal emails while at work.

The sending of personal emails using the work email address is therefore permitted.

When sending personal emails using the work email address, employees should show the same care as when sending work-related emails.

Reasonable personal use of the Company’s systems or network to send personal email is also permitted, provided that it does not interfere with the performance of any individual’s duties and the terms of this policy are strictly adhered to. We reserve the right, at our absolute discretion, to withdraw this privilege at any time and/or to restrict access for personal use.

Emails—monitoring

Conviction may monitor the email and instant messaging systems or network in the workplace for the following reasons:

  • to determine whether they are communications relevant to the carrying on of Conviction’s relevant activities;
  • if the individual is absent from work, to check communications for business calls to ensure the smooth running of the business;
  • to record transactions;
  • where Conviction suspects that the individual is sending or receiving messages that are:
    • detrimental to Conviction;
    • in breach of the individual’s contract, or this policy;
    • in breach of data protection rights;
  • to monitor staff conduct;
  • to investigate complaints, grievances or criminal offences.

When monitoring incoming or outgoing emails, Conviction will, unless exceptional circumstances apply:

  • look at the sender or recipient of the email and the subject heading only; and
  • avoid opening emails marked ‘Private’ or ‘Personal’.

Conviction uses a data loss prevention (DLP) tool to monitor outgoing email traffic, looking at the intended recipient of the email and the subject heading only. If a potential data breach is identified, where possible the sender will be warned before transmission and given the option of cancelling the transmission.

Conviction will only intercept (ie open) outgoing or incoming emails, received emails, sent emails and draft emails where relevant to the carrying on of Conviction’s business and where necessary:

  • to determine whether the message is relevant to the carrying on of Conviction’s business;
  • to establish the existence of facts;
  • to check whether regulatory or self-regulatory practices or procedures to which Conviction or its staff are subject have been complied with, ie to detect unauthorised use of the system;
  • to check whether staff using the system in the course of their duties are achieving the standards required of them;
  • for the purpose of investigating or detecting the unauthorised use of the system;
  • for the purpose of preventing or detecting crime; or
  • for the effective operation of the telecommunication system.

The content of emails will be examined only in exceptional circumstances, initially by the Chief Executive Officer. The information obtained through monitoring may be shared internally, with members of the Conviction Board, or your line manager/supervisor, if access to the information is necessary for the performance of their roles. Information will usually only be shared in this way where the IT security team believes there may have been a breach of the individual’s contract or this Policy.

Telephones—personal use

Although the telephone system is primarily for business use, the organisation understands that staff may occasionally need to make or receive personal telephone calls while at work. The making or receiving of personal telephone calls while at work using the Conviction telephone system and/or your personal mobile phone is therefore permitted.

 Personal use must meet these conditions (in addition to those set out elsewhere in this policy):

  • personal use must be minimal (both in terms of time spent and frequency) and reasonable and must take place mainly outside normal working hours, ie during lunch or other breaks, or before and after work;
  •  it must not affect the job performance of any member of staff or otherwise interfere with Conviction’s business;
  • it must not commit Conviction to any marginal costs; and
  • you may not use the telephone during working hours to perform work for yourself or another employer, or to look for work; or
  • you may not communicate confidential information other than in the course of your duties, or act in a way that is detrimental to Conviction.

The Conviction telephone system may not be used for premium rate or international calls unless expressly authorised by the individual’s manager.

Telephones—monitoring

Conviction may monitor the use of its telephone system, and Conviction mobile phones (including smartphones) for the following reasons:

  •  if the individual is absent from work, to check communications (including the individual’s voicemail) for business calls to ensure the smooth running of the business;
  • to record transactions;
  • where Conviction suspects that the individual is acting in a way that is;
    • detrimental to Conviction;
    • in breach of the individual’s contract, or this Policy;
    • in breach of data protection rights;
  • to monitor staff conduct;
  • to investigate complaints, grievances or criminal offences.

When monitoring telephones, Conviction will, unless exceptional circumstances apply, look at the numbers from which calls are received and the numbers dialled and the duration and frequency of calls.

Conviction will only intercept (ie listen to) telephone calls or saved messages where relevant to the carrying on of Conviction’s business and where necessary:

  • to determine whether the message is in fact relevant to the carrying on of Conviction’s business;
  • to establish the existence of facts;
  • to check whether regulatory or self-regulatory practices or procedures to which Conviction or its staff are subject have been complied with, ie to detect unauthorised use of the system;
  • to check whether staff using the system in the course of their duties are achieving the standards required of them;
  • for the purpose of investigating or detecting the unauthorised use of the system;
  • for the purpose of preventing or detecting crime; or
  • for the effective operation of the telecommunication system.

Telephone calls will be intercepted only in exceptional circumstances, initially by the Chief Executive Officer. The information obtained through monitoring may be shared internally, with members of the Conviction Team, your line manager or supervisor, if access to the information is necessary for the performance of their roles. Information will usually only be shared in this way where the IT security team believes there may have been a breach of the individual’s contract or this Policy.

Internet—general

Access to the internet during working time is primarily for matters relating to your work duties and employment. Reasonable, limited personal use of the internet is permitted in accordance with paragraph 11.

Any unauthorised use of the internet is strictly prohibited. Unauthorised use includes (but is not limited to):

  • creating, viewing or accessing any webpage, or posting, transmitting or downloading any image, file or other information that is unrelated to your employment and, in particular, which could be regarded as pornographic, illegal, criminal, offensive, obscene, in bad taste or immoral and/or which is liable to cause embarrassment to Conviction or to our clients and/or suppliers;
  • engaging in computer hacking and/or other related activities; and
  • attempting to disable or compromise security of information contained on Conviction’s systems or network or those of a third party.

Staff are reminded that such activity may also constitute a criminal offence.

Postings placed on the internet may display Conviction’s address. For this reason, staff should make certain before posting information that the information reflects the standards and policies of Conviction. Under no circumstances should information of a confidential or sensitive nature be placed on the internet. Staff must not use Conviction’s name in any internet posting (inside or outside work) unless it is for a work-related purpose.

Information posted or viewed on the internet may constitute published material.

Therefore, reproduction of information posted or otherwise available over the internet may be done only by express permission from the copyright holder. Staff must not act in such a way as to breach copyright or the licensing conditions of any internet site or computer program.

Staff must not commit Conviction to any form of contract through the internet without the express permission of their manager.

 Subscriptions to news groups, mailing lists and social networking websites are permitted only when the subscription is for a work-related purpose. Any other subscriptions are prohibited.

Conviction  may block or restrict access to any website at its discretion.

Internet—personal use

Reasonable personal use of Conviction’s systems or network to browse the internet is allowed provided that it does not interfere with the performance of any individual’s duties and the terms of this policy are strictly adhered to. Conviction reserves the right, at its absolute discretion, to withdraw this privilege at any time and/or to restrict access for personal use.

Personal use must meet these conditions (in addition to those set out elsewhere in this policy):

  • personal use must be minimal (both in terms of time spent and frequency) and reasonable and should take place mainly outside normal working hours, ie during lunch or other breaks, or before and after work;
  • personal use must not affect the job performance of any member of staff or otherwise interfere with Conviction’s business; and
  • it must not commit Conviction to any marginal costs.

Internet—monitoring

Conviction may monitor internet usage (including searches made, the IP addresses of sites visited, and the duration and frequency of visits) if Conviction suspects that the individual has been using the internet in breach of the individual’s contract or this policy, eg:

  • by viewing material that is pornographic, illegal, criminal, offensive, obscene, in bad taste or immoral and/or which is liable to cause embarrassment to Conviction or to its clients;
  • by spending an excessive amount of time viewing websites that are not work-related.

Monitoring may include internet usage at the workplace, internet usage outside the workplace during working hours using Conviction systems or network and internet usage using hand-held or portable electronic devices.

Monitoring will normally be conducted by Conviction’s IT security team. The information obtained through monitoring may be shared internally, with members of the Conviction Team, your line manager and/or supervisor, if access to the information is necessary for the performance of their roles. Information will usually only be shared in this way where the IT security team believes there may have been a breach of the individual’s contract or this Policy.

Passwords and security

Each individual is personally responsible for the security of all equipment allocated to or used by them. An individual must not allow equipment allocated to that person to be used by any other person other than in accordance with this policy.

Each individual must use passwords on all IT equipment allocated to them, must keep any password allocated to them confidential and must change their password regularly.

No individual may use another person’s username and/or password to access Conviction’s systems or network, nor may any individual allow any other person to use their password(s). If it is anticipated that someone may need access to an individual’s confidential files in their absence, that individual should arrange for the files to be copied to a network location that is properly secure where the other person can access them or give the person temporary access to the relevant personal folders.

All staff must log out of Conviction’s system or lock their computer when leaving their desk for any period of time. All staff must log out and shut down their computer at the end of the working day.

Company systems and data security

Any files or software downloaded from the internet or brought from home must be virus-checked before use. Staff should not rely on their own computer to virus check any such programs but should refer directly to the IT Security Team.

You must not connect any personal computer, mobile phone, laptop, tablet, USB storage device or other device to Conviction’s systems or network without express prior permission from the IT Security Team. Any permitted equipment must have up-to-date anti-virus software installed on it and Conviction may inspect such equipment in order to verify this.

You must not run any ‘.exe’ files, particularly those received via email, unless authorised to do so in advance by the IT Security Team. Unauthorised files should be deleted immediately upon receipt without being opened.

You must not access or attempt to access any password-protected or restricted parts of Conviction’s systems or network for which you are not an authorised user.

You must inform [email protected] immediately if you suspect your computer may have a virus, and you must not use the computer again until informed it is safe to do so.

All laptop, tablet, smartphone and mobile phone users should be aware of the additional security risks associated with these items of equipment. All such equipment must be locked away in a secure location if left unattended overnight.

Prohibited use and breach of this policy

Conviction considers this policy to be extremely important. Any breach of the policy will be dealt with under Conviction’s Code of conduct and dismissal and disciplinary procedure. In certain circumstances, breach of this policy may be considered gross misconduct and may result in immediate termination of employment or engagement without notice or payment in lieu of notice. In addition, or as an alternative, Conviction  may withdraw an individual’s internet and/or email access.

Examples of matters that will usually be treated as gross misconduct include (this list is not exhaustive):

  • unauthorised use of the internet as outlined in paragraph 10.2 above;
  • creating, transmitting or otherwise publishing any false and defamatory statement about any person or organisation;
  • creating, viewing, accessing, transmitting or downloading any material which is discriminatory or may cause embarrassment to other individuals, including material which breaches the principles set out in Conviction’s Equality policy and/or Harassment and bullying policy;
  • accessing, transmitting or downloading any confidential information about Conviction and/or any of our staff and/or clients, except where authorised in the proper performance of your duties;
  • accessing, transmitting or downloading unauthorised software; and
  • viewing, accessing, transmitting or downloading any material in breach of copyright.

Alert: Help us improve our website

Get in touch to ask a question, report a problem or suggest an improvement to the Conviction team. Provide Feedback

Last Updated 20th September 2021