Privacy Policy

Introduction

BSI People has made email and internet access available to staff as a communication channel and business tool.

Use of email is encouraged because:

It facilitates and speeds up communication;
It reduces the cost of postage and stationery; and
It speeds up turn around and processing time.

Background

The internet is a public network of computers which is, generally speaking, unregulated.

However, the internet should be treated no differently to any other mode of communication (like the telephone and the facsimile). Please apply common sense and remember that:

“Publication” of original, or copying of existing, material is very easy (a mere hit of the “send” button). This means that there is no opportunity for you to have second thoughts about the dispatch of your message because the message cannot be unsent;
The chatty or familiar style with which many internet users address each other will not prevent the laws of defamation, breach of confidence and the like applying;
E-mail messages can be intercepted (both lawfully and unlawfully) between a sender’s and recipient’s computer networks; and
The sender of an e-mail message has no control over the route taken by the message; has no guarantee that the message will be received in the form in which it was sent (if at all); and, if received, has no guarantee that the message has been read by the intended recipient.

Observation of Email and Internet Policy

BSI People requires all staff to observe the email and internet policy. The policy may curtail some things which may otherwise be done on the internet but it is no different to any of the other policies or procedures which all staff are required to observe. The policy is designed to enable the company to make the widest possible use of its internet access while at the same time minimising the risk associated with making that access available.

This policy is very detailed, as we want to avoid any misunderstanding about the company’s attitude to the use of this technology.

All employees are to adhere to this policy and use the resources in a professional, ethical and lawful manner.

General

The internet connection is a business facility. It must be used primarily for business purposes (i.e. research and messaging). We expect you to act honestly and to observe all of the external rules and conventions, which govern participation in the internet. Unlawful use will damage the company’s reputation.

As a company resource, BSI People has the right to monitor any and all aspects of its computer systems. This means that nothing an employee accesses, creates, stores, sends or receives on the computer system is private. Consequently, BSI People reserves the right to:

Intercept and view email messages sent from or received by the company’s network (both external and internal);
Monitor the network activity of staff including web sites visited by staff; and
Inspect any files (including email and logs) stored in any part of the computer network.
Any surveillance of computer/email or internet in the workplace will be undertaken in accordance with the Workplace Surveillance Act 2005 (NSW) September 2005.*

* A Short Guide to the Workplace Surveillance Act 2005 (NSW) September 2005

Generally, the Workplace Surveillance Act 2005 : prohibits the surveillance by employers of their employees at work except where employees have been given notice or where the employer has a covert surveillance authority. The Act restricts and regulates the blocking by employers of emails and Internet access of employees at work. In particular it prevents employers from blocking access to emails or Internet sites because the content relates to industrial matters;

General notice requirements:

Written (or emailed) notice must be given at least 14 days prior to any surveillance commencing, indicating if computer surveillance is to be carried out, how the surveillance will be carried out, when the surveillance will start, whether the surveillance will be continuous or intermittent, and whether the surveillance will be for a specified limited period or ongoing. For new employees notification must be given before they start work.

Additional computer surveillance notice requirements:

Notification: Computer/Internet/email surveillance of an employee must not be carried out unless the surveillance is carried out in accordance with a policy of the employer on computer surveillance of employees at work. The employee must be notified in advance of that policy in such a way that it is reasonable to assume that he or she is aware of and understands the policy. The notification requirements are flexible so that employers can meet them in different ways.

It is not true that the Act prevents or even significantly restricts employers from conducting email and internet surveillance. All the Act requires is that notice of surveillance must be given.

Monitoring and recording: It is also not true that all monitoring or recording of the use of a computer is ‘computer surveillance’. The Act requires there to be ‘surveillance’, as that term is ordinarily understood. Computer surveillance therefore does not cover normal business practices such as back-ups of hard drives, network performance monitoring, software licence monitoring, computer asset tracking, computer asset management or the normal saving of documents, because these are not normally considered to be “surveillance” activities. However, if back-ups, for instance, were to be used to conduct surveillance to facilitate the reading of somebody’s emails, that would need to be notified to employees, otherwise it would be considered to be covert surveillance.

This is a common sense approach to the issue of computer surveillance. There are obviously many functions of a computer that require the recording of activities. Only surveillance activities, such as reading emails, or watching every web site a person goes to, or logging individual keystrokes, or covert observation of everything an employee does on their machine, require notification.

Emails: The Act also places restrictions on the blocking of emails. Employers will be required to give notice to an employee on any occasion when an e-mail message sent by or to the employee is blocked (that is, prevented from reaching its intended recipient). Such notice is not required if the email has been blocked because it was spam, contained a virus, or would be regarded by reasonable persons as being, in all the circumstances, menacing, harassing or offensive (for example, if it is pornography or involved criminal activity or was otherwise unlawful). It will be unlawful for an employer to block an e-mail message, or access to a website: otherwise than in accordance with the employer’s stated policy on e-mail and internet use; or merely because the message or website includes information relating to industrial matters.

Internet access: It is not the case that the provisions in relation to access to information relating to industrial matters will require employers to provide Internet access to employees. Nor will the Act prevent employers from blocking all external Internet access, where previously they allowed such access, unless they do so to prevent their employees obtaining access to industrial information. There may be legitimate business reasons, such as cost considerations, for an employer to not have external Internet access.

Internet Policy

Access – Staff who wish to access the internet from a network computer must use the company’s network connection. No access or attempt to access the internet should be made by using a stand-alone modem or by any other process, which circumvents this policy or the security procedures the company has installed.

Software installation – Staff must not use the company’s internet connection for the purpose of uploading or downloading any software application. Downloading of such application is to be by the network administrator who will take responsibility for confirming that the application is lawful, required and ready for use. Uploading is only needed for system maintenance or development and must only be undertaken by the network administrator.

Purchasing products or services – Some products and services can be purchased via the internet. Other sites are provided on a fee for view or service basis. Any purchases made over the internet are subject to the same approvals as general purchases. Credit card details should not be provided over the internet. Staff who purchase goods or services from the web must do so at their expense and at their own risk (of having their credit card details intercepted and unlawfully used by an unauthorised person).

Web Browsing – Browsing the web must only be undertaken for research, which is being undertaken for business purposes. Bandwidth is required for business use – should you need to use the internet for private purposes this must be approved in advance by the network administrator and a time agreed for access. The company’s internet connection must not be used for the purpose of browsing sites (or disseminating information from those sites), which contain pornographic or offensive images or information.

News Groups – The company’s network must not be used by any member of staff to participate in news groups, bulletin boards, chat rooms etc. It is in this area where the risk of inadvertent disclosure of information that is confidential or inappropriate is most likely to occur and opens the network to virus infection.

Computer viruses – A computer virus constitutes a security and business risk. Employees must not knowingly post, transmit or distribute any material that contains harmful or disruptive components. Email also constitutes a significant risk of viruses being introduced to the network. Anti-viral software has been provided and you must ensure that any attachments to email messages that you receive are scanned before they are opened. Please note that new viruses are continually being discovered and despite our best efforts our virus protection efforts may not be effective. You should discourage senders from forwarding attachments on emails they send to you. Attachments that you do not believe to be work related must not be opened. Suspect emails should be deleted and deleted from the “deleted” mailbox. Please contact the network administrator if you require instructions on how to scan documents for viruses or if you receive a suspect or infected email.

Email Policy

The following conventions apply in relation to the use of the email facility whether the message is sent or received internally or externally.

Legal status – Email has the same legal status as a letter or any other written communication. All emails sent must include the standard email signature which includes company name, contact details and disclaimer.
Standards of communication – Email is a formal means of communication. Take care to ensure the same standards of language, expressions and accuracy are maintained in emails as applies to other forms of written communication.
Private use – Email is a company resource and, like the telephone, personal use should be kept to a minimum. Short emails for the purpose of a necessary exchange of information are acceptable. Chain emails, jokes, non-work related attachments, long, numerous or frequent private emails are not acceptable.
Addressing – Email messages must be addressed on a ‘need to know’ basis. Recipients of am e-mail message should be selected carefully to reflect real interest in the content of the message. Sending copies of a message to uninterested recipients wastes their time.
Confidentiality – Documents should not be sent by email if it is desirable or necessary to keep information confidential.
Inappropriate email – Staff must not send any communication by email which:
Defames any person or company or other entity;
Breaches any confidence;
Contains any representation which is not accurate;
Contains any promise or undertaking on behalf of the company unless the content has been approved;
Contains any inappropriate language;
Contains language that any likely readers (including the intended recipient) might find offensive;
Contains comments, statements or language that may be considered discriminatory or harassing by any likely reader;
Makes any demand or allegation which makes any threat which cannot be sustained;
Contains any content that would cause that individual or the company to be in breach of any legislation (including the Trade Practices ACT 1974) or where that content of the transmission of such content is illegal under Australian law;
Disseminates any thing received by the user or found by the user while browsing on the internet which any recipient is likely to find offensive;
Represent any personal opinion as the opinion of the company;
Transmits any file or other material in which intellectual property rights reside without the prior written consent of the owner of that file or those intellectual property rights; and
Has excessively large files attached to it (i.e. over 1 megabyte).
Reading email – All incoming email is to be read as soon as possible after it is received. Any email which is incorrectly received by a recipient must be immediately forwarded onto the intended recipient. Reading and responding to email messages should be managed as part of your overall time management.
Other staff’s email - Staff should respect the privacy of other staff members and not access another staff member’s email records unless permitted to do so.
Downloading documents – Any files downloaded via the internet become the property of BSI People.
Maintenance – delete messages when no longer needed. Delete attachments that you will not use again from your received and sent mail as all attached files are stored on the server. If you do need the attachment save it in an appropriate directory
Copyright – Staff members must not knowingly breach another person’s copyright. Care must be taken when using material taken from the web that any other person’s copyright or other intellectual property rights are not infringed. Remember that those rights exist in relation to written documents, images, photographs and sound recordings. Copyright in all written materials brought into existence by a staff member during the course of their employment belongs to Learned Friends.
Trade Practices – Trade Practices Act 1974. You must not engage in any activities or make any communication that would expose you or the company to penalties under that act. If you require any further information in this regard please contact the Company Secretary.
Unlawful use of computer equipment – Computer equipment must not be used for any purpose which is unlawful in Australia or elsewhere (including but not limited to hacking into another computer network or intercepting messages). The company’s computer equipment and/or the internet access must not be used to knowingly cause damage to (or disable) the company’s computer system or any other computer or computer networks.
Security systems – Employees must not circumvent or attempt to circumvent any system designed to protect the security or integrity of the company’s computer network or any other computer network.
Identification – Staff members must identify themselves accurately and completely when using the company’s internet connection.
Passwords – Any staff member’s password must not be disclosed to any person. Where it is necessary to your to keep a record of your password, please store it in a secure location.
Publication – You must not use the web to publish any information about the company, its services or staff, unless authorised to do so.
Evidence – Even when you delete emails, a record of the transmitted message may remain on the computer system or be retained on the recipient’s computer system. Subpoenas have been issued in some court cases ordering companies to produce “deleted” emails for use as evidence.

Complaints procedure

If you receive any email that you consider inappropriate or if it causes you any concern or distress whatsoever, you should report it to either the network administrator or your Manager.

Responding to emails that do not comply with this policy

It is each employee’s responsibility not to make their work email address available unnecessarily, and to ensure that potential senders of emails are aware of our policy. Employees may not have control over emails they receive – on receipt of an email that breaches this policy, the employee must inform the sender that receiving these emails are against the company’s policy. A sample response is below.

“It is against our email policy to receive emails/attachments that aren’t work related, would you please delete my email address and any other @BSI People .com addresses from your list. Private emails for necessary exchange of information are acceptable, but must not include attachments.”

Please inform the network administrator if an email includes pornographic or offence material. If from a business address, the domain holder must also be advised that the site is being used in an inappropriate manner.

Consequences of failure to observe policy

Each employee is expected to fully comply with this policy. Please remember that any breach of this policy could make you subject to the company’s disciplinary procedures or even result in legal proceedings being brought against you. The measures which will be taken will vary according to the breach and the circumstances of the breach. However, the right is reserved to immediately terminate the employment of any staff member who BSI People (in its absolute discretion) regards as being in serious breach of this policy.

From 21 December 2001, we are complying with the Privacy Amendment (Private Sector) Act 2000. As you may be aware, this new legislation will protect your right to privacy and ensure that information collected about you will not be used for purposes without your permission.

From this date, recruitment organisations such as BSI People Pty Limited come under the jurisdiction of the National Privacy Principles. This means that you will be able to decide who collects your details, if these details are correct and for what reason they have been collected. At BSI People Pty Limited, our purpose in collecting any information from you is so that we can assist you to achieve your career and business goals and we aim to collect only information that is relevant to your working life.

Therefore, because you have full control of the personal details that you have provided us with, you need to let us know when and if these details change.

What information do we collect?

BSI People Pty Limited collects information about you in order to assist you with your career progression and to supply permanent, temporary and contract staff to our clients. The information falls into different categories:

Personal contact details
This information – such as telephone, email and address details – are used by BSI People Pty Limited to contact you regarding work opportunities or potential candidate details.
Work life details
This information – such as computer skills you possess, career history, preferred job types and career goals or company history – are used by BSI People Pty Limited to determine whether or not a particular role or candidate may be of interest to you.

How BSI People Pty Limited stores this information

BSI People Pty Limited stores this information in a secure and confidential manner. We do not reveal, disclose, sell, distribute, licence, rent, pass out or share with any third party any personal information that you may have provided us unless we have your express consent to do so – other than in the circumstances set out below:

We are required to do so by law
If we sell our business or part of it

We may use your personal information to…

Contact you in regard to a career, work or business opportunity
Inform you of changes we are offering our clients and / or candidates such as those concerning our business practices or the Privacy Act

For more information

On these principles, view privacy act
On the Australian Privacy Commission, click here

On behalf of BSI People Pty Limited, we look forward to assisting you reach your professional goals.

Your Privacy