Barnby Dun Community Association

( Welcome to the ‘Old School’)

 

Barnby Dun Community Association (BDCA)

 Computer Acceptable Use Policy

(Information and ICT Equipment)

Contents

1. Introduction and Scope

2. Aims of Policy

3. Glossary of Terms

4. Responsibilities

5. Internet / intranet

5.1 Acceptable Use

5.2 Prohibited Use

6. Physical Protection

6.1 Information Security

7. Legal Issues

7.1 Data protection Act 1998

7.2 Computer Misuse Act 1990

7.3 Federation Against Software Theft (F.A.S.T.)

7.4 Copyright

1. Introduction and Scope

This policy summarises the controls to be applied that will ensure all users of the BDCA Centre are able to use the computing facilities provided by the BDCA Centre appropriately.

2. Aims of the Policy

The aims of the Policy are to:

  • ensure users at BDCA Centre  are aware of the necessary steps to be taken to ensure the security of equipment and information processed
  • define the criteria and controls that all users at the BDCA Centre must follow to ensure secure, controlled access to information and equipment provided by the BDCA Centre

3. Glossary of Terms

It is necessary to define the terms to be used, for the purposes of this policy,

They are as follows::-

  • Processing means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organising, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data. It is difficult to envisage any activity Involving data that does not amount to processing.
  • Personal Data means data that relates to an individual who can be identified from those data .
  • Third Party means a person (internal or external) or organization that does not have full authorisation to access the information.
  • Information Access means access to information held in any format i.e. paper, electronic, microfiche, CD, DVD, etc.

4. Responsibilities

  • Instructors  and users are responsible for :-Following and complying with the Acceptable Use Policy.:

5. Internet

Below are guidelines to the acceptable and prohibited use of the BDCA Centre’s Internet system.

5.1 Acceptable Use

The following are examples of what is considered to be acceptable use of the Internet:

  • communications.
  • training purposes
  • research
  • It must be noted that the internet is not a secure medium. Users sending their own personal, financial, sensitive or confidential material do so at their own risk and the BDCA Centre accept no responsibility for any loss.
  • The BDCA Centre is not liable for any losses or disputes resulting from on-line banking, shopping or trading in stocks & shares etc. Users participate in theseactivities at their own risk and must indemnify the BDCA Centre against any claim or demand against them as a result of their activities.

    5.2 Prohibited Use

    Abuse of Internet access is contrary to the Acceptable Use Agreement/ Code of Conduct of BDCA Centre.

    The following are examples, within broad limits, of the type of abuse of Internet access:

    • use for private business and / or gain use of the Internet to knowingly transmit, receive or search for material which is unlawful, indecent, objectionable, offensive, obscene, abusive, threatening or defamatory
    • the storage of material downloaded from the Internet on any storage medium (network drive, PC drive, CD, etc.) which is unlawful, indecent, objectionable, offensive, obscene, abusive,threatening or defamatory (accessed either knowingly or inadvertently)
    • publishing personal information, such as the home address, telephone number, or financial data of another person without their consent or without a legal basis to do so
    • accessing, transmitting, receiving or searching for confidential information about another person without their consent or without a legal basis to do so
    • downloading or transmitting copyrighted materials without the permission of the copyright holder.
    • interfering with or disrupting network users, services, security measures or equipment
    • using the network to gain unauthorised entry to another PC on a network
    • any activity that is illegal in any jurisdiction
    • use of the Internet to promote otherwise legal material with which the BDCA Centre concludes, in its sole discretion, it does not want to be associated with in order to protect its reputation and standing, or to protect its elected Members and staff.

    6. Physical Protection

    All BDCA Centre users are responsible for the safety and security of equipment.

    6.1 Information Security

    Information exists in many formats, for example:

    • printed or written on paper
    • stored electronically
    • transmitted by post
    • transmitted using electronic means
    • shown on films
    • spoken in conversation.
    • install software applications in any circumstances without permission from ICT
    • load electronic files onto BDCA Centre equipment from media such as CDs, DVDs, memory sticks, e-mail attachments, the Internet or any other source without authorisation
    • intentionally interfere with the normal operation of the network i.e.uploading computer viruses

    7. Legal Issues

    There is a range of legislation that governs the use of information, ICT equipment and software. The BDCA Centre has no requirement to collect or collate personal information, but are aware the legal requirements to do so.

    7.1 Data Protection Act 1998

    The Data Protection Act 1998 (the Act) governs the use of personal

    information and makes it mandatory for the Instructors using BDCA Centre to take appropriate measures to ensure personal data is processed fairly and lawfully and with due regard to the sensitivity, confidentiality and security of the information.

    The Act provides 8 principles that must be considered when processing

    personal information. These are:

    • personal data shall be processed fairly and lawfully
    • personal data shall be obtained only for one or more specified and lawful purpose, and shall not be further processed in any manner incompatible with that purpose or those purposes
    • personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
    • personal data shall be accurate and, where necessary, kept up to date
    • personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes
    • personal data shall be processed in accordance with the rights of data subjects under the Act
    • appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
    • personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection of the rights and freedoms of data subjects in relation to the processing of personal data

    7.2 Computer Misuse Act 1990

    Instructors and users must be aware of this Act.

    The Act has many considerations but basically makes it illegal to hack into computers. The Act introduced three offences:

    • unauthorised access to computer material (for example out of curiosity)
    • unauthorised access with intent to commit further criminal offences for example fraud or blackmail
    • unauthorised modification of computer material for example to introduce a virus.
  • Any breaches of this Act could potentially lead to criminal action being taken.
  • 7.3 Federation Against Software Theft (F.A.S.T.)

    FAST is the industry body which was formed to protect against software theft. It was founded in 1984 by the software industry and is now supported by over 1,200 companies. Its aims are to prevent software piracy and has a policy of prosecuting anyone found to be breaching copyright law.

    7.4 Copyright

    Copyright exists in many forms e.g. software, documents, reports, books. This material may be available in paper format or electronically via the Internet. The owner of the copyright must be established before downloading or photocopying this type of material.

    Instructors and users shall not:

    • download, copy or transmit any material that is marked as copyright without the expressed permission of the copyright owner
    • knowingly use unlicensed software on the BDCA Centre’s network or equipment.

    Dave Atkinson  BDCA Centre eSafety coordinator.

    22 March 2010