Use of IT and email communications policy

This is The Highland Cattle Society SCIO policy on the use of computers, networks, electronic communications and related activities using the computer system.

The “Computer System” includes but is not limited to electronic and computing devices, personal computers laptops, communication networks, e-mail accounts, personal storage areas, documents, USB storage devices, web pages, social media, network access and telecommunications facilities (including fixed and mobile telephones) and related services (including business cameras), used to conduct the Highland Cattle Society SCIO business or interact with internal networks and business systems, whether owned by the The Highland Cattle Society SCIO or a third party.

All users of any part of the computer system are responsible for reading and understanding this policy.

It is important that all users act responsibly and with integrity in relation to their use of the Computer System and this policy sets out those expectations.

About this policy

Access to and use of the Computer System is a privilege granted to all The Highland Cattle Society SCIO workers. The Highland Cattle Society SCIO reserves the right to deny, limit, restrict, revoke or extend computing privileges and access to the computer system in its absolute discretion.

In addition, breaches of this policy may result in The Highland Cattle Society SCIO taking disciplinary action against you, which may lead to immediate dismissal. Where appropriate, The Highland Cattle Society SCIO may also refer any breaches to any relevant authority.

Who does this policy apply to?

This policy applies to all The Highland Cattle Society SCIO workers. For the purposes of this policy, "worker" means all of The Highland Cattle Society SCIO's permanent and temporary employees, and any other individuals who are working for any The Highland Cattle Society SCIO entity but are not directly employed, including Trustees, company officers, consultants, contractors, volunteers, contracted hauliers and their employees, work experience candidates and agency workers. Use of the term "worker" is not to be taken to imply that any particular individual has employment status with the company. When we refer to “you” in this policy, we mean each individual worker.

This policy does not form part of an employee’s contract of employment and may be changed at any time.

Electronic communications

All emails, messages, data files and programs stored in or transmitted via the Computer System (“Electronic Communications”) are the property of The Highland Cattle Society SCIO.

The Highland Cattle Society SCIO reserve the right to access use and disclose all Electronic Communications for such purposes as it deems reasonably necessary in accordance with The Highland Cattle Society SCIO data protection policies. This includes any Electronic Communications on any part of the Computer System.

Responsibility for this policy

It is the responsibility of all workers to comply with this policy and to notify The Highland Cattle Society SCIO Treasurer of any concerns, complaints or suspected breach of this policy details of which are set out in Appendix I to this policy. All workers are expected to cooperate with the Treasurer in the operation of the Computer System, as well as investigation into the use, misuse or abuse of the Computer System.

All workers are responsible for the success of this policy and should ensure that they take the time to read and understand it.

Responsible IT and e-mail communications practice

The following sections provide workers with common sense guidance on IT and Electronic Communications:

1. Computer accounts

Computer accounts are issued to The Highland Cattle Society SCIO workers, and other individuals at the discretion of the Treasurer, for The Highland Cattle Society SCIO purposes. These accounts are primarily for The Highland Cattle Society SCIO business purposes; however, personal use in the case of an emergency is acceptable.

In addition, limited, occasional or incidental use (as defined by The Highland Cattle Society SCIO) of the Electronic Communications and Computer Systems during breaks and outside working hours is permitted provided that such activities do not amount to a significant distraction or disruption to other users.

2. Security and proprietary information

Every computer account issued by The Highland Cattle Society SCIO is the responsibility of the person in whose name it is issued. That individual must keep the account secure from unauthorised access by keeping the password secret, by changing the password regularly, and by reporting to the Treasurer when anyone else is using the account without permission. All passwords must comply with the Password Policy set out in Appendix I to this policy.

You must lock the screen or log off when the device is unattended. Workers must use extreme caution when opening e-mail attachments received from unknown senders, which may contain malware.

3. Improper use of the Computer System

Improper use of the Computer System is prohibited. The following are examples of improper use of the Computer System:

Prohibited types of material: Viewing, storing, transmitting, sending or printing any of the following types of Electronic Communications or files on the Computer System:

• Material that infringes upon the rights of another person

• Material of a pornographic, sexual, obscene, offensive, violent, ethnically, racially or religiously offensive, annoying, abusive, profane, threatening or hateful nature

• Material that may damage The Highland Cattle Society SCIO’s reputation or its relationship with its clients

• Material that makes representations or expresses opinions purporting to be those of The Highland Cattle Society SCIO, without appropriate authority

• Material which may infringe copyright

• Material or behaviours that violate The Highland Cattle Society SCIO’s Code ethics, standards or other The Highland Cattle Society SCIO policies

• Material that may cause distress or injure the feelings of someone else and/or lead to a lawsuit or criminal charges

• Material which makes any disparaging or derogatory remarks regarding (or which could identify) The Highland Cattle Society SCIO and/or any of its officers, clients, customers or workers - for the avoidance of doubt any such conduct outside working hours using your own equipment can still lead to disciplinary action being taken

Prohibited activity: Undertaking any of the following activities on the Computer System unless authorised or issued by the Treasurer:

• The use of personal media including, but not limited to, Floppy, Zip, Memory Cards, USB Memory Devices, MP3 Devices, CD and DVD

• Installing or removing software

• Excessive (ie. more than incidental) use of Electronic Communications for communications which do not directly relate to your post

• The download or transfer of any files which do not directly relate to your post

• The use of any file sharing software or services, excluding any applications provided by the Treasurer

• The use of any instant messaging software or services unless provided by the Treasurer

• The use of any social networking services other than in accordance with The Highland Cattle Society SCIO Social Networking Policy, set out in Appendix II to this policy

• Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws

• Making fraudulent offers of products, items, or services originating from any The Highland Cattle Society SCIO account

• Publishing, or allowing to be published, you’re The Highland Cattle Society SCIO email address as a point of contact for any individuals or organisations that are unconnected with your post (examples of such actions would include allowing you’re the Highland Cattle Society SCIO e-mail address to be included in handbooks of sports or social clubs, registering for non-business related mailing lists using your The Highland Cattle Society SCIO e-mail address, and using your the Highland Cattle Society SCIO e-mail address for setting up social networking accounts)

• Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type

• Intentionally destroying anything stored on the Computer System including anything stored in primary or random access memory

• Deliberately performing any act that will seriously impact the operation of the Computer System

• Attempts to avoid detection of improper or illegal behaviour including, but not limited to, encrypting electronic messages and computer files are prohibited

• Using the Computer System to gain or attempt to gain unauthorised access to remote computers

• Forging e-mail, including concealment of the sender’s identity, or use of another’s email address

• Theft of or unauthorised use of, or access to data

• Copying computer program(s) from the Computer System

• Running or installing on the Computer System, or giving to another, a program that could result in the eventual damage to a file or the Computer System, and/or the reproduction of itself

• Disabling, exiting or opting out of any anti-virus package running on the Computer System

• Attempting to circumvent data protection schemes or uncover security loopholes

• Connecting any non The Highland Cattle Society SCIO computer to The Highland Cattle Society SCIO network

• Performing acts that are wasteful of computing resources or that unfairly monopolises resources to the exclusion of others

• Attempting to access or monitor another user’s Electronic Communications data or a server

• Accessing, reading, copying, changing, disclosing, or deleting another user’s messages, files or software without permission of the owner

4. Deleting Electronic Communications

Users of the Computer System should be aware that Electronic Communications are not necessarily erased from the Computer System when the user “deletes” the file or message. Deleting an Electronic Communication causes the Computer System to “forget” where the message or file is stored on the Computer System. In addition, Electronic Communication may continue to be stored on a backup copy long after it is “deleted” by the user. As a result, deleted messages can often be retrieved or recovered after they have been deleted.

5. Monitoring

The contents of the Computer System, Electronic Communications and our IT resources and communications systems are our property. Therefore, workers should have no expectation of privacy in any message, files, data, document, facsimile, telephone conversation, social media post conversation or message, or any other kind of information or communications transmitted to, received or printed from, or stored or recorded on our electronic information and communications systems in any part of the Computer System.

We reserve the right to monitor, intercept and review, without further notice, worker activities using the Computer System, Electronic Communications, our IT resources and communications systems, including but not limited to social media postings, e-mails, website use and activities, internet usage and e-mail usage, to ensure that our rules are being complied with and for legitimate business purposes and you consent to such monitoring by your use of such resources and systems. This might include, without limitation, the monitoring, interception, accessing, recording, disclosing, inspecting, reviewing, retrieving and printing of transactions, messages, communications, e-mails (and the contents), postings, log-ins, recordings and other uses of the systems as well as keystroke capturing and other network monitoring technologies. We may store copies of such data or communications for a period of time after they are created,and may delete such copies from time to time without notice. Do not use the Computer System or other IT resources and communications systems for any matter that you wish to be kept private or confidential from the organisation.

6. Legal liability

Electronic Communications potentially give rise to legal liabilities to which you may be subject and your activities may give rise to additional liability:

Criminal Liability: All computers, software, data, business records, and worker records of The Highland Cattle Society SCIO in any form, including electronic and paper, belong to The Highland Cattle Society SCIO. Any person committing an offence with respect to them may be subject personally to criminal sanctions and other liability. Domestic and/or international laws may also apply to some circumstances. The offences include unauthorised use of the computer system, computer trespass, computer tampering, and unlawful duplication or possession of computer related material. Improper or unauthorised access to, or release or manipulation of, any worker record in such form is included in such offences.

Copyright Infringement: Copyright laws prohibit unauthorised copying. Violators may be subject to criminal prosecution and/or be liable for monetary damages. In general, you may not copy or download music, pictures, video or software, nor install or use software on the Computer System without acquiring a license from the publisher. (For example, you may not copy it from a friend or other source). Furthermore, you may not copy The Highland Cattle Society SCIO’s software, unless such copying is specifically permitted by the license agreement and the Treasurer.

The ability to download documents from the internet, and to attach files to e-mail messages, increases the opportunity for and risk of copyright infringement. A user can be liable for the unauthorised copying and distribution of copyrighted material the use of download programs and e-mail. Accordingly, you may not copy and/or distribute any materials of a third party (including software, database files, documentation, articles, graphics files, audio or video files) unless you have the written permission of the copyright holder to do so. Any questions regarding copying or downloading should be directed to the Treasurer.

7. General Data Protection Regulation (“GDPR”)

The GDPR defines personal data as any data which relates to a living individual who can be identified. It places obligations on all workers with regard to processing personal information, and its security, regardless of any judgement which we may make about its sensitivity.

Workers may not disclose or use computerised personal data relating to individuals for any purpose other than those purposes for which the information was originally collected and notified. All workers that have the responsibility for managing personal data must be aware of their responsibilities under this Regulation. Further guidance can be found in the Data Protection guidance policies available from the Treasurer on request.

8. Implications of non-compliance

Serious infringement may amount to a criminal offence.

Failure to observe this policy for example by using the internet, e-mail or text messages for a prohibited behaviour or in any other way for improper purposes will be treated as a disciplinary offence and you are liable to be disciplined in accordance with The Highland Cattle Society SCIO’s disciplinary procedure. Serious or persistent non-observance could result in the termination of your employment.

Disciplinary action may be taken regardless of whether the breach is committed during working hours, and regardless of whether our equipment or facilities are used for the purpose of committing the breach. Any worker suspected of committing a breach of this policy will be required to co-operate with our investigation, which may involve handing over relevant passwords and login details.

If you reasonably suspect a violation of this policy you should contact your Data Protection Officer.

Queries

If you have any questions or concerns arising from this policy, please contact a member of the Compliance Team at Head Office.

Appendix 1: Password policyThe purpose of this Password Policy is to prevent the unauthorised use of company-owned computer workstations, servers, IT systems and applications by establishing standards for strong passwords and the protection of user and system passwords.

This policy applies to all workers using the Computer Systems and Electronic Communications (“Systems”).

Creating a password

All Systems must be protected using a user ID and password combination. Users of any Systems that require a password must follow the guidelines below for creating passwords:

1. Passwords for all user accounts should be at least eight characters in length;

2. Passwords should contain at least three out of four from the following: lower case letters, upper case letters, numeric character, and special character (e.g., !@#$%^&).

3. Must not be a common pattern found on a standard keyboard or any other common pattern of letters or numbers.

4. Usable password cycle is 6 repeatable uses.

5. It should not be based on personal information such as birthdays, addresses, names, etc.

Protecting a password

It is important to protect the secrecy of passwords. The following guidelines must be followed when handling passwords:

1. Passwords can never be written down anywhere that is not under lock and key (no sticky notes!).

2. All user account passwords must be changed periodically.

3. Password and login names can never be included in the same e-mail or other form of electronic communications.

4. Users must have different passwords for each system that does not use some method of single sign on.

5. Never reveal your password to anyone over the phone, other than Supreme Grand Chapter IT personnel.

6. Do not share your passwords with assistants, co-workers, family members, or friends. All passwords must be treated as company confidential.

7. Where possible do not use the “Remember Password” feature of any application.

8. Do not store your passwords in any portable electronic device such as tablets or cell phones.

9. Tools used for password management complexity checking must be enabled when available.

10. Tools used to identify and disable/lock end user accounts which have been idle for 45 days should be enabled when available.

All systems that have a lock out facility following invalid login attempts must be configured to lock out accounts after 5 attempts.

Default user accounts and passwords created during installation of an IT system or application should be renamed and passwords changed in accordance with this policy.

This policy should be retrospectively applied to IT managed systems and applications.

Any exceptions to this policy must be approved in advance by the Treasurer for The Highland Cattle Society SCIO.