6-640 STAFF USE OF ELECTRONIC TECHNOLOGY
Amended March 2009

POLICY

St. Leonard’s Community Services provides computers, software, network access, email, voicemail, fax machines and related technology for staff to utilize for the purpose of carrying out Agency business.

PROCEDURE

The equipment, technology and software are the property of the Agency.  The Agency reserves the right to access the systems including email and Internet and monitor communications and usage at any time to protect its interests.

Staff are strictly prohibited from using Agency systems for any purpose other than Agency business.  Downloading or distribution of unauthorized copyrighted material, obscene or pornographic material, racially offensive material and viruses or malware (malicious software) is not permitted.  Use of chat rooms and social networking sites is not permitted, nor is file sharing i.e., Limewire.  The downloading and viewing of U-Tube videos should be limited to work or school related topics.

Agency approved software is installed on the computers.  Any use of unauthorized software is strictly prohibited.  No additional software or freeware is to be downloaded or installed on Agency computers without written authorization from a Supervisor.

Staff are responsible to ensure the Agency software installed on the computer, including virus protection software, is not compromised.  If any software is not working or deleted, the onus is on the staff to notify his/her Supervisor and ensure the designated Agency information technology consultant is notified.

Systems and data are password protected.  Passwords are confidential and are not to be communicated to unauthorized persons.  If the password is compromised, it must be reported immediately to the IT Coordinator.  All passwords must be at least 7 characters in length and include at least one number and one letter as well as one symbol.  Passwords will not be written down, but if the need arises, the password will be stored in a safe or in a locked cabinet.

The HR Department will notify the IT Department upon the termination of employment of any staff or end of placement of any student or volunteer so that passwords can be cancelled and email resources discontinued.

Staff must follow backup procedures established for their location.  All systems are to be backed up on a regular basis to ensure lost information is recoverable.  All backup media is to be kept safe and secure as per laptop and computer disk guidelines.

Electronic information is stored on the computer according to the retention policy of the department.  Information must be transferred to CD/tape/hardcopy before removal from the computer.

Ensuring emails are received by the intended recipient is very important and should be in keeping with the legislations entitled PHIPA and PIPEDA.  As such, the following statement should be affixed to each email as part of the signatory line.  “This email is privileged and contains confidential information intended only for the person(s) named above.  Any other distribution or disclosure is strictly prohibited.  If you have received this email in error, please notify us of the error by return email and delete the email from your computer without making a copy or saving.”

Staff must be aware that deleting email messages does not mean they are immediately erased and destroyed from the system.  Management reserves the right to access emails even if they have been deleted.  Staff are responsible for the email attachments that they choose to open on their Agency computers.  Viruses and malware are often embedded in attachments and staff should not open attachments if they are unsure of the sender or do not recognize the file type of the attachment.  If they are in doubt as to the legitimacy of an attachment they should contact the sender to verify the content and type of file they are being asked to open.

Staff receiving large attachments with their email messages should save attachments into their personal folder and delete it from their email folder.  Training will be provided to staff requiring support.

Cell phones, and blackberries are provided to staff for business purposes.  It is understood that for convenience, occasional personal use will be made of this technology, however this should be regarded as a privilege that is not to be abused.

Staff are not permitted to use Agency phones or other electronic systems to promote or maintain any private practice activities or other personal profit-making initiatives.  Staff should not use home phones to contact clients unless absolutely necessary.  If they do, they must use the call display suppress feature and they must ensure the utmost confidentiality and privacy of the clients contacted. 

Electronic technology issued to staff for use outside of the workplace such as laptops and  blackberries are subject to the same policies as technology on site in the workplace.  If a blackberry is lost or misplaced, staff must notify the IT department as soon as possible so the blackberry can be wiped and locked remotely in order to protect any sensitive material that may be on the blackberry.

When transporting Agency property such as laptops and digital cameras, staff must ensure that all possible security measures are taken to avoid loss or theft of equipment.  Property must never be stored within view and staff should avoid parking vehicles with Agency equipment in them.  

Voice mail is to be used for business purposes only.  While voice mail is relatively secure, it should not be used to leave messages, which could potentially breach the confidentiality of staff or clients.

With the exception of fax, there will be no distribution or discussion of confidential Agency information through electronic technology/email.  Correspondence via email should not be considered secure.  All correspondence should therefore be limited to information sharing that will not circumvent any Agency or Ministry regulations.

Under circumstances approved by the Service Director, confidential information, such as serious occurrences, may be faxed to the appropriate recipient.  It is imperative that recipient numbers are checked through a routine test before being transmitted.  Fax machines which may be used to receive sensitive material and/or client information are to be kept in a secure area away from the general public.  The fax covering sheet includes the following statement, “This fax is privileged and contains confidential material intended only for the persons named above.  Any other distribution, copying or disclosure is strictly prohibited.  If you have received this fax in error, please notify us immediately by telephone and kindly return the original, by mail, without making a copy.

Computer Disks and USB drives used for saving confidential information will be stored in a secure location with access limited to only those staff with authority to view the contents.  No data containing sensitive Agency or client information is to be stored on publicly available ‘on-line’ storage such as Google GDrive.

Video Tapes developed for training purposes will be stored in a secure location and records will be kept of those signing out and returning training videos.

All recordings including video and audio taping and other electronic recording of clients and/or client information will carry serious ramifications with respect to client confidentiality and electronic communications. 

Media of sessions used strictly for clinical intervention purposes, which are under the direct control of St. Leonard’s Community Services, will be kept in a secure location as designated by the Manager.  Access will be limited to the Service Director, Manager and the immediate Supervisor.

Media will be destroyed by erasure as soon as they are deemed to be no longer needed by the Manager, but under no circumstances will media be kept after the case is deemed to be closed. 

Electronic recordings may be used as evidence in courts of law and therefore, need to be dealt with in the same manner, with the same due regard, as written clinical records.

Staff found to be misusing or harming the computer systems or failing to abide by the policies concerning use of electronic technology will be subject to disciplinary action.   

 HRManual