Email and External Communications

Email (electronic mail) is a vital business tool, and it is pervasively used in almost all industry verticals and is often the primary communication and awareness method within an organization. At the same time, misuse of email can pose many legal, privacy, and security risks, thus it's important for users to understand the appropriate use of electronic communications.

Protected data is never to be sent via email.

All your organization's Confidential or Internal data contained within an email message or an attachment must be secured according to the Data Protection Policy.

your organization labels emails which are received from outside a list of approved (company-owned) email domains or servers. This allows your organization to prevent phishing attacks and ensures that messages are not trusted by default.

In general, you should not:

• send or forward private e-mails which you would not want a third party to read;
• send or forward chain mail, junk mail, or gossip;
• automatically forward your organization emails to third party email systems or recipients;
• contribute to system congestion by sending trivial messages or unnecessarily copying or forwarding e-mails to those who do not have a real need to receive them;
• sell or advertise using your organization communication systems or broadcast messages;
• agree to terms, enter into contractual commitments or make representations by e-mail unless the appropriate authority has been obtained. A name typed at the end of an e-mail is a signature in the same way as a name written at the end of a letter;
• download or e-mail text, music, and other content on the internet subject to copyright protection, unless it is clear that the owner of such works allows this;
• send messages from another person's e-mail address (unless authorized) or under an assumed name;
• send confidential messages via e-mail or the internet, or by other means of external communication which are known not to be secure.

Supported video platforms: at this time your organization recommends the use of only two video conferencing platforms for business:

• Microsoft Teams
• Zoom (second option)

Microsoft Teams

Microsoft Teams is a unified communication and collaboration platform that combines persistent workplace chat, video meetings, web conferences and events, file storage (including collaboration on files), and application integration. The service integrates with the company's Office 365 productivity suite and features extensions that can integrate with non-Microsoft products.

Microsoft Teams Glossary

1. Teams: find channels to belong to or create your own. Inside channels you can hold on-the-spot meetings, have conversations, and share files;
2. Meetings: see everything you've got lined up for the day or week. Or, schedule a meeting. This calendar syncs with your Outlook calendar;
3. Calls: in some cases, if your organization has it set up, you can call anyone from Teams, even if they're not using Teams;
4. Activity: catch up on all your unread messages, @mentions, replies, and more.

Zoom

Zoom is a communication and collaboration platform that offers video meetings, web conferences, and webinars. The service integrates with many other products and services to enhance productivity and collaboration within teams.

General recommendations and best practices

• Password protect your meetings to prevent situations as Zoombombing;
• Use the lobby feature and manually allow lobby members into the meetings;
• Internet connection: typically, you need a minimum of 10mbps upload and download for a good quality video call;
• Location: ensure suitable setup that is similar as much as possible to an office;
• Background filters: not mandatory, but consider the use of a static background image. You can either use a built-in image from the library of the app or set a custom one that is company-approved. This will reduce distractions for others in the video chat, block out any unwanted cameos and protect the privacy of your home (office);
• Headsets: though not always necessary these are recommended. Others at your location cannot hear what is being said to you, and having a mic closer to your mouth means it is less likely to pick up background noise;
• Screen sharing: – it is recommended you only share the application window you need to show. If you need to share multiple applications it may be necessary to share your entire screen, in this case, make sure your desktop is appropriate, you may not want others to see what applications you have installed or the picture of your family on your desktop wallpaper;
• Framing: position yourself in the center frame when in a chat and be aware of your movements it is easy to forget that the camera, unlike a person, cannot follow you if you move out of its field of view, or rotate on your chair.

Recording Video Conferences

The recording of video conferences should only be used where there is a clear and justifiable business reason to do so, in most cases it is recommended you check with the Chief Privacy Officer before deciding to record a session. Additional points of note are:

• Recorded sessions are covered by GDPR and your organization Retention Policies, as well as taking up costly storage space;
• You must have permission from everyone attending the session for them to be recorded and you must also specify the reason why you are recording the session. Preferably in writing (email is sufficient). Anyone objecting to being recorded should be asked to leave the session;
• Before recording, you should plan what you are going to do with the recording afterward, where will it be stored, and for how long. Recordings must be deleted as soon as they are no longer needed.

The contents of your organization systems and company data are your organization property. All materials, data, communications, and information, including but not limited to:

• outgoing and incoming e-mail;
• phone conversations and voicemail recordings;
• instant messages and internet and social media postings and activities;
• information created on, transmitted to, received or printed from, or stored or recorded on a device (collectively referred to as 'content' in this policy) during business or on behalf of the company is your organization property, regardless of who owns the device.

We reserve the right to monitor, intercept, review and erase, without further notice, all content on the device that has been created for or on behalf of your organization. This might include, without limitation, the monitoring, interception, accessing, recording, disclosing, inspecting, reviewing, retrieving, and printing of transactions, messages, communications, postings, log-ins, recordings, and other uses of the device, whether or not the device is in your possession.

Personal data may be inadvertently monitored, intercepted, reviewed, or erased. Therefore employees should not expect privacy in any data on the company-owned device.

You are advised not to use your organization systems for any matter intended to be kept private or confidential. Monitoring, intercepting, reviewing, or erasing of content will only be carried out to the extent permitted by law, for legitimate business purposes, including, without limitation, to:

• prevent misuse of the device and protect company data;
• ensure compliance with your organization rules, standards of conduct, and policies in force from time to time (including this policy);
• monitor performance at work;
• ensure that staff members do not use your organization facilities or systems for any unlawful purposes or activities that may damage your organization business or reputation.

We may also store copies of any content for some time after they are created and may delete such copies from time to time without notice. We may obtain and disclose copies of such content or the entire device (including personal content) for litigation or investigations.

We will only monitor, intercept and review data where we have a reasonable suspicion that the company or individual may be or has been compromised. Each instance or request will be carefully considered and only with the agreement of the HR Director and the CEO will any of the above be actioned.

Access is granted to the internet, smartphones, and other electronic systems for legitimate business purposes only. Incidental personal use is permissible provided it is in full compliance with your organization rules, policies, and procedures (including this policy).

Misuse or excessive personal use of e-mail system or inappropriate internet use will be dealt with under your organization Disciplinary Procedure (in respect of employees), and/or may result in the termination of your engagement if you are a contractor. Misuse of the internet can in some circumstances be a criminal offense. In particular, misuse of the e-mail system or inappropriate use of the internet by participating in online gambling or chain letters or by creating, viewing, accessing, transmitting, or downloading any of the following material will usually amount to gross misconduct (or, in the case of consultants, will usually result in the termination of your engagement) (this list is not exhaustive):

• pornographic material (that is, writing, pictures, films, and video clips of a sexually explicit or arousing nature);
• offensive, obscene, criminal material, or material which is liable to cause embarrassment to us or your organization clients;
• a false and defamatory statement about any person or organization;
• material which is discriminatory, offensive, derogatory or may cause embarrassment to others;
• confidential information about your organization or any of its employees or contractors, customers or clients (except as authorized in the proper performance of your duties or the services you provide);
• any other statement which is likely to create any criminal or civil liability (for you or us);
• material in breach of copyright.

Where evidence of misuse is found we may undertake a more detailed investigation, involving the examination and disclosure of monitoring records to those nominated to undertake the investigation and any witnesses or others involved in any procedure. If necessary, such information may be handed to the police in connection with a criminal investigation.