As email and the web become ubiquitous, guidelines for ethical use of internet services are now essential for users, says Ruth McGuire.
One useful lesson to emerge from the Clinton scandal is that emails do eventually catch up with you. Too many PC users have been lulled into a false sense of security by the "delete" command.
It is good to be able to access worldwide information and send electronic mail in seconds from a university PC, but the price of this is a loss of privacy and security. Because you are accessing the internet through the university's computers and networks, details of every website visited and every email sent are stored and can be retrieved by administrators. The information is often kept on file for months or, in some cases, years.
As part of their commitment to the JANET (Joint Academic Network) service and for their own legal protection, universities must have in place systems for monitoring the use of computer facilities. Accessing or downloading of "offensive, indecent or obscene" materials could result in legal action being taken against a university and, ultimately, disconnection from JANET. Monitoring and some measure of cyber surveillance is therefore essential.
Difficulties could arise, however, if universities do not have explicit internet and email policies that specify employee rights and responsibilities. Guidance is needed on even the simplest of security measures such as not sharing passwords. Some academics give their passwords to administrative staff to allow them to access emails.
General policies to ensure that "acceptable use" is made of university equipment do not necessarily define what is acceptable in relation to internet and email services. Many policies also fail to inform users that their computer use is being monitored and recorded and could if necessary be intercepted. This seemingly small oversight could be a deciding factor in legal disputes over an employee's expectation of privacy within the context of the European Convention of Human Rights. A random survey of six universities revealed that there is great diversity in the development and implementation of internet and email policy. The University of Warwick allows personal use of IT facilities but expects staff to keep within the law when using the internet or email and to refrain from doing anything that would bring the university into disrepute.
At the University of Bradford staff are expected to "act responsibly and use IT facilities for university purposes". At Oxford, in addition to having a policy in place, an IT Legal Issues Group has been set up to "review current matters of debate" that emerge as IT technology evolves.
Sheffield Hallam University has also recently developed an IT policy that looks at issues of confidentiality and privacy. The University of Southampton, meanwhile, places responsibility for how the internet is used with departmental heads. Guidelines specify, for example, that "access to recreational information is a matter of departmental policy". Oxford Brookes monitors the use of IT facilities and conducts investigations if violations of regulations take place.
University employees can claim some protection from unwanted surveillance under the enhanced Data Protection Act 1998, which comes into force in March 2000. The data protection registrar, Elizabeth France, announced in July that a code of practice will introduce tighter controls under the act. Surveillance activities, such as collection of data to monitor performance, which could involve interception of email, will be covered by the act.
John Woulds, director of operations at the Data Protection Agency, says that an organisation's failure to follow the code of practice could be used as strong evidence against it in disputes over alleged breaches of the act. The Interception of Communications Act (1985) is also to be amended to bring it into line with European law on interception and in line with developments in technology.
Michael Mahoney, a solicitor specialising in IT law, advises: "To avoid allegations that privacy rights have been violated, it would be wise for employers to set out in terms and conditions of employment that website and email use will be monitored and accessed."
JANET acceptable use policy: www.ja.net/
RECOMMENDATIONS FOR UNIVERSITIES
* Clear policies on internet and email use should be devised and disseminated to staff
* Staff should be made aware of computer-monitoring activities
* Staff should be made aware of disciplinary procedures and penalties for improper use of computers
* Staff should be encouraged to use the internet for personal and professional development
* Privacy and confidentiality rights of staff should be respected.
Recommendations for staff
* Know and claim rights to privacy and confidentiality
* Work on the assumption that neither emails nor website visits are confidential
* Obtain, read and understand university policy on internet and email use
* Never share or give passwords to others.