- Introduction
1.1 This Communications, Email, and Internet Policy applies to all employees, of Thames & Hudson Ltd (the “Company”) who use the communications equipment, computers, devices, and systems provided by the Company.
1.2 Communications made by employees and their other activities online reflect upon the Company and can create several commercial, professional, and legal problems. This Policy is intended to clarify what the Company expects from its employees and their responsibilities when using communications, email, and internet facilities (collectively, “The Company’s Internet and Communication Facilities”).
1.3 The Company’s Internet and Communication Facilities include:
1.3.1 Telephone;
1.3.2 Email;
1.3.3 Internet;
1.3.4 Mobile Messaging
1.4 Whilst the Company’s Internet and Communications Facilities are made available to employees for business activities, a certain amount of limited personal use is permitted insofar as such personal use is consistent with this Policy and the duties of the employee.
1.5 In addition to this Policy, when using The Company’s Internet and Communications Facilities, Employees must also comply with other Company Policies including the Data Protection Policy, the IT Security Policy, the Equal Opportunities and Diversity Policy, and the Dignity at Work (Anti-Bullying & Harassment) Policy.
2. General Principles
Certain general principles should be considered when using any type of communication, be it external or internal, including hard copy letters, memos, and notices. The Company expects all employees to:
1.6 Be mindful of what constitutes confidential or restricted information and ensure that such information is never disseminated in the course of communications without express authority;
1.7 Be mindful of what constitutes personal data and ensure that personal data is never disseminated in the course of communications unless it is used in accordance with the Company’s Data Protection Policy and with express authority;
1.8 Ensure that they do not breach any copyright or other intellectual property rights when making communications;
1.9 Ensure that they do not bind themselves or the Company to any agreement without express authority to do so; and
1.10 Be mindful of the fact that any communication may be required to be relied upon in court, to the advantage or the detriment of the individual or the Company, and to conduct their use of communication systems and equipment accordingly.
1.11 The viewing, transmission, downloading, uploading, or accessing in any way of any of the following material using the Company’s Internet and Communications Facilities may result in disciplinary action:
1.11.1 Material which is pornographic, sexist, racist, homophobic, or any other discriminatory or otherwise offensive material;
1.11.2 Illegal or criminal material, including material which breaches copyright or any other intellectual property right;
1.11.3 Any material which has the object or effect of causing harassment to the recipient;
1.11.4 Material which the employee knows, or reasonably ought to know, is confidential or restricted information and which they are not authorised to deal with;
1.11.5 Any website or online service to which the Company has blocked access.
3. Internet Use
1.12 The Company provides access to the internet for the sole purpose of business and to assist employees in the performance of their duties. However, we recognise that employees may need to use the internet for personal purposes and such use is permitted provided it is reasonable and does not interfere with the employee’s performance of their duties.
1.13 Employees must not use the internet to gain or attempt to gain unauthorised access to computer material or private databases, including restricted areas of our network. Nor must they intentionally or recklessly introduce any form of malware, spyware, virus, or other malicious software or code to the communications equipment or systems.
1.14 Employees must not access or attempt to access any information which they know or reasonably ought to know is confidential or restricted.
1.15 Employees must not access or use personal data online in any manner that is inconsistent with the Data Protection Policy.
1.16 Employees must not download or install any software without the express written permission of IT Support.
1.17 In accordance with paragraph 2.6, employees must not attempt to download, view, or otherwise retrieve illegal, pornographic, sexist, racist, offensive, or any other material which is in any way in bad taste or immoral. Employees should note that even material that is legal under UK law may nonetheless be in sufficiently bad taste to fall within this definition. As a general rule, if any person might be offended by any content, or if that material may be a source of embarrassment to the Company or otherwise tarnish the Company’s image, viewing that material will constitute a breach of this Policy. Any such attempt will constitute a disciplinary offence and in addition to internet access being reviewed, reduced, or withdrawn, may be subject to disciplinary action.
1.18 Certain websites are blocked and cannot be accessed using if an employee has a genuine and specific business need to access a blocked site, they must contact IT Support before accessing the site.
4. Social Media Use
1.19 Employees may use social media for personal purposes occasionally during work hours or during breaks provided that such usage does not interfere with their work responsibilities or productivity.
1.20 Certain employees may from time to time be required to use social media on behalf of the Company, and should only do so with the authorisation of their line manager. Employees must refrain from doing anything on social media that defame, disparage, or otherwise bring into disrepute, the Company, an employee’s superiors, an employee’s colleagues, or other related third parties. Employees should uphold the highest standards of communication and not engage in combative communication.
1.21 The Company recognises that in their personal lives employees may wish to publish content on the internet through a variety of means, including social media. Even outside of work employees must refrain from doing anything on social media or any other websites that defame, disparage, or otherwise bring into disrepute, the Company, an employee’s superiors, an employee’s colleagues, or other related third parties. This includes but is not limited to, making false or misleading statements and impersonating colleagues or third parties.
1.22 If an employee makes any posting, contribution, or creation or publishes any other content which identifies or could identify the employee as an employee, contractor, agent, or other member or associate of the Company, or in which the employee discusses their work or experiences relating to the Company, the employee must at all times ensure that their conduct is appropriate and consistent with their contract of employment and the corporate image of the Company, and should bear in mind that the employee owes a duty of fidelity to the Company.
1.23 If an employee is unsure as to the appropriateness of a posting or other content they wish to publish, they should speak to their line manager at the earliest opportunity to seek clarification.
1.24 If, in any contribution or posting which identifies or could identify the employee as an employee, agent, or another affiliate of the Company, the employee expresses an idea or opinion, they should include a disclaimer which clearly states that the opinion or idea expressed is that of the employee and does not represent that of the Company.
5. The Company Email Use
1.25 The email address with which employees are provided by the Company (ending in the suffix @thameshudson.co.uk is provided for business purposes in order to facilitate information sharing and timely communication with clients, customers, colleagues, suppliers etc. Any Company business which is conducted via email must be conducted using the Company email and is under no circumstances to be conducted through any other personal email address or account.
1.26 Employees should adopt the following points as part of best practice:
1.26.1 Before communicating via email, employees should satisfy themselves that it is the most suitable mode of communication, particularly where time is of the essence;
1.26.2 Ensure that the email contains the Company disclaimer notice. This should be added automatically by the email client. If it is not, employees should speak to IT Support immediately;
1.26.3 All emails should contain the appropriate business reference(s), either in the subject line or in the body of the text;
1.26.4 Employees should be careful not to copy an email automatically to everyone copied into the original message to which they are responding as this may result in inappropriate or unlawful disclosure of confidential information and/or personal data;
1.26.5 Employees should be careful when forwarding an email to ensure that the email contents do not contain any inappropriate or unlawful disclosure of confidential information and/or personal data
1.26.6 Employees should take care with the content of emails, in particular avoiding incorrect or improper statements and the unauthorised inclusion of confidential information or personal data. Failure to follow this point may lead to claims for discrimination, harassment, defamation, breach of contract, breach of confidentiality, or personal data breaches;
1.26.7 All emails should be proofread before transmission, which includes ensuring that any attachments referred to in the text are actually attached and are correct and the intended recipients’ email addresses are correct;
1.26.8 If an important document is transmitted via email, the sender should telephone the recipient to confirm that the document has been received in full;
1.27 Employees must not email any business document to their own or a colleague’s personal web-based email accounts.
1.28 Use of the Company email for any personal matter is prohibited as it places additional strain on the Company’s communications facilities.
1.29 Employees must not send abusive, obscene, discriminatory, racist, harassing, derogatory, pornographic, or otherwise inappropriate material in emails. If any employee feels that they have been or are being harassed or bullied, or if they are offended by material received in an email from another employee, they should inform their Line Manager, Head of Department or Head of HR.
1.30 Employees should at all times remember that email messages may have to be disclosed as evidence for any court proceedings or investigations by regulatory bodies and may therefore be prejudicial to both their and the Company’s interests. Employees should remember that data which appears to have been deleted is often recoverable. If secure deletion is required, for example, where an email contains confidential information or personal data, employees should contact IT Support.
6. Personal Email Use
Employees are permitted to access and use their personal email accounts only to the extent that such use is reasonable and does not interfere with the employee’s performance of their duties.
7. The Company Telephone System Use
1.31 The Company’s telephone lines and mobile phones are for the exclusive use of employees working on the Company’s business. Essential personal telephone calls regarding employees’ domestic arrangements are acceptable, but excessive use of the Company’s telephone system and/or mobile phones for personal calls is prohibited. Any personal telephone calls should be timed to cause minimal disruption to employees’ work.
1.32 Employees should be aware that telephone calls made and received on the Company’s telephone lines and mobile phones issued by the Company may be routinely monitored to check the telephone system is not being abused.
8. Personal Mobile Phone Use
1.33 Essential personal telephone calls regarding employees’ domestic arrangements are acceptable, but excessive use of employees’ own mobile phones for personal communications (including, but not limited to, calls, messaging, emailing, and web browsing) is prohibited. In order to avoid disruption to others, mobile phones should be set to silent during normal working hours.
1.34 Any personal telephone calls on employees’ own mobile phones should be timed to cause minimal disruption to employees’ work and to colleagues working nearby.
9. Security
1.35 The integrity of the Company’s business relies on the security of the Company’s Internet and Communications Facilities. Employees bear the responsibility of preserving the security of the Company’s Internet and Communications Facilities through careful use.
1.36 Access to certain websites and online services via the Company’s Internet and Communications Facilities is blocked. Often the decision to block a website or service is based on potential security risks that the site or service poses. Employees must not attempt to circumvent any blocks placed on any website or service by the Company.
1.37 Employees must not download or install any software or program without the express written permission of IT Support, and are reminded of paragraphs 3.2 and 3.5 of this Policy.
1.38 Employees must not delete, destroy, or otherwise modify any part of the Company’s Internet and Communications Facilities (including, but not limited to, hardware and software).
1.39 Employees must not share any password that they use for accessing the Company’s Internet and Communications Facilities with any person, other than when it is necessary for maintenance or repairs by IT Support. Where it has been necessary to share a password, the employee should change the password immediately when it is no longer required. Employees are reminded that it is good practice to change passwords regularly. Employees must familiarise themselves with the additional guidance contained in the Company’s IT Security Policy.
1.40 Employees must ensure that confidential information, personal data, and othersensitive information is kept secure. The security of personal data in particular is governed by the Company’s Data Protection Policy, which employees must comply with at all times when handling personal data. Workstations and screens should be locked when the employee is away from the machine and hard-copy files and documents should be secured when not in use.
1.41 If an employee has been issued with a laptop, tablet, smartphone, or other mobile device, that device should be kept secure at all times, particularly when travelling. Mobile devices must be password-protected and, where more secure methods are available, such as fingerprint recognition, such methods must be used. Confidential information, personal data, and other sensitive information stored and/or accessed on a mobile device should be kept to the minimum necessary for the employee to perform their duties. Employees should also be aware that when using mobile devices outside of the workplace, information displayed on them may be read by unauthorised third parties, for example, in public places and on public transport.
1.42 Employees using the Company-issued mobile devices (as outlined above in paragraph 9.7) must not connect such devices to public wi-fi networks, for example, in cafes, restaurants, and on public transport.
1.43 When opening emails from external sources employees must exercise caution in light of the risk malware, spyware, viruses, and other malicious software or code pose to system security. Employees should always ensure that they know what an attachment is before opening it. If an employee suspects that their computer has been affected by a virus they must contact IT Support immediately.
10. Monitoring
1.44 To the extent permitted or required by law, the Company may monitor employees’ use of the Company’s Internet and Communications Facilities for its legitimate business purposes which include (but are not necessarily limited to) the following reasons:
1.44.1 To ensure the Company policies and guidelines are followed, and standards of service are maintained;
1.44.2 To comply with any legal obligation;
1.44.3 To investigate and prevent the unauthorised use of the Company’s Internet and Communications Facilities and maintain security;
1.44.4 If the Company suspects that an employee has been viewing or sending offensive or illegal material (or material that is otherwise in violation of this Policy);
1.45 Employees should be aware that all internet and email traffic data sent and received using the Company’s Internet and Communications Facilities is logged, including websites visited, times of visits, and duration of visits. Any personal use of the internet will necessarily therefore be logged also. Employees who wish to avoid the possibility of the Company becoming aware of any political or religious beliefs or affiliations should avoid visiting websites which might reveal such affiliations. By using the Company’s Internet and Communications Facilities for personal use, employees are taken to consent to personal communications being logged and monitored by the Company. The Company shall ensure that any monitoring of employees’ use of the Company’s Internet and Communications Facilities complies with all relevant legislation including, but not limited to, the UK GDPR and the Human Rights Act 1998.
1.46 When monitoring emails, the Company will normally restrict itself to looking at the address and heading of the emails. However, if it is considered necessary, the Company may open and read emails. Employees should be aware that sensitive and confidential communications should not be sent by email because it cannot be guaranteed to be private. Employees are reminded that any permitted personal emails should be marked as “personal” in the subject line.
11. Misuse and Compliance
1.47 Any employee found to be misusing the Company’s Internet and Communications Facilities will be treated in line with the Company’s Disciplinary Policy and Procedure.
1.48 Where any evidence of misuse of the Company’s Internet and Communications Facilities is found, the Company may undertake an investigation if criminal activity is suspected or found, the Company may hand over relevant information to the police.
This Policy has been approved & authorised by:
Name: Paul Bryson
Position: Head of IT & Compliance
Date: 01/02/2024
