Police on track with enhanced computer-use policy

Crack-down on misuse rolls into 2009

The new Police code of conduct includes provisions covering misuse of computer systems, but the detail is yet to be completed — with some implementation dates as late as June 2009.

The revised code — drafted in response to Margaret Bazley’s 2007 report on Police misconduct — was published last week and immediately came under fire for its lack of provisions referring directly to sexual misconduct.

Allegations of such misconduct were the primary cause of the inquiry that resulted in the Bazley report.

Computer misuse was a minor point of focus (Computerworld, April 9, 2007). In April 2005, a scan of internal Police emails uncovered “inappropriate” images sent, on several occasions, by 351 staff. Twelve of the images, held by 28 people, were classified as legally “objectionable” by the Chief Censor.

Complaints have also been made about alleged staff use of information from Police databases for purposes not relevant to the job.

The code of conduct lists under the heading “Serious Misconduct” “sending or saving inappropriate or offensive emails and/or their attachments, or using the internet or the Police computer system in breach of Police policy”, as well as “using any Police databases for an unauthorised or personal purpose”.

A more detailed Police list of the status of implementation of the Bazley recommendations says two recommendations (No 41, requiring firm directions on appropriate use with no allowance for “individual interpretation” and No 42, requiring all staff to sign a document saying they have read and understood the directions) were implemented in 2006, while Bazley’s investigations were still in process.

However, response to Recommendation 43, “all police officers should be required to acknowledge that they have read and understood any changes to police computer use policies. These requirements should also be fully explained to all recruits during their training,” is marked “estimated to complete June 2009”.

Currently, officers are required to acknowledge the acceptable use policies every time they log on to the computer system. New recruits, during training “are given a full copy of the policy, which they must read,” says the implementation-status list.

“They are led through the basic process of logging in and out of the Police IT systems and application of the policy is discussed using examples. They are required to sign a letter stating they have read and understood the policy.”

Claims by employees not to have understood or to have forgotten such requirements have been given weight in employment tribunal hearings, for example one concerning Air New Zealand staff in 2006.

On the Police schedule for future development is “an online facility for Police staff, which will be capable of tracking delivery of online publications and opening of the documents by staff” and “a facility to require each staff member to answer online, a series of questions from the content of the policy or instruction and record that data. This will ensure that staff have read the instructions and understand it.”

Against Recommendation 44, on regular reporting of staff internet use, the list records that monthly reporting is in place. Incorporation of this into a broader “early intervention system” is scheduled to be complete by June.

Join the newsletter!

Error: Please check your email address.

Tags policypolicecomputerSecurity ID

Show Comments
[]