Monitoring staff screens, legality etc...?

[shadowx]

*sigh* *head explode* *face palm* *bang head against wall*

We have just re-installed Impero after our trial (Excellent bit of software, highly recommended) but a certain member of leadership has caught on that they can now watch every member of staff's computer etc...

Personally I am massively uncomfortable with this so I need a few spanners, what is the legality of monitoring staff and the general policies towards it?

I know that legally an employer can do it but do we need to tell staff before hand? If so what do we have to tell them? I know for a fact that if I send out a blanket email to staff telling them that management are monitoring them it will cause an uprising and things will get messy and hopefully leadership would shelve the idea. So I am sincerely hoping there is a legal precedent or requirement for us to notify staff, is there?

As for me I run a *nix box so I am in the clear *whistles contently*

I would love to hear what other schools do and what policies and notices are given to staff with regards to the monitoring and if any major unions have any policies regarding it.

Thanks chaps and chappettes.

[SYNACK]

It needs to be in the AUP, if its not then its dodgy. Personally I think the whole surveillance thing is smarmy to start with.

[X-13]

How to Monitor Your Employees' PCs Without Going Too Far | PCWorld


It's based on US non-educational businesses, but it's a good start.

[shadowx]

It needs to be in the AUP, if its not then its dodgy. Personally I think the whole surveillance thing is smarmy to start with.

An AUP, whats that? Oh the thing that governs acceptable use, yup wish we had one of those

I think It's time I drafted one up!

I agree that computer use should not be monitored, however student access is different.... <offtopic>IMHO you should monitor students to stop them accessing porn etc... which is a legal requirement I believe and to keep a better eye on the cat-and-mouse game of tracking down bugs in software that allow them to get things they should (eg installing Chrome to their local "AppData" folder) and at the end of the day it does vastly increase the time spent doing work as opposed to playing about if the students know they are being watched by their teacher they might at least pretend to work </offtopic>

Thanks for the link x-13, will check it out

[X-13]

<offtopic>IMHO you should monitor students to stop them accessing porn etc...

Nope.

That's what filtering is for.

Same with checking for disallowed files [Games etc.] You set up a script or something to search.



You only root around in files or watch desktops if it's the only option remaining.

it does vastly increase the time spent doing work as opposed to playing about if the students know they are being watched by their teacher they might at least pretend to work

That's a teacher problem, not an IT problem.

[SYNACK]

Without an AUP I think that you may be breaking the digital surveillance act or something like that. Surfice it to say that I'm quite sure that it is illegal and prosecutable if they have not signed an agreement allowing it. It used to be more lapse but I think they tightened it up with the DPA.

[shadowx]

<offtopic (again)>

Nope.

That's what filtering is for.

Yes, BUT! Rather than sit and look through logs all day I can run up Impero and see from the thumbnails if a student is playing a game, check the full screen view, get the URL and block it. I don't look through student folders although if we get a sudden epidemic of students playing a game then we will sometimes do a "*.exe" search in their folders. I only pass on info about illegal/games/dangerous files. I think we are fair, it's up to teachers to keep the kids on track though, my job is to make sure the network stays as good as can be and if that means removing potentially dangerous or illegal files then that's part of what I am here for!

</offtopic>

Without an AUP I think that you may be breaking the digital surveillance act or something like that. Surfice it to say that I'm quite sure that it is illegal and prosecutable if they have not signed an agreement allowing it. It used to be more lapse but I think they tightened it up with the DPA.

Interesting, thanks for the heads up there, I will have to read the digital surveillance act. in a physical sense when CCTV is used there HAS to be signs or some other way of notifying visitors, employees, students etc... that CCTV is in use otherwise again I think it's illegal so it makes sense that the same rules apply to digital surveillance too.

Will check it out, thanks!

[X-13]

Without an AUP I think that you may be breaking the digital surveillance act or something like that. Surfice it to say that I'm quite sure that it is illegal and prosecutable if they have not signed an agreement allowing it. It used to be more lapse but I think they tightened it up with the DPA.

IANAL, but I think it would come under the misuse of computers act.


Computer Misuse Act (1990)
Section 1:

unauthorised access to computer material, punishable by 6 months' imprisonment or a fine "not exceeding level 5 on the standard scale" (currently £5000);

[chazzy2501]

In the US cases have been brought forward with regards to monitoring PC activity and reading emails (even old emails, say if you're suing your employer). The crux of the arguments are that the PCs and email accounts belong to the employer and you are not afforded ANY right to privacy on employer owned hardware or through their services.

This probably wouldn't fall under digital survelance as it is the employers hardware / services.

That is US findings but I think we would fall in line.

[chazzy2501]

IANAL, but I think it would come under the misuse of computers act.


Computer Misuse Act (1990)
Section 1:

I think that is covers unauthorised access and use of PCs BUT as an employer that can't apply to your own hardware.

[shadowx]

In the US cases have been brought forward with regards to monitoring PC activity and reading emails (even old emails, say if you're suing your employer). The crux of the arguments are that the PCs and email accounts belong to the employer and you are not afforded ANY right to privacy on employer owned hardware or through their services.

This probably wouldn't fall under digital survelance as it is the employers hardware / services.

I see your point but going back to CCTV, a shopping center can't legally put CCTV up and watch you without first telling you clearly. That gives you the decision that if you go inside you give consent to be watched, if you don't give consent then you can go elsewhere. I would expect that the same applies to computer monitoring. While the hardware and software does indeed belong to the employer they are still watching YOUR actions.

A few sources online basically repeat what SYNACK said, that there should be an AUP in place that includes the fact that employee activity will be monitored. Then staff have the choice to give consent and keep the job or go elsewhere.

On the subject of AUPs does anyone fancy sending me a copy of theirs in a PM? Or even a censored/draft version so I can get an idea of what a secondary school AUP should involve? (I wont use it as-is, I will only use it as a resource to see what should be on our AUP)

[Edu-IT]

Do they have no proper job to be doing?

[shadowx]

IANAL, but I think it would come under the misuse of computers act.


Computer Misuse Act (1990)
Section 1:

I too believe this relates to what the media likes to call "hacking", in that the unauthorised access is equivalent to breaking and entering. As the school technically owns the devices it wouldn't be unauthorised. Although I have often wondered about licensed content, for example, if a member of staff was watching a licensed video clip which stated it could only be viewed on one device by one user, surely if I remote view their machine and watch then that would break the license and thus be illegal?... Probably not the case but it does make me wonder.

[shadowx]

Do they have no proper job to be doing?

************ Redacted (though still accurate)

[Edu-IT]

Who? Leadership? Give me a break...

Ouch. ;-)