Easyfix Insurance Company

Jan 2012

Staff Handbook Update LEGAL ISSUES & ETHICAL ISSUES

Rhiannon Jones HR Department

Introduction

In this handbook update you will find the updates for the company’s procedure on Legal and Ethical issues, this short booklet will give you as the employees of Easyfix advice on how to make sure you don’t break the law and/or the company’s procedure on these issues.

This update will also explain to you how breaking the law and/or breaking the procedures for Legal and Ethical issues will impact the way Easyfix as an organisation works.

Contents

LEGAL ISSUES Data Protection Act 1998 Freedom of Information Act 2000 Computer Misuse Act 1990 Health and Safety Act

ETHICAL ISSUES Codes of Practice Organisational Policies Information Ownership

Legal Issues

DATA PROTECTION ACT 1998

The Data Protection Act is used to ensure that pieces of information in a company is kept secure and doesn’t get shared with in appropriate people. In many company’s they will hold information like customers personal details for example Credit card details. Everyone within the company will use this Act it is compulsory for the company to act upon the Data Protection Act to function correctly as a company to protect our clients data, the company will also have confidentiality policies that will work closely with this act. The Data Protection Act principles include; personal data must be processed fairly and lawfully, personal data must be used for specified and lawful purpose, the data must be relevant and not excessive for example if you go to your GP and they ask what grades you have that has no relevance to the visit to the Doctor. The data must be accurate and up to date, data must not be kept longer than necessary, the data must be kept secure, and the data must not be given to or taken anywhere unless the correct protection is assigned. Employees selling customers our insurance policies will be recording important information for example their name, address and bank details. The employee will have to put this onto a database and ensure that it is only available for the people that require it. This procedure is known as Data Protection, this means that only the people that need to know this information will do, doing this minimises the chances of important and confidential information getting to the wrong people. The employee recording this data will have to promise not to take this data any further with 3rd parties. However if clients information is not kept confidential or secure then the clients details could be used to break the law for example the individual that had gathered that information illegally could use it to commit fraud, using the clients bank account details and create a large amount of debts for the client. As a company we would lose many clients over this and potentially lose money though client’s suing us. Too much bad media will result in loss of clients and potential clients which also have a result of money lost which could make the company go bust. Please ensure all Data is protected.

FREEDOM OF INFORMATION ACT 2000 The Freedom of Information Act 2000 was first put into place in January 2005 to provide the general public with the right to access information held by the public authorities. For example everyone has the right to request a copy of their own medical notes/history from the hospital without being asked for a reason why. Easyfix as a company must provide all the information we hold on a customer on request by that customer and to no one other than the customer they must prove who they are by answering the security questions that were set-up when the policy was taken out with us. If the Information goes to the wrong people then they can use the information to commit a crime like fraud. The victim will then take the company to court for not protecting their data.

COMPUTER MISUSE ACT 1990 The Computer Misuse Act 1990 was enforced to prevent computers being used in work places from being damaged or hacked by members of staff an example of this is that if a member of staff used a computer within the work place to look at data that is un-authorised for them to look at, even if they do not do anything with it or use it for anything they are still breaking the Computer Misuse Act. If the person looking at this data does go and use it they are stealing this data. It is an offence to be looking at stealing data with the intention of committing an offence an example of this is looking at people’s bank account details the computers within the company and take money out of their account which will then make it fraud. If the above is not followed then the penalties for committing these offences or similar can result in you getting a disciplinary or getting fired. In some cases it could lead to imprisonment or an unlimited fine.

HEALTH AND SAFETY ACT The health and Safety at Work Act is to protect and secure the health, safety and welfare of persons at work. Employers are required to analysis where their employees will be working and do a risk assessment of the area and evaluate the health and safety conditions of the work place. As a company Easyfix must ensure all employees take regular breaks. When using computers the chairs should be adjustable and the screen should be adaptable if the job includes excessive mouse clicking then you should have a wrist support and same with the keyboard it should have a wrist support on it. Staff are also required not to stand on chairs and tables to reach things they are required to use a step ladder after training has been provided. Below is a detail annotated diagram of how your work space should be like.

Monitor should be just below eye level. Use screen height adjuster to adjust to correct position. Keep the screen clean.

The seat should be adjusted to support your spine and neck having good posture will also avoid injury.

The monitor and keyboard should be right in front of you to avoid twisting.

There should not be any flickering or glare on the screen. Check lights are not directly above you are and check to see if blinds are closed on sunny day.

Adjust the height of your seat so that your arms are level or just above the keyboard and that your wrists are flat if excessive typing and mouse click then add wrist supports to avoid RSI (Repetitive strain injury).

Having the Health and Safety Act in place at Easyfix will ensure all employees are working in a safe environment if this act was not in place and someone hurt themselves the company is liable and would have to pay out compensation for each person who has an injury at work. Using the correct procedure above in the diagram will ensure that you the employees do not suffer from RSI (Repetitive Strain Injury) and require unpaid leave. Please take note of the procedures in place for your own health and safety.

Ethical Issues

CODES OF PRACTICE

EMAIL The purpose of this Code of Practice is to ensure the proper use of the Easyfix email system. All messages distributed via the email system, even personal emails, are property of Easyfix. You must have no expectation of privacy in anything that you create, store, send or receive on the email system. Authorised use includes that Users must take the same care in drafting an email as they would for any other communication. Confidential information should not be sent via email. Although the email system is meant for business use, Easyfix allows personal usage if it is reasonable and does not interfere with work. However, such usage should be as far as possible outside normal working hours. Access to another staff member email box will only be granted with the written consent of the owner of the mail box. Unauthorised use includes you must not send or forward emails containing libellous, defamatory, offensive, racist or obscene remarks. If you receive an email of this nature, you must promptly notify your Line Manager or the Computing Support Team Manager. You must not forward a message or copy a message or attachment which is restricted without acquiring permission from the originator first. You must not send unsolicited email messages or chain mail. You must not forge or attempt to forge email messages, or disguise or attempt to disguise your identity when sending mail.

If you are found to be breaching this code of practice the company reserves the right to take disciplinary action and/or legal action in such instances. INTERNET The purpose of this Code of Practice is to ensure the proper use, by all users, of the internet facilities provided by Easyfix, whether employees, agency staff or visitors. Facilities are provided to employees for use in the discharge of their employment duties within the company. However, some incidental private use may be authorised. All internet users are personally responsible for using the internet in a lawful, efficient, effective and ethical manner. The visiting of sites containing offensive and inappropriate content, such as that regarded as, “adult entertainment” or which portrays violent, racist or other illegal pursuits and

interests is not permitted. Also using the internet at work to download music files and software which is not work related is also not permitted. Easyfix will monitor uses of the internet, but will only do this where it is entitled to do so legally and in compliance with such legislation as The Human Rights Act 1998, the Regulation of Investigatory Powers Act 2000 and the Lawful Business Practice Regulations. Such monitoring will only be undertaken for legitimate operational reasons. Breaches of the rules for internet use set out in this Code of Practice, by employees, may result in Easyfix proceeding under the Disciplinary Rules and Procedures. Where specific criminal conduct is reasonably suspected to have occurred, breaches will also be reported to the Police Authorities.

ORGANISATIONAL POLICIES

Easy fix have many policies about health and safety, code of practice and policies about data protection, computer misuse and freedom of information. We have put these policies to protect you as the employees and to protect our client’s information. If these policies are breached then the company would have no choice but proceed with disciplinary action against you.

INFORMATION OWNERSHIP

Information ownership is based on information you use in your day to day work which makes you responsible for it. The responsibility involves you protecting it for example if the manager for Easyfix was to write an report on a fellow member of staffs progress this report would become confidential in its own right and should only be viewed by selected members of staff. As the manager created this report then she is responsible for protecting this document using appropriate measures. Any information taken from clients is to be kept confidential and you as the taker of the information is responsible for the information and is responsible for keeping in confidential. Confidentiality means that you should ensure that only the appropriate people get to see the document. To achieve this, you would need to make a list of who should be allowed to see the document and then somehow ensure that only these people can see the document. As Easyfixes client’s information is all held on the computer system the IT department will need to secure the information this then makes them the information guardian you still

need to give the department the list of people who are allowed to see that information. If the document is to be stored on a laptop, then you become both the information owner and information custodian. It is your responsibility to guard access to the laptop, in order to protect the information stored on it.

You must also consider where the printed document is to be stored – there is no point in protecting the information on the computer if someone can walk up to your desk and simply read the paper copy! If the information gets seen by the wrong people and they then use it to commit offences the company will get sued by the victim for losing or allowing members of staff or any other persons seeing the confidential information we hold on them. A result of this would mean we will lose clients and lose potential clients for the future. Please follow this procedure as you will be responsible for any breaches of confidentiality on any information taken by you.