UCL Information Security Policy
The Policy sets out the rules by which users of our systems must abide. The Policy applies to all computers in the College - those that are centrally managed, those that are located in departments, and even privately owned systems when connected to the College network.
As well as defining what constitutes acceptable use, the Computing Regulations (supporting policy 2) indicate the consequences of breaking the rules.
Since in very serious cases this can mean dismissal or criminal prosecution, it's important to be familiar with the entire Policy.
Many individuals and organisations seek to limit liability arising from their e-mail communications by the use of disclaimers. There is little case law in this area to indicate the validity of such attempts; current UCL policy is to discourage the use of e-mail disclaimers.
UCL Human Resources suggest that where disclaimers are used they should appear at the top of messages to increase their visibility.
- Sample Email Disclaimer
"Communications on or through UCL's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes.
Unless otherwise agreed expressly in writing by an officer of UCL, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee or agent is authorised to conclude any binding agreement on behalf of UCL with another party by e-mail without express written confirmation by an officer of UCL.
Employees of UCL are required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by e-mail communications. Any such communication is contrary to organisational policy and outside the scope of the employment of the individual concerned. UCL will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liability arising."
Where computer systems have the facility to display so-called login banners - short texts shown when a user attempts to access the system - it is recommended that these are used to convey important information about UCL Policy.
Electronic Privacy Information Center (EPIC)
EPIC's website is one of the most comprehensive collections of information about protecting your personal privacy online. Its guides to Practical Privacy Tools and to Privacy Resources are particularly useful.