Office of Police and Crime Commissioner – Devon & Cornwall Policy Cover Sheet Policy Name:
Use of Online Social Media Policy
11 March 2016
Eleanor Tanner, Office Manager
Policy Authorised by:
Andrew White, Chief Executive
Policy Sign off Date:
18 March 2016
Policy signed off by:
Andrew White, Chief Executive
11 March 2016
Restricted Uncontrolled version copy when printed 1
Office of the Police and Crime Commissioner – Devon & Cornwall Use of Online Social Media Policy Version dated: Content List: 1 Policy Statement / Intentions 2 Introduction 3 Procedures 4 Audit/Assessment Compliance 5 Monitoring 6 Review and Ownership Annexe 'A' 1.
Policy Statement / Intentions
The Office of the Police and Crime Commissioner fully supports the use of online social media technology to promote the work of the OPCC, the PCC and his / her Police and Crime Plan and to improve public confidence and satisfaction in the Police Service. This policy describes the OPCC’s expectations in regard of the effective, safe use of this media.
For the purposes of this policy, online social media is a category of online media where people are talking, participating, sharing, networking, and bookmarking online.
There is a wide variety of social media, ranging from social sharing sites such as YouTube and Flickr through social networks such as LinkedIn and Facebook. The OPCC’s primary platforms will be Facebook, Twitter and YouTube.
The use of this media may leave an individual or the OPCC at risk from a range of threats. The sources of threat are varied and can range from individuals with a grudge through to serious and organised crime, political activists, terrorists or foreign governments. Current national evidence suggests that these groups are making use of social media sites to identify individuals who might be vulnerable to subversion, coercion or could be a possible target of attack.
This policy aims to reduce the likelihood of exposure to these threats through the adoption of best practice from a variety of sources.
This policy is supported by the police force online social media guide published by the Force Corporate Communications Department.
Restricted Uncontrolled version copy when printed 2
[FOIA - Open]
[FOIA - Open]
The personal use of online social media sites using Force / OPCC ICT systems is not supported by the OPCC. More details regarding the Force Internet and Email Acceptable Use Policy is available on the Force Intranet – see Information Security Working Practice No.9
Employees and contractors to the OPCC are expected to follow the standards of professional behaviour when conducting themselves, this equally applies to private use of online social media. Guidance is available at Annexe A to this policy.
Use of online social media (OSM) increases the accessibility of the OPCC by providing another method of access and feedback to our work especially for hard to reach audiences.
Social media websites will be used by the OPCC for:
Engaging with communities with relevant targeted information
Responding to community tensions as they occur
Supporting any targeted crime prevention messages which are promoted by police and partners
Responding to and correcting inaccuracies published by others
As a cost effective method of public consultation be that formal or informal
Appealing for information to often hard-to-reach audiences that don’t engage with traditional media e.g. newspapers, broadcast news etc.
Publishing and promoting our corporate ‘news’ messages to online communities which may not access traditional media.
Publishing and promoting our own selected photos/videos for appeals before journalists source photos that might suggest a different message to the one that will assist an investigation
Signposting visitors to both the OPCC’s and the Force’s website and the neighbourhood policing website.
No cost channels of communication campaigns
Promotion of OPCC events and to encourage the public towards attending
Enabling us to recognise wider/national issues that may impact on the OPCC or Force reputation
The communications team will monitor the OPCCs use of social media. The risk management of OPCC information assets falls within the remit of the chief executive.
This policy describes the only approved methods by which online social media may be used to support OPCC business objectives.
Restricted Uncontrolled version copy when printed 3
There are three key vulnerabilities associated with the use of online social media which if exploited could seriously damage the reputation of the OPCC, public confidence in the OPCC and / or the police force, or affect individual employee security; The publication of inappropriate, incorrect or sensitive content, Inappropriate interactions between users, Technical vulnerabilities associated with their propensity to spread computer viruses (malware), and aid online fraud (including phishing attacks) and unsolicited email (spam.)
The use of online social media for personal use must be in line with the Police Force Internet and Email Acceptable Use Policy (Information Security Working Practice No.9.) Line managers must set their expectations upon their teams to avoid misuse.
The use of any Force / OPCC ICT system for private business or personal gain is prohibited.
Users of online social media for personal (private) use on their own ICT systems are advised to follow the guidance at the annexe to this policy.
An online presence in any form that makes a representation on behalf of the Office of the Police and Crime Commissioner must be authorised by the communications team, and / or be supported by a manager.
Considerations will be: What is the target audience? What is the desired outcome? Is this the most appropriate medium to reach the audience and achieve desired outcome? Does content engage with users, and promote two-way communication? How will communication be measured and evaluated? How will the method be promoted? Is there appropriate long or short term commitment to request? What is the appropriate branding?
Wherever possible, staff requesting new social media sites will be encouraged to use the official social media websites/ applications of the OPCC communications team rather than allowing additional bespoke social media websites/ applications to be created.
If there is an approved business case for a bespoke social media presence, this will be undertaken initially as a pilot in partnership with the communications team and regularly reviewed and evaluated. The communications team has authority under this
Restricted Uncontrolled version copy when printed 4
[FOIA - Open]
Restricted policy to disable a pilot site at any given time without prior notice if it is not consistent with the corporate communications strategy. 2.9
Social media is to be considered a public media and as such must not be used to disclose or process sensitive information including; Protectively marked information (Protected, Restricted or higher), Information that could identify (directly or by inference) living persons, Operationally sensitive information, Commercially sensitive information, Information that may be subject to copyright or intellectual property rights.
2.10 Where there is doubt regarding the type of information being considered for release, appropriate advice must be sought from the chief executive and or a line manager. 2.11 Any use of social media sites should take into account the context and rules of the type of media in use. Consideration should be given to the sensitivity of the target audience. 2.12 Personal opinions or expression should be avoided. Good judgement should be exercised. 2.13 All use of social media must be attributed to an individual who is accountable for that use. 2.14 Contingency should be put in place before using a site or service to ensure that content can be removed if it becomes compromised. 2.15 All suspected or actual compromises or abuse should be reported to the chief executive, who will also inform the Force Information Assurance Department (advice line on extension 23777 or email ‘Mailadmin’). 2.16 All use of social media is subject to the Police Force Lawful Business Monitoring Policy (D338).
Audit/ Assessment compliance
This policy has been drafted and audited to comply with the principles of the Human Rights Act. Equality and diversity issues have also been considered to ensure compliance with Equality legislation and policies. In addition, data protection, freedom of information, management of police information and health and safety issues have been considered. Adherence to this policy will therefore ensure compliance with the relevant legislation and internal policies.
Restricted Uncontrolled version copy when printed 5
Compliance with the requirements of the policy will be monitored via: a. Incident reporting and escalation procedures; b. Internal information security audits;
Review and Ownership
Ownership of this policy is the responsibility of the chief executive.
This policy will be reviewed annually.
Restricted Uncontrolled version copy when printed 6
Annexe A –Online Social Networking Safety Useful guidance on the Force Intranet This guidance is for all users of online social networking sites such as Facebook, Bebo, LinkedIn and others. For more detailed advice, the Police Force Information Assurance Unit should be consulted. The Force ICT network systems provide some of the best security measures available to protect users and Force systems from online threats; however they cannot prevent all known and unknown threats. Users must be cautious and vigilant when using any service provided by The Internet.
Downloading attachments Never click on, or download attachments in other people's profiles. They will most likely contain illegal content or be harmful to Force systems. There have been numerous examples of computer viruses or Trojans downloaded.
Networking might mean employees "not working" This type of communication can be addictive and people might spend more time than they realise, thus breaching limited use policy (see above). Large scale usage can even slow the Force network system affecting the legitimate work of others.
An electronic footprint is everlasting Once information is available online it can be captured by anyone worldwide and stored for any length of time. Users wishing to delete accounts from social networking sites have found that it is almost impossible to remove secondary information linked to their profile such as public comments on others profiles.
Privacy controls are often not set as default Although privacy controls might be available, they are often not set as the default, so users need to be proactive in applying privacy settings. Personal details and confidential information might otherwise be unwittingly disclosed leading to identity fraud or physical harm to individuals.
Risk of making disparaging comments Socialising in such a way, which might feel "private" amongst "friends" can lull people into a false sense of security and they might make disparaging comments that might be offensive to an employee or the public. If you wouldn't say it to your boss or your grandmother, don't say it online. Restricted Uncontrolled version copy when printed 7
Friends or enemies? It is often easy to become someone's friend under false pretences so even having applied privacy controls this won't be effective once you let someone in. Statistics suggest that stalking using social networking is increasing. A survey found that 29% of adults admitted to searching for "exes". Serious and organised criminals and terrorists have been found to use social networking sites to identify targets for subversion, blackmail or attack.
Posting attachments Never upload (post) attachments such as Word documents, Spreadsheets or Force information. As described above, you can never be sure who is looking at your profile and anyone can take copies of your attachments. Avoid posting pictures that you would not want the world to see.
Contingency Plan Many online social networking sites have been targets of malicious attacks leading to exposing users’ information to criminal communities. Always consider your contingency plan in the event of a site that you use being attacked or compromised.
Useful Sources Of Information
Force Information Assurance Unit
IA Portal on the Force Intranet Extension 23777 or email Mailadmin
Force Online Investigation Team
Extensions: 3737 or 3735 Email: DC 3479 Bergman or DC 3349 Wright Intranet: eCrime
Digital Media, Corporate Communications
Extension 22255 or email websitemessaging
Force Anti-Corruption confidential reporting
01752 701527 Email Anti Corruption Intelligence Unit
Get Safe Online (UK Government)
Restricted Uncontrolled version copy when printed 8