To: All UCL Staff and Students
In accordance with current legislation* I would like to draw your attention to UCL's policy and practice regarding the monitoring of communications made using its computer and telecommunication systems. Routine monitoring, carried out with the purpose of ensuring that our systems are performing properly, normally involves only aggregate anonymous data and does not identify individuals or the contents of their communications. Keeping count of the number of e-mail messages passing through College servers is an example of this type of activity. However, there are circumstances where UCL may collect information which can be associated with an individual's communications. This may be done, for instance, to prevent or detect crime; to investigate or detect unauthorised use, including the use of systems outside UCL; or if it is necessary to ensure the effective operation of our systems.
It is important to be aware that communications on or through University College London's computer and telecommunication systems may be monitored or recorded to secure effective system operation and for other lawful purposes.
Such monitoring or record keeping must be properly authorised (by head of department, by the head of UCL's computer security team, or by the appropriate UCL officer) and comply with other relevant legislation - notably the Data Protection Act 1998 and the Human Rights Act 1998. In the absence of proper authorisation, monitoring may itself give rise to criminal or civil liability on the part of the person carrying it out.
A very clear document containing examples of how the legislation applies in practice has been produced by the Joint Information Systems Committee, which promotes the use of information systems and information technology in Higher and Further education across the UK. It can be downloaded from
http://www.jisc.ac.uk/pub01/smbp14.pdf
For further information please contact me at the address below.
Robert Hart
---
Robert Hart
Computer Security Team
Education & Information Support Division
University College London
London WC1E 6BT
Email: r.hart@ucl.ac.uk
Phone: +44 (0)20 7679 7338
PGP public key from http://www.ucl.ac.uk/cert
Communications on or through University College London's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes.
Unless otherwise agreed expressly in writing by an officer of University College London, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee or agent is authorised to conclude any binding agreement on behalf of UCL with another party by e-mail without express written confirmation by an officer of the College.
Employees of University College London are required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by e-mail communications. Any such communication is contrary to organisational policy and outside the scope of the employment of the individual concerned. UCL will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liability arising.