In 18 months up to November 2009, the Metropolitan Police Service disciplined 27 police officers for misusing social networking sites.
The disclosure was made in answer to a Freedom of Information request by Lewis PR. Lewis also discovered that the Ministry of Justice has sacked four staff for misusing social media sites.
The MoJ said that 41 staff were subject to disciplinary action for breaches of IT security policy, including misuse of email, internet browsing, incorrect use of passwords and login detail.
In its FOI request to the Metropolitan Police, Lewis asked for its policy on staff access to social networking sites, such as Facebook and Twitter, during work hours for professional and personal reasons, and what disciplinary action has been taken for misuse of social media.
The Met said that 18 officers received written warnings for misusing social networking sites, five were given “words of advice” and four issued with a “formal misconduct” charge. One officer escaped discipline.
The Metropolitan Police Service also disciplined five civilian staff, sacking one of them, for misuse of social media.
Last month Lewis discovered that 16 security breaches at the Ministry of Defence had been via social networking sites.
In the Met Police’s FOI reply, it published useful details from its code of conduct for use of social media:
“Access to social networking sites for personal reasons is not permitted during working hours to any police officer or member of police staff. A number of staff have access to social networking sites for professional reasons having obtained the necessary permission from senior management.”
“The MPS [Metropolitan Police Service] in conducting vetting enquiries may look at any source of information that will assist in determining whether the vetting applicant is suitable for the vetted post applied for. Any research done will be carried out within the limits of that permitted by legislation. Internet research can form part of the vetting checks.
“Posting Information on the World Wide Web for Official MPS Purposes
“Those with an official business requirement to access forums, social networking and/or certain blogging sites, (whether police officers or police staff) may put forward a business case to senior management outlining the reasons why they need Internet access and permission to access these particular types of website. Approval will be sought from the individiual’s line manager confirming the validity of the requirement.
“All MPS police officers and police staff are reminded that if accessing such sites it is expected that they will adhere to the MPS Information Code of Conduct which sets out the policy on the use of MPS Information and information communication and technology systems. The MPS Directorate of Information issues regular reminders to staff on the importance of ensuring they comply with this policy.
“Posting Information on the World Wide Web for Personal Purposes
“All users are reminded that the use of MPS ICT to access the World Wide Web for personal purposes remains prohibited. This includes the activity known as ‘Blogging’ and the use of forums, video sharing and social networking sites, such as Facebook.com and Myspace.com.
“The MPS recognises that some users wish to engage in these activities in their own time, using their own equipment. Whilst there is no intention to restrict any proper and sensible exercise of the individual’s rights and freedoms, it is expected that staff will conduct themselves in such a way as to avoid bringing the MPS into disrepute or compromising its effectiveness or the security of its operations and assets.
“All police officers and police staff, including the extended police family and those working voluntarily or under contract to the MPA, must take account of the following before posting to the Internet, including engaging in blogging or the use of forums, video sharing or social networking sites;
“Whilst it is a personal decision, for security reasons, it is suggested that staff do not disclose their position as an MPS employee or officer. Whatever the decision one should avoid disclosing personal details which may be used for identity theft, or to identify one’s home address or other sensitive details. Do ensure that the privacy settings available on social networking sites are used.
“Irrespective of whether you disclose your position, you must do nothing which risks bringing the MPS into disrepute or compromising its effectiveness or the security of its operations or assets. To do otherwise might lead to disciplinary and/or legal action, with potentially serious consequences.
“If disclosing your association with the MPS, staff must consider whether it is appropriate to discuss their role within the MPS as any information that may compromise police operations or investigations or which breaches the Official Secrets or Data Protection Acts must not be divulged.
“Staff must not divulge any official MPS information, including information obtained through your work for the MPS, nor expand upon MPS information already available in the public domain.
“If staff disclose that they work for the MPS, then it must be made it absolutely clear that any views expressed do not represent the official position of the MPS but are the views of the individual.
“Staff must not use any MPS logo or other copyrighted material.
“Staff may accept payment for their own material produced away from their MPS employment, provided that this has been officially registered and sanctioned as a business interest, and providing the material does not in any way relate to policing. Failure to register and obtain a sanction for a business interest may result in formal disciplinary action being taken.
“Under no circumstances must staff bring the reputation of the MPS into disrepute by making derogatory comments regarding MPS policies/procedures/operations or any other activities.
“In accordance with the MPS Equality Policy and SOP, staff must not display offensive images or make offensive comments, or in any way harass, intimidate, bully, victimize or discriminate against others.
“All MPS police officers and police staff are expected to adhere to the MPS Information Code of Conduct which sets out the policy on the use of MPS information and information communication and technology systems. The MPS Directorate of Information issues regular reminders to staff on the importance of ensuring they comply with this policy plus all other relevant legislation such as the Data Protection Act.
Does your organisation make use of social media to inform the public?
“The Metropolitan Police launched channels on the websites YouTube and Flickr in July 2009 as part of a 6 month pilot programme exploring the use of social media.
“The programme, which is being run by the Directorate of Public Affairs, is intended to help find the best ways of using social media channels to communicate with the public.
“A Met Twitter site was also set up by the CO11 unit during Climate Camp in August 2009, to provide operational updates for participants of Climate Camp. As this was used for a specific purpose this is not currently being used at the moment. We are also looking into ways the MPS can use Facebook pages on a local level.
“The MPS YouTube site can be found at: www.youtube.com/metpoliceservice
The MPS Flickr site can be found at: www.flickr.com/photos/metropolitanpolice
Keith Crosley, director at email security specialist Proofpoint, said: “It is worrying that so many personnel who work in two of the UK’s leading law enforcement agencies are bringing them into disrepute, if not risking operational security by the way they conduct themselves online.
“The public wants to be able to trust all employees in such sensitive jobs and doesn’t want them playing fast and loose when they log onto their computers. Police officers and Ministry of Justice officials are supposed to be upholding the rules and regulations – not breaking them.”
Crosley added: “People post a wealth of information about themselves and their employers on Facebook. The Met and MoJ are not alone in dealing with these issues. Proofpoint’s own research has found that 17 per cent of organisations investigated a leak of confidential information via a social networking site, and 10 per cent have disciplined an employee for violating social networking policies in the past year.
“Although these departments have rules in place regulating the use of social networking sites by personnel, data breaches are still occurring and more needs to be done to prevent them.
Educate rather than ban
“However, restricting access is clearly not the way forward as it’s impossible to stop people using social media tools at work.
“It makes more sense to educate employees about the risks, rather than implement an outright ban.
“The Met and MoJ need to be far more vocal about policies that are already in place and the punishments for not following the rules.”
Mod admits 16 security breaches were via social networking sites – IT Projects Blog
Why your boss should let you use Facebook – SmartBlog on Social Media
Data losses may jeopardize lives says Information Commissioner – IT Projects Blog
Employees disciplined for Facebook posts – HR Morning.com
Yorkshire police staff disciplined for misuse of systems – Yorkshire Post