Idle Browsing

Lucas made this Rhyddid Gwybodaeth request to Public Prosecution Service Northern Ireland

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

Roedd y cais yn llwyddiannus.

Dear Public Prosecution Service Northern Ireland,

I wish to make a freedom of information request for the following information:

How do you deal with an employee accused of and/or suspected of 'idle browsing' on computer systems. By idle browsing, I mean looking at information out of human curiousity.

How many cases of 'idle browsing' have the pps prosecuted since 2007 to present?

What is the PPS's policy on 'idle browsing' by their own employee's?

Yours faithfully,

Lucas Leigh

Dear Public Prosecution Service Northern Ireland,

Please acknowledge my foi request.

Yours faithfully,

Lucas

Grant, Peter, Public Prosecution Service Northern Ireland

Mr Leigh, thank you for your request for information received on 29th
June 2010. You asked for the following information:-

1. How do you deal with an employee accused of and/or suspected of
'idle browsing' on computer systems. By idle browsing, I mean looking at
information out of human curiosity.

2. How many cases of 'idle browsing' have the pps prosecuted since
2007 to present?

3. What is the PPS's policy on 'idle browsing' by their own
employee's?

This request has been dealt with under the terms of the Freedom of
Information Act 2000.

In relation to points 1 and 3 of your request I must inform you that the
term 'idle browsing' is not term with which the PPS is familiar. The PPS
Information Communication Technology policy states that individuals who
"Knowingly seek to access data which you know, or ought to know, to be
confidential and therefore would constitute unauthorised access" will be
dealt with under the Northern Ireland Civil Service disciplinary
procedures.

Use of all PPS electronic communication including the PPS Telephone and
Data Network, the PPS Case Management System (CMS), the PPS Website, the
PPS Intranet and external and internal electronic mail (collectively
known as Information and Communication Technology) is governed by the
'Use of PPS ICT Policy'. The policy applies to all business functions
within the PPS and covers the information, information systems,
networks, physical environment and relevant people who support those
business functions.

In addition to this ICT policy the use of PPS ICT is subject to European
/ UK / NI Law and the PPS Code of Ethics and the NICS Staff Handbook.

The broad principles underlying the use of ICT policy are that:

- ICT may only be used in a manner that is consistent with PPS business
and as part of the normal execution of the user's role and
responsibilities.

- Users of ICT will at all times conduct themselves honestly, accurately
and appropriately. All existing PPS policies relating to personal
conduct apply equally to the users of ICT. Particularly relevant are
those that deal with intellectual property protection, privacy, misuse
of PPS resources, sexual harassment, information and data security, and
confidentiality.

Failure to comply with the contents of the policy may lead to
disciplinary action. In addition, should the conduct and actions of the
user(s) be unlawful or illegal, the employee/user may be held personally
liable through criminal or civil proceedings.

With regard to point 2 of your request I must inform you that there is
no offence in law of 'idle browsing', consequently there have been no
prosecutions for 'idle browsing'.

If you are dissatisfied in any way with the handling of your request,
you have the right to request a review in accordance with our review
procedure. In the event that you require a review to be undertaken, you
can do so by writing to the Assistant Director (Policy), Public
Prosecution Service, Belfast Chambers, 93 Chichester Street, Belfast,
BT1 3JR or alternatively by sending an e-mail to [email address]. You
should state clearly the grounds on which you are requesting the review.

Alternatively, you may wish to apply directly to the Information
Commissioner for a decision.

The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Yours Sincerely,

Peter Grant
Departmental Records and Information Manager

dangos adrannau a ddyfynnir

Dear Grant, Peter,

thank you for your response to my foi request. Further to this, I would request some clarification on some of the points as follows:

You state that 'The PPS
Information Communication Technology policy states that individuals who
"Knowingly seek to access data which you know, or ought to know, to be
confidential and therefore would constitute unauthorised access"'

Based on this response:

1/ How is 'ought to know' defined by the PPS. How is it determined that an employee of the PPS 'ought to know', and what factors are considered when determining this?

2/Is unauthorised access committed by a PPS employee by viewing information from a PPS data base which
theemployee is authorised by the data controller to use i.e. they have been allocated a unique password.

3/ How is unauthorised access of PPS ICT defined by the PPS?

4/ The Information Commissioners Office have instructed that viewing of information with no personal purpose or intention to use the data (i.e. idle browsing or out of curiousity)does not constitute an infringement of the data protection act. Do the PPS agree with and follow the ICO's interpretation and guidance on this matter in their ICT and data Protection policies?

5/ What disciplinary measures would be taken against a PPS employee for viewing of information unrelated ot their work, using PPS ICT, for which they have a password.

I look forward to hearing from you soon

Yours sincerely,

Lucas Leigh

Grant, Peter, Public Prosecution Service Northern Ireland

Mr Leigh, thank you for your request for further information received on
2nd July 2010. You asked for the following information:-

1/ How is 'ought to know' defined by the PPS. How is it determined that
an employee of the PPS 'ought to know', and what factors are considered
when determining this?

PPS policies and procedures for ICT access are circulated to all
employees and posted on our Departmental intranet. When a policy or
procedure is published, this is communicated to staff and it is the
responsibility of staff to ensure they have read and understood it.
Failure to do so, will not be considered an adequate defence for failing
to comply.

2 /Is unauthorised access committed by a PPS employee by viewing
information from a PPS data base which the employee is authorised by the
data controller to use i.e. they have been allocated a unique password.

The PPS network is password controlled and users only have access to the
applications and databases which they require to do their jobs. As
already noted in previous correspondence, all access to the PPS network
must be in line with the Use of ICT policy which states that "ICT may
only be used in a manner that is consistent with PPS business and as
part of the normal execution of the user's role and responsibilities".
Access that falls outside this, unless specifically permitted by the Use
of ICT policy, is considered to be unauthorised.

3/ How is unauthorised access of PPS ICT defined by the PPS?

Please see the response to 2 above.

4/ The Information Commissioners Office have instructed that viewing of
information with no personal purpose or intention to use the data (i.e.
idle browsing or out of curiosity) does not constitute an infringement
of the data protection act. Do the PPS agree with and follow the ICO's
interpretation and guidance on this matter in their ICT and data
Protection policies?

The ICO's interpretation as I understand it, is that "Idle browsing" (as
you describe it), does not constitute an offence for which an individual
can be prosecuted under the Data Protection Act. The PPS accepts this
interpretation. However, the lack of a criminal offence does not
preclude a data controller from introducing policies and procedures to
prevent "idle browsing" or other forms of unauthorised access. In fact,
as a data controller we are required to follow Data Protection Principle
7 which states that "Appropriate technical and organisational measures
shall be taken against unauthorised or unlawful processing of personal
data and against accidental loss or destruction of, or damage to,
personal data." We have therefore implemented various technical and
other measures to ensure that the data we control is processed according
to the data protection principles. Our Use of ICT policy [and other
policies and procedures] forms part of these measures.

5/ What disciplinary measures would be taken against a PPS employee for
viewing of information unrelated to their work, using PPS ICT, for which
they have a password.

All disciplinary action in the PPS is covered by the NICS Code.
Disciplinary proceedings are detailed in Section 6.03(
http://www.dfpni.gov.uk/6.03_discipline.... ). Section 2.3.1(d) states
that "there is no rigid code which automatically assigns specific
penalties to particular offences." It would not be appropriate to
speculate in advance what action would apply in a particular case as
each case would need to be considered on its own facts.

If you are dissatisfied in any way with the handling of your request,
you have the right to request a review in accordance with our review
procedure. In the event that you require a review to be undertaken, you
can do so by writing to the Assistant Director (Policy), Public
Prosecution Service, Belfast Chambers, 93 Chichester Street, Belfast,
BT1 3JR or alternatively by sending an e-mail to [email address] You
should state clearly the grounds on which you are requesting the review.

Alternatively, you may wish to apply directly to the Information
Commissioner for a decision.

The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Yours Sincerely,




Peter Grant
Departmental Records and Information Manager

dangos adrannau a ddyfynnir

Gadawodd Martin McGartland anodiad ()

THE HMG COVER-UP: http://www.youtube.com/watch?v=1NtCYswQk... On the 8th of August 1991 I was kidnapped by two convicted IRA terrorists, Jim McCarthy (CRJ); https://www.facebook.com/pages/Jim-McCar... and Paul 'Chico' Hamilton; https://www.facebook.com/pages/Paul-Chic... and held at gun-point, I escaped by jumping from the flat window. However, for the past 20 years the PSNI (and RUC), PPS, MI5 and other organs of HMG have been protecting both men. The PPS and the PSNI continue to this day to cover-up my kidnapping, as above request shows. Here is more info on same: https://www.facebook.com/pages/PSNI-PPS-...
https://www.facebook.com/pages/Corruptio...
http://www.scribd.com/doc/48716043/ALSO-...

Long runs the Fox.

www.martinmcgartland.co.uk

http://www.causes.com/causes/548596

http://www.amazon.co.uk/Fifty-Dead-Men-W...

https://www.facebook.com/BritishAgents