DWP guidance revised
DWP guidance for ‘How to: Deal with breaches of information security’ has been revised following consultation with the Departmental Trade Union Side (DTUS). These changes have not been agreed with PCS but the abolition of a ‘misdirected post’ offence is recognised as a welcome improvement in disciplinary guidance.
Misdirected post offence abolished
Information Security Scenario Matrix example 3.2, for misdirected post, now confirms that there is No Misconduct in cases where an employee posts personal or sensitive information containing no more than the name and NINO, and about no more than one customer, to either the right customer at the wrong address or the wrong customer.
This scenario was treated as serious misconduct with a possible outcome of a Final Written Warning. Operational guidance, in a Gatekeeper Memo dated 8 January 2015, has been issued to advise managers to consider closing down any cases where disciplinary action has been invoked as a result of such a postal security incident on or after 5 December 2014.
DWP will not agree to withdraw live warnings but does accept that the abolition of this offence will have immediate effect on current decision making including appeals.
Other offences revised and clarified
Other examples of offences in the Information Security Scenario Matrix have been revised and clarified. These include:
- Browsing & unauthorised access to records Scenarios 1.2 and 1.3
- Sending emails Scenario 2.3 and 2.4
- Misdirected post Scenario 3.1
The standard for decision making has also been clarified so that guidance for Potential Outcomes now uses the term ‘if the manager has good reason to believe’ to support evidence based decision making. Browsing & unauthorised access under Scenario 1.3 now confirms that Serious rather than Gross misconduct applies where unlike scenario 1.2, that involved multiple records or multiple accesses to the same record, under this scenario the employee accessed only one record, on only one occasion. Sending emails Scenario 2.3 clarifies when minor misconduct would be appropriate. Misdirected post Scenario 3.1 clarifies the distinction between serious and minor misconduct.
No comments:
Post a Comment