My Department has in place a social media usage policy to guide staff when using social media in a private capacity when at work. The aim of the policy is to protect staff, the reputation of the Department, and the security and integrity of the Department’s computer networks. The policy is available on the Department’s intranet and applies to all permanent and contract staff. A limited amount of personal use of the internet and social media is permitted on the Department’s equipment, provided that a number of rules, as outlined in the policy, are observed. Any breaches of policy may result in sanctions under the Civil Service Disciplinary Code: www.gov.ie/en/circular/7dc8d03f09c943d3b95d561f8b05c684/ .
The National Cyber Security Centre, which is part of my Department, issues guidance to Government Departments and office holders on the security of mobile devices. This guidance is based on risk assessments appropriate to the circumstances and is kept under continuous review by the NCSC.
Earlier this month, the NCSC reviewed and updated its current mobile phone guidance for Government officials. The new guidance recommends that officials strictly limit their use of third-party apps on official devices, particularly apps such as social media, gaming, gambling or fitness apps. The guidance also provides advice to officials on precautions to take regarding their devices while travelling.
The NCSC is presently working on a comprehensive guidance document on device security for public sector bodies in Ireland, which will include mobile phones. This work is being conducted with the assistance of the Data Protection Commission and other State bodies, together with information gathered from international partners. This work has been underway for some time and will conclude in the coming months.