{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Online Safety Policy

1. Purpose

The purpose of this policy is to establish clear guidelines for the safe and responsible use of the internet and digital technologies within {{org_field_name}}, ensuring that all residents, staff, and visitors are protected from online risks while maintaining confidentiality, safeguarding, and professional standards.

This policy aims to:

• Protect residents, staff, and visitors from online risks, including fraud, cyberbullying, and inappropriate content.
• Ensure compliance with Care Inspectorate Wales (CIW) regulations, GDPR, and UK safeguarding laws.
• Establish clear procedures for secure internet access, social media use, and digital communication.
• Prevent data breaches, cyber threats, and misuse of online platforms.
• Provide training and awareness on online safety best practices.

2. Scope

This policy applies to:

• All employees, including permanent, agency, and voluntary staff.
• Residents, ensuring their safe and responsible use of the internet.
• Visitors and external professionals, setting guidelines for online access within the care home.
• Company-issued digital devices, including tablets, phones, and computers.

3. Related Policies

This policy aligns with:

• Confidentiality and Data Protection (GDPR) Policy (CHW34).
• Safeguarding Adults from Abuse and Improper Treatment Policy (CHW13).
• Communication and Engagement with Service Users and Families Policy (CHW42).
• Mobile Devices (Phones and Tablets) Policy.
• Whistleblowing (Speaking Up) Policy (CHW29).

4. Risks and Challenges of Online Use in Care Settings

The use of the internet in a care home setting presents various risks, which this policy is designed to address:

4.1. Data Protection and Confidentiality

• Personal and sensitive data about residents must not be shared online.
• Staff must not discuss resident care or workplace matters on social media.
• Resident digital records and care plans must be securely stored with access control.

4.2. Cybersecurity Threats

• Risks include phishing attacks, malware, and hacking attempts.
• All staff using company-issued devices must follow cybersecurity training.
• Firewalls and secure password policies are in place to protect company networks.

4.3. Online Exploitation and Abuse Risks

• Vulnerable residents may be at risk of financial scams, online abuse, or inappropriate content.
• Staff must monitor unusual online behaviour and report any safeguarding concerns.
• Clear guidelines exist to ensure that residents use the internet safely.

4.4. Misuse of Social Media and Messaging Apps

• Staff must not share resident photos or information on social media.
• Inappropriate conversations between staff and residents online are strictly prohibited.
• Residents and families are advised on safe social media use.

5. Managing Online Safety in the Care Home

5.1. Internet and Wi-Fi Access

• Secure Wi-Fi networks are provided for staff, residents, and visitors.
• Separate networks exist for personal and work-related use.
• Internet access may be restricted for safety, blocking inappropriate websites.

5.2. Use of Digital Devices (Tablets, Phones, and Computers)

• Residents are encouraged to use devices safely and responsibly.
• Staff must supervise internet use for residents at risk of scams or abuse.
• Company-issued devices must be used for work purposes only.

5.3. Social Media Guidelines

For Staff:

• No sharing of work-related or resident information on personal social media.
• No online contact with residents or their families outside of professional platforms.
• Report any inappropriate or concerning online content that could affect resident safety.

For Residents:

• Residents will be supported to set up privacy settings on social media.
• Staff will provide guidance on recognising fake profiles and scams.
• Any cases of online abuse or cyberbullying will be reported to management immediately.

5.4. Email and Digital Communication

• All professional communication must be through work emails or secure platforms.
• Staff must not share confidential information via personal emails or messaging apps.
• Encrypted emails must be used when sharing sensitive information externally.

6. Staff Responsibilities in Online Safety

6.1. General Responsibilities

• Staff must follow online safety training and report concerns immediately.
• No unauthorised downloading of software on company devices.
• Regular updates on cybersecurity threats and best practices must be provided.

6.2. Reporting Online Safety Issues

Staff must report:

• Suspected data breaches or cyberattacks.
• Inappropriate online activity involving residents.
• Concerns about a resident’s online behaviour (e.g., being targeted by scammers).

Reports should be made to the Registered Manager or Data Protection Officer.

7. Resident Online Safety and Support

7.1. Helping Residents Stay Safe Online

• Staff provide guidance on online safety and fraud awareness.
• Residents are encouraged to use strong passwords and privacy settings.
• Staff will help residents identify online scams and report suspicious activity.

7.2. Supporting Residents with Cognitive Impairments

• For residents with dementia or learning disabilities, internet access may be supervised.
• Families may be involved in helping manage online access.
• Pre-approved websites and content filters may be used to protect vulnerable residents.

8. Cybersecurity Measures

To protect residents, staff, and data, {{org_field_name}} implements strict cybersecurity protocols:

• Strong password policies for all staff and company devices.
• Regular security updates and software patches for all systems.
• Antivirus and firewall protections on all company devices.
• Regular cybersecurity training for staff.

9. Monitoring and Compliance

9.1. Internal Audits and Inspections

• Quarterly audits are conducted to assess online safety compliance.
• CIW inspectors may review online safety protocols and data protection policies.
• Staff feedback is used to improve online safety training.

9.2. Disciplinary Actions for Policy Breaches

Breaches of this policy may result in:

• Formal warnings or retraining.
• Loss of digital access privileges.
• Dismissal for serious breaches (e.g., data leaks, safeguarding failures).

10. Policy Review

This policy will be reviewed annually or sooner if:

• CIW regulations change.
• New cyber threats emerge requiring updated safety measures.
• Incidents highlight areas for improvement.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.