|
ISPA Code of Conduct:
This Code of Conduct and the related documents were formally adopted by ISPA during its Annual General Meeting on 2002-09-12. Significant revisions were made by the Code of Conduct working group on 2007-01-31 in order for the Code of Conduct to comply with the guidelines for the recognition of an Industry Representative Body in terms of the ECT Act. The revised Code of Conduct was formally adopted by ISPA at a General Meeting on 2007-02-28.
Freedom of expression
1. ISPA members must respect the constitutional right to freedom of speech and expression.
Privacy and confidentiality
2. ISPA members must respect the constitutional right of Internet users to personal privacy and privacy of communications.
3. ISPA members must respect the confidentiality of customers' personal information and electronic communications, and must not gather, retain, sell or distribute such information to any other party without the consent of the customer, except where required to do so by law.
Consumer protection and provision of information to customers
4. ISPA members must provide the following information on their web sites: their registered name, email address, telephone and fax numbers and physical address.
5. ISPA members must inform their customers that members of ISPA must uphold and abide by this Code of Conduct. Members' web sites must include a prominent copy of ISPA’s logo and a link to the Code of Conduct.
6. ISPA members must have an Acceptable Use Policy (AUP) for their Internet access services. This policy must be made available to customers prior to the commencement of any such service agreement and at any time thereafter, on request.
7. In their dealings with consumers, other businesses, each other and ISPA, ISPA members must act fairly, reasonably, professionally and in good faith. In particular, pricing information for services must be clearly and accurately conveyed to customers and potential customers.
8. ISPA members may only offer service levels which are reasonably within their technical and practical abilities.
9. ISPA members must comply with all compulsory advertising standards and regulations.
Standard terms and conditions
10. ISPA members must provide access to their standard terms and conditions on their web sites. These terms and conditions must be available to any potential customer prior to the commencement of any contract.
11. Standard terms and conditions must contain:
- All information and terms relevant to the relationship with the recipient of the service;
· a requirement that the customer will not knowingly create, store or disseminate any illegal content;
· a commitment to lawful conduct in the use of the services, including copyright and intellectual property rights; and
· an undertaking not to send or promote the sending of spam.
12. Standard terms and conditions must give an ISPA member the right to remove any content hosted by that member which it considers illegal or for which it has received a take-down notice.
13. Standard terms and conditions must give the ISPA member the right to suspend or terminate the service of any customer that does not comply with the terms and conditions, Acceptable Use Policy or any other contractual obligations.
Unsolicited bulk mail (“spam”)
14. ISPA members must not send or promote the sending of unsolicited bulk email and must take reasonable measures to ensure that their networks are not used by others for this purpose.
15. ISPA members must provide a facility for dealing with complaints regarding unsolicited bulk email originating from their networks and must react expeditiously to complaints received.
Cyber crime
16. ISPA members must take all reasonable measures to prevent unauthorised access to, interception of, or interference with any data on that member’s network and under its control.
Protection of minors
17. ISPA members must take reasonable steps to ensure that they do not offer paid content subscription services to minors without written permission from a parent or guardian.
18. ISPA members must provide Internet access customers with information about procedures and software applications which can be used to assist in the control and monitoring of minors' access to Internet content. This requirement does not apply to corporate customers where no minors have Internet access.
Lawful conduct
19. ISPA members must conduct themselves lawfully at all times and must co-operate with law enforcement authorities where there is a legal obligation to do so.
20. ISPA members must respect intellectual property rights and not knowingly infringe such rights.
21. ISPA members must uphold and abide by this Code of Conduct and adhere to the associated complaints and disciplinary procedures.
Unlawful content and activity
22. There is no general obligation on any ISPA member to monitor services provided to customers, but a member is obliged to take appropriate action where it becomes aware of any unlawful content or conduct.
23. ISPA members must not knowingly host or provide links to unlawful content, except when required to do so by law.
24. If an ISPA member becomes aware of conduct or content which has been determined to be illegal, it must suspend or terminate the relevant customer’s service and report the conduct or content to the relevant law enforcement authority. The ISPA member must report such cases and any action taken to ISPA within a reasonable period of time.
25. ISPA members must establish notification and take-down procedures for unlawful content and activity, and respond expeditiously to such notifications.
26. ISPA members must submit a report to ISPA on the steps taken in response to a take-down notice within a reasonable period of time after such a notice is lodged.
27. ISPA members must keep a record of all take-down notices received and any materials taken down for a period of at least three years unless possession of such materials is illegal.
Internet standards
28. ISPA members must operate with due regard for established Internet best practices, as set out in the various request for comment (RFC) documents and as mandated from time to time by established and respected Internet governance structures.
Compliance with the Code of Conduct
29. ISPA members must receive and investigate complaints made in accordance with this Code of Conduct, unless such complaints are frivolous, unreasonable, vexatious or in bad faith.
30. ISPA members must make all reasonable efforts to resolve complaints in accordance with the complaints procedure.
31. ISPA members must co-operate with ISPA in accordance with the complaints and disciplinary procedures and comply with any decisions taken by ISPA with respect to the Code of Conduct.
32. ISPA members must submit an annual statement to ISPA confirming their compliance with the Code of Conduct.
33. ISPA may audit the compliance of ISPA’s members with the Code of Conduct.
Alterations
34. ISPA reserves the right to make alterations to this Code of Conduct from time to time. Such amendments are binding on all ISPA members. The current Code of Conduct will be maintained on the ISPA's web site.
Annexure “B”
Code of Conduct complaint and disciplinary procedure
This is a procedure for handling complaints that one of ISPA's members has breached the Code of Conduct.
1. A complaint is initiated against a member of ISPA. This complaint must be submitted via email or via the ISPA web site and will be processed by a Code of Conduct compliance officer appointed by ISPA.
2. The complaint must contain the following information:
· The name of the service provider against whom the complaint is being made
· The full names, address and contact details of the complainant
· Identification of the part of the Code of Conduct which has allegedly been breached
· A detailed description of the actions (or inactions) which resulted in the alleged breach
If the complaint does contain all of these points, proceed to 3.
If the complaint does not contain all of these points, a form reply is sent back to the complainant requesting that the missing information be provided. End of procedure.
3. An acknowledgement of receipt of the complaint is sent to the complainant.
4. A few basic sanity checks are done, to ensure that the complaint is valid:
· Is the service provider a member of ISPA?
· Has the Complaints Panel already dealt with an earlier complaint on the same issue?
If the complaint passes the sanity tests, then proceed to 5.
If either of these sanity checks fails, a letter is sent to the complainant explaining the reason the complaint cannot be addressed, or noting that it has already been dealt with.
5. Copies of the complaint are forwarded to the service provider and the Complaints Panel.
Target turn-around time for steps 1-5 is 5 working days
6. The service provider against whom the complaint has been initiated is given five working days to remedy the complaint. On request, and at the discretion of the Code of Conduct compliance officer, an additional five days may be granted. If, after this time, the complaint has not been resolved to the satisfaction of both parties, the complaint is forwarded to the Complaints Panel with a request for a hearing. Once a complaint has been forwarded to the Complaints Panel, both the complainant and the service provider must be notified.
7. The Complaints Panel must consider the merits of the complaint, taking into account:
· The complaint
· Any response the service provider wishes to make to the complaint
· The Code of Conduct
· The associated practical recommendations
· Any previous complaints made by the complainant
· Any previous complaints made against the service provider
8. If there is evidence that the complainant has lodged a complaint or dispute, or instituted an action with any other regulatory body or in a Court, and where the subject matter of that complaint, dispute or action is substantially the same as the subject matter of the complaint lodged by that complainant with ISPA, the Complaints Panel may at its discretion hear the complaint, dismiss the complaint, or suspend the complaint until such time as determined by the Panel.
9. The Complaints Panel may request that either the complainant or the service provider or both provide additional information relevant to the complaint. The Complaints Panel must specify a time frame for the provision of this information. If either party fails to provide the required information within this time frame, the Complaints Panel must proceed to evaluate the complaint without the benefit of the additional information.
10. After considering the merits of the complaint, the Complaints Panel can make one or more of the following resolutions:
· The complaint is not valid
· The complaint should be referred back to the service provider with a further opportunity for remedial action (return to step 6.)
· The service provider should be issued with a reprimand or warning
· The service provider should be fined
· The service provide must take-down content (when the complaint stems from a valid take-down notification)
· The service provider should be suspended from ISPA subject to conditions determined by the Panel
· The service provider's membership of ISPA should be revoked
· ISPA should publish a report containing the identity of the service provider, the details of the breach of the Code of Conduct, and any action taken regarding the breach
· ISPA should report unlawful conduct or content to the relevant law enforcement authority
If the Complaints Panel requested that the service provider supply additional information (in step 9), and the service provider failed to do so, then the Complaints Panel may take the service provider’s failure to assist into account when making its decision.
11. Copies of the Complaints Panel's resolutions and the reasons for those resolutions are forwarded to the service provider, the complainant and ISPA's Management Committee.
Target turn-around time for steps 7-11 is 6 weeks
12. If either the complainant or the service provider believes that the Complaints Panel has made an incorrect decision, an appeal can be lodged with ISPA's Management Committee within ten working days of the distribution of the Complaints Panel’s resolution to the parties. If no appeal is lodged within ten working days, then the matter will be considered closed.
13. ISPA's Management Committee can either reject the appeal, or refer the case back to the Complaints Panel. A copy of the Management Committee's decision and the reason for the decision is sent to both the service provider and the complainant.
If the complaint is referred back to the Complaints Panel, return to step 7. A complaint can only be appealed once to the Management Committee.
If the Management Committee rejects an appeal, that is the end of this procedure.
14. ISPA must retain records of all complaints and disciplinary proceedings for a minimum period of three years.
Take-down notification procedure
This is the procedure used by ISPA to process take-down notifications as per section 77 of the Electronic Communications and Transactions (ECT) Act.
1. ISPA receives a take-down request from a complainant.
2. Check: Is ISPA the appointed agent for the service provider against whom the complaint is being made?
· If ISPA is the agent for that service provider: Proceed to step 3.
· If ISPA is not the agent, but the service provider is an ISPA member: Forward the complaint to the service provider's agent. Notify the complainant that this has been done. Notify the service provider that the above steps have been taken. End of procedure.
· If ISPA is not the agent and the service provider is not an ISPA member: Notify the complainant that ISPA cannot assist with this query. End of procedure.
· If no service provider is identified in the complaint: Notify the complainant that the name of the service provider has not been provided. End of procedure.
3. Check: Does the complaint include all of the information below?
· The full names and address of the complainant
· Telephonic and electronic contact details, if any, of the complainant
· The name of the service provider against whom the complaint is being made
· Identification of the material or activity that is claimed to be the subject of unlawful activity
· Identification of the right that has allegedly been infringed
· The remedial action required to be taken by the service provider in respect of the complaint
· A statement by the complainant that the information in the take-down notification is to his or her knowledge true and correct
· A statement that the complainant is acting in good faith
· The written or electronic signature of the complainant
· If all of this information is included in the complaint: Proceed to step 4.
· If some of the information above is missing from the complaint: Notify the complainant that some required information has not been provided. End of procedure.
4. Check: Does the complaint meet all of the sanity checks below?
· Is the material actually hosted on the network of the service provider?
· Has the material in question already been taken down as a result of an earlier complaint (or for some other reason)?
· Is it technically feasible for the service provider to do what is requested as the remedial action?
· If the complaint passes all of the sanity checks: Proceed to step 5.
· If the complaint fails one or more of the sanity checks: Notify the complainant that the complaint has been rejected. Notify the service provider that the complaint was rejected and why. End of procedure.
5. Forward the complaint to the service provider. Notify the complainant that the take-down request has been accepted by ISPA and forwarded on to the service provider concerned.
Target turn-around time for steps 1-5 is 3 working days
6. Proceed with this step two working days after step 5 has been completed, or when the service provider notifies ISPA that the content has been taken down.
Check: Has the material referred to in the complaint been taken down?
· If the material has been taken down: Notify the complainant that the material has been removed, as requested. End of procedure.
· If the material has not been taken down: Telephone the service provider, noting that the content has not yet been taken down. Proceed to step 7.
7. Proceed with this step two working days after the telephone notification in step 6, or when the service provider notifies ISPA that the content has been taken down after the telephonic notification.
Check: Has the material referred to in the complaint been taken down?
· If the material has been taken down: Notify the complainant that the material has been removed, as requested. End of procedure.
· If the material has not been taken down: Telephone and email the service provider, noting that the content has not yet been taken down. Proceed to step 8.
8. Proceed with this step if the service provider fails to respond to all take-down notifications in steps 5, 6 and 7, or if the service provider refuses to take the content down.
Check: What was the service provider's response?
· If the material referred to in the complaint has been taken down: Notify the complainant that the take-down notice has been acted on. End of procedure.
· If the service provider did not respond to the notification at all: Notify the complainant that the service provider has failed to respond. Proceed to step 9.
· If the service provider refused to take the content down: Notify the complainant that the service provider has refused the take-down. Proceed to step 9.
9. Check: Does the complainant wish to lodge a Code of Conduct complaint against the service provider?
· If the complainant does not wish to lodge a complaint: End of procedure.
· If the complainant does want to proceed with a complaint: Proceed to step 5 of the Code of Conduct complaint and disciplinary procedure. The service provider is alleged to be in breach of point 25 of the Code of Conduct for failing to remove the content in question.
Structure of the complaints panel
1. A complaints panel shall consist of volunteers from ISPA's members and independent experts.
2. A three member panel must consider the merits of each complaint. At least one must be a volunteer from an ISPA member and at least one must be an independent expert.
3. Members of a panel cannot participate in hearings relating to complaints made against organisations they represent.
4. When a complaint is referred back to a complaints panel on appeal, a five member panel must consider the merits. At least two must be volunteers from ISPA members and at least two must be independent experts.
5. Members of a panel may be remunerated at a rate agreed by ISPA's Management Committee.
Practical recommendations for ISPA members
[Editor’s note: This section may need some revisions to be consistent with the 2007 amendments.]
Privacy and confidentiality
· Have a privacy policy for any data collected that clearly states how that data will be used or distributed. Make this policy readily available on your web site.
· Do not buy or sell user data unless it is clear that such data is used with the prior written permission of the user.
· Advise users on software tools, which they can use to protect their privacy.
· Review the provisions on the protection of personal information in Chapter 8 of the Electronic Communications and Transactions Act.
· Review the provisions on the prohibition of interception of communications in Chapter 2 of the Regulation of Interception of Communications and Provision of Communications-related Information Act.
· Review the provisions applicable to private bodies in Part 3, Chapters 4 and 5 of the Promotion of Access to Information Act.
Consumer protection and provision of information to customers
· Have a prominent link to ISPA's Code of Conduct on your web site.
· Develop a standard Acceptable Use Policy (AUP) document for customer agreements and include this on your web site.
· Establish a clear procedure for dealing with breaches of your AUP.
· Make your PROATIA manual available on your web site.
· Ensure that pricing information supplied to customers specifies any additional charges payable, for example telephone and fax call fees. Differences in costs between after-hours tariffs and standard tariffs should also be highlighted.
· Review the provisions on consumer protection in Chapter 7 of the Electronic Communications and Transactions Act and the Consumer Affairs (Unfair Business Practices) Act.
Unsolicited bulk mail
· Include a "no spamming" clause in your AUP.
· Ensure that messages sent to abuse@... and postmaster@... addresses are received and dealt with promptly.
· Review the provisions on unsolicited goods, services or communications in Chapter 7 of the Electronic Communications and Transactions Act.
Cyber crime
· Review the provisions on cyber crime in Chapter 13 of the Electronic Communications and Transactions Act.
Protection of minors
· Provide links to information on filtering software and content labelling systems. Be aware that such systems are far from foolproof. Consider submitting your site for rating to any content labelling or rating agencies you are providing information on.
Unlawful content and activity
· Review the provisions on the limitation of liability of service providers in Chapter 11 of the Electronic Communications and Transactions Act.
|
