Article reference: UK-IA-EMP40

How to introduce an Internet and email policy

The Internet is an essential tool for most businesses. However, allowing your employees unrestricted access to it poses a number of security and business risks.

It takes only one employee to mistakenly download and install software infected by a virus for your entire network to be affected by it. Additionally, it could be your business that is liable if an employee accidentally or deliberately accesses illegal content. Overuse by employees for personal use (such as checking personal social media accounts) could reduce productivity.

More serious risks include:

  • obtaining and redistributing copyrighted material such as music or films

  • transmitting valuable or sensitive business information without encryption

  • distributing or relaying offensive or abusive material via email

  • generating junk email, or spam, via mass mailings

  • accessing or downloading pornography or other offensive material

  • libelling or defaming colleagues, or even external business contacts, via email

  • using the Internet to commit fraud or other illegal acts

Policies set expectations in advance about employee behaviour. They also provide a standard against which you can gain recourse - if you don't tell employees that they cannot download films at work, your options are limited if they do.

An Internet and communications policy written in plain language goes a long way when defending legal action. It can also help:

  • ensure that communications resources are managed efficiently and productively

  • protect the business from potentially damaging material being sent or received via the Internet or email

Internet usage policy

You should decide whether to allow your staff to access the Internet from work in their own time for personal use.

Many businesses allow access as a goodwill gesture to improve employee relations, and because completely restricting access is difficult.

However, if you do grant permission, you should think about an Internet acceptable use policy (IAUP). The IAUP should set out the terms and conditions for staff accessing the Internet from their workplace. It should contain:

  • a definition of personal use (anything not directly related to work)

  • guidance on how much access time is acceptable and when access is allowed

  • a warning to abide by any copyright and licensing restrictions on Internet-sourced material

  • instructions on what to do before downloading material

  • warnings on the danger of importing viruses through downloaded files and programs

  • what personal use is not permitted

  • any sanctions or disciplinary actions that may be taken if employees do not follow the policy guidelines

Unless you explicitly state what is not acceptable, you will risk an unfair dismissal claim if you dismiss staff who access unsuitable material. Further, remind staff that access to the Internet is a privilege and not a right.

You must tell staff that their access may be monitored if you intend to do so.

Email usage policy

Email should be treated as a professional method of correspondence, and not for personal use.

Provide your staff with guidance in the form of an email acceptable use policy (EAUP), which should outline:

  • what shouldn't be circulated on the company email system, including any offensive, indecent or obscene material, or anything likely to cause offence on grounds of sex, sexual orientation, race, disability, age, religion or belief

  • what can be construed as inappropriate, discriminatory or libellous content

  • rules for sending confidential business information via email - e.g. using encryption software to prevent unauthorised people accessing it

  • what you consider to be appropriate email etiquette, such as terms of address and sign-off, and the need to be formal and businesslike in all communications

  • how attachments should be handled

  • how much personal email use is acceptable

  • how the laws governing data protection, e-commerce and email marketing affect your business

  • guidance on saving, filing and photocopying emails for company records

Employees should also be informed that emails they send can be recovered even after deletion. You should also let them know what email monitoring may be carried out.

Developing personal Internet and email usage policies

You need to decide how much your staff will be allowed to use your network resources to access the Internet or use email. Totally forbidding personal Internet access and email can reduce goodwill, and damage your organisation as much as allowing staff to have a totally free rein. The ideal solution is a middle ground, where both the employee and the employer benefit.

The best way of developing your own Internet acceptable usage policy and email acceptable usage policy is to build a consensus based on sensible and reasonable compromises. Start by asking your staff and find out what they want. Discussing your IAUP and EAUP with your staff may encourage their co-operation, and minimise resentment of monitoring or usage restriction.

Dealing with Internet and email policy breaches

Humans have a tendency to bend rules and regulations. Deal with such matters promptly to ensure best employee relations. Consider what is inappropriate in the context of your policies. Is spending two minutes checking the weather on a Friday afternoon worthy of disciplinary action? Perhaps not, but if the employee spends half an hour checking the weather and the news outside of a break time, consider taking action.

Ensure your policy includes warnings informing that:

  • access to Internet and email facilities may be withdrawn at any time as a result of, or pending the outcome of, investigations into suspected misuse

  • any rules you have about conduct and behaviour apply equally when using Internet or email facilities

  • users might be personally liable to prosecution, and open to claims for damages, if their actions are found to be in breach of the law. If a user is accused of harassment, claiming they did not intend to harass or cause offence will not constitute an acceptable defence

  • employees using the business' IT systems to store or pass on pornography, or any other material that could cause offence or injury, will face serious disciplinary action and possible dismissal - whether or not they are prosecuted or convicted

Internet and email policies should state clearly what sort of penalties or sanctions any breaches of the rules will attract, so that employees fully understand the consequences of their actions.

Related documents

You can download a template IT, Internet and e-mail usage policy from Net Lawman. It is one of several employment policies we provide.

Please note that the information provided on this page:

  • Does not provide a complete or authoritative statement of the law;
  • Does not constitute legal advice by Net Lawman;
  • Does not create a contractual relationship;
  • Does not form part of any other advice, whether paid or free.
Contact us about this article

We would love to hear what you think about this article and how we could improve it. Please do let us know. However, we shan't be able to reply to your specific questions. If you have a question about a document, please contact us.

Leave feedback about this page