How to introduce an Internet and email policy |
|
| |
|
| Introduction |
|
| The Internet is an essential tool for most businesses. However, allowing your employees unrestricted access to the Internet poses a number of risks. Prosecution can result when an employee accidentally or deliberately accesses illegal web content. Security risks are immense – it takes only one employee to mistakenly download and install software infected by a virus. In addition, any abuse of your email facilities could cause internal and external problems. For example, sending bulk email could result in system overload and network congestion. Lastly, allowing employees to use the Internet for personal use leaves the system open to abuse, resulting in your organisation being less effective. |
|
| |
|
| This article explains what to look for in a good policy and how best to introduce a policy which sets clear guidelines and goals. A plain English Internet and communications policy goes a long way when defending legal action. |
|
| |
|
| Why you need Internet and email policies: |
|
- To ensure that communications resources are managed efficiently and productively;
- To help protect the business from potentially damaging material being sent or received via the Internet or email and any possible resulting legal action.
|
|
| |
|
| The benefits of allowing access to the World Wide Web are clear. However, abuse of the system can be very wasteful and leave your organisation inefficient. More serious risks include: |
|
- Downloading files that contain viruses;
- Obtaining copyrighted material such as music or films;
- Transmitting valuable or sensitive business information without encryption;
- Distributing or relaying offensive or abusive material via email;
- Generating junk email, or spam, via mass mailings;
- Accepting files from people in online chat rooms which could bypass firewalls or email filters;
- Accessing or downloading pornography or other offensive material;
- Libelling or defaming colleagues, or even external business contacts, via email;
- Using the Internet to commit fraud or other illegal acts.
|
|
| |
|
| Introducing Internet and email usage policies should help you avoid these risks. It should also ensure that your business and staff get the best possible use out of your IT system, resulting in improved bottom line performance. |
|
| |
|
| Internet usage policy: |
|
| Decide whether to allow your staff to access the Internet from work in their own time. Many businesses allow access as a goodwill gesture to improve employee relations. However, if you do grant permission, you should think about an Internet acceptable use policy (IAUP). The IAUP should set out the terms and conditions for staff accessing the Internet from their workplace. It should contain: |
|
- A definition of personal use (anything not directly related to work);
- Guidance on how much access time is acceptable and when access is allowed;
- A warning to abide by any copyright and licensing restrictions on Internet-sourced material;
- Instructions on what to do before downloading material;
- Warnings on the danger of importing viruses through downloaded files and programs;
- What personal use is not permitted;
- Any sanctions or disciplinary actions that may be taken if employees do not follow the policy guidelines.
|
|
| |
|
| Unless you explicitly state what is not acceptable, you will risk an unfair dismissal claim if you dismiss staff who access unsuitable material. Further, remind staff that access to the Internet is a privilege and not a right. |
|
| |
|
| You must tell staff that their access may be monitored if you intend to do so. See our article linked right on monitoring employees. |
|
| |
|
| Email usage policy: |
|
| Email should be treated as a professional method of correspondence. Provide your staff with guidance in the form of an email acceptable use policy (EAUP), which should outline: |
|
- What shouldn't be circulated on the company email system, including any offensive, indecent or obscene material, or anything likely to cause offence on grounds of sex, sexual orientation, race, disability, age, religion or belief;
- What can be construed as inappropriate, discriminatory or libellous content;
- Rules for sending confidential business information via email - eg using encryption software to prevent unauthorised persons accessing it;
- What you consider to be appropriate email etiquette, such as terms of address and sign-off, and the need to be formal and businesslike in all communications;
- How attachments should be handled;
- How much personal email use is acceptable;
- How the laws governing data protection, e-commerce and email marketing affect your business;
- Guidance on saving, filing and photocopying emails for company records.
|
|
| |
|
| Employees should also be informed that emails they send can be recovered even after deletion. You should also let them know what email monitoring may be carried out. |
|
| |
|
| Developing personal Internet and email usage policies |
|
| You need to decide how much your staff will be allowed to use your network resources to access the Internet or use email. Totally forbidding personal Internet access and email can reduce goodwill, and damage your organisation as much as allowing staff to have a totally free rein. The ideal solution is a middle ground, where both the employee and the employer benefit. |
|
| |
|
| The best way of developing your own Internet acceptable usage policy (IAUP) and email acceptable usage policy (EAUP) is to build a consensus based on sensible and reasonable compromises. Start by asking your staff and find out what they want. Next, purchase an Internet and Email policy. You can purchase separate documents, or as a single document. As they are so closely linked, we recommend one document, to cover both Internet and email. Discussing your IAUP and EAUP with your staff may encourage their co-operation, and minimise resentment of monitoring or usage restriction. |
|
| |
|
| Dealing with Internet and email policy breaches: |
|
| Humans have a tendency to bend rules and regulations. Deal with such matters promptly to ensure best employee relations. Consider what is inappropriate in the context of your policies. Is spending two minutes checking the weather on a Friday afternoon worthy of disciplinary action? Perhaps not but if they check the weather, their star sign and downloads large amounts of data on a daily basis, consider taking action. |
|
| |
|
| Ensure your policy includes warnings informing that: |
|
- Access to Internet and email facilities may be withdrawn at any time as a result of, or pending the outcome of, investigations into suspected misuse;
- Any rules you have about conduct and behaviour apply equally when using Internet or email facilities;
- Users might be personally liable to prosecution, and open to claims for damages, if their actions are found to be in breach of the law. If a user is accused of harassment, claiming they did not intend to harass or cause offence will not constitute an acceptable defence;
- Employees using the business' IT systems to store or pass on child pornography, or any other material that could cause offence or injury, will face serious disciplinary action and possible dismissal - whether or not they are prosecuted or convicted.
|
|
| |
|
| Internet and email policies should state clearly what sort of penalties or sanctions any breaches of the rules will attract, so that employees fully understand the consequences of their actions. |
|
