Virtually every company relies on computers, email, and the internet to operate, and has employees who use the company’s computers, email, and internet access to perform their jobs, communicate with co-workers, and communicate with others outside the company every day. As a result of the wide usage of the internet in workplaces, it is imperative that companies have in place effective computer, email, and internet acceptable use policies. Highlighted here are several issues which businesses often overlook or get wrong when drafting and enforcing these policies.
Computer, Email, and Internet Use Policies
To be effective, policies addressing the use of company computers, email and internet should be crafted to meet the following key objectives:
Promote Acceptable Business-Related Use. It may be obvious, but it should be clear that computers and other devices are made available for business-related use only and not personal use. Where companies are required to comply with certain industry regulations or laws that concern employee use of computers or restrict use and disclosure of certain electronically-stored information, the policy should specifically refer to those regulations and describe any prohibited conduct.
Specifically Prohibit Abusive and Harassing Conduct. As employees more and more often communicate with each other through email and through text messaging, employers face an ever increasing liability should employees use email and texting inappropriately, such as sending derogatory and harassing emails or making unwanted advances towards a co-worker via text message. To reduce this potential liability, employers must make sure acceptable use policies clearly define and prohibit unacceptable behavior and conduct. In addition, the policy should require employees to report any conduct that they believe is unacceptable.
Diminish Employee’s Expectation of Privacy. It should be made clear to employees that they should have no expectation of privacy with regard to their use of company computers or other devices. This should include the information contained on their computer, emails they have sent or received, and their history of online activity. The policy should clearly state that the computer system and devices are subject to monitoring at any time, with or without notice.
Protect Confidential Information. Along with confidentiality policies, an acceptable use policy that specifically addresses the access, use and disclosure of the company’s electronic proprietary information and data is one of the main tools a company has available to it to protect both its own confidential and proprietary business information as well as that of its customers. It should also include guidelines regarding the access, use and disclosure of the confidential personal information of employees.
Govern Use Across All Devices. Often overlooked, it is imperative that acceptable use policies extend to an employee’s use of all company devices, such as mobile phones and tablets. In addition, the policy should cover employee’s use of their own personal devices when it is being used for company-related business or when it is connected to the company’s wired or wireless network.
Employee’s Use of Social Media and Social Networking
Given how common it is for employees to use social media and social networking sites for both professional and personal use, companies are encouraged to have policies in place regarding the acceptable use of these services. However, companies should be mindful when they go about crafting and enforcing these policies. Although a company’s main objective in having a social media policy is to prohibit employees from saying things on social media that are either critical of the company or negatively impacts the company’s reputation, companies should approach these policies with caution. Employers do not have the unfettered right to restrict and discipline employees who are critical of their employer or who communicate to each other about their working conditions. Certain laws prohibit this. Accordingly, companies need to carefully craft these policies so that they do not run afoul of these laws.
LinkedIn Profiles and Contacts
Professional networking sites, such as LinkedIn, raise some additional issues that companies need to consider. As employees utilize sites like LinkedIn to make professional connections, the employee is generating valuable contact information of clients, potential clients, or other business connections. However, as long as this valuable information is maintained solely on an employee’s LinkedIn page, the company has no control over how this information is maintained or used by the employee.
Accordingly, employers should consider implementing a policy that makes it clear that the company, not the employee, owns all contact or other information provided to the employee by clients and other business connections, that employees may only use client information for business-related purposes only, and that employees will be required to turn over client information maintained on the employee’s LinkedIn page upon separation from employment.
Because the use of computers, mobile devices, email, and social media is so widespread in the workplace, companies must have in place effective acceptable use policies. Even companies who already have these policies in place should review their policies to see if they are in need of being updated to address any technological or legal changes. These policies are critical to ensure that a company is actively addressing the challenges which can arise with ever-changing technology and social media.
For more information on this article or other Employment Law related matter, please contact an attorney with our Labor and Employment Law practice area.