E-mail and internet use

Joe Glavina, professional support lawyer in the employment department at Addleshaw Booth & Co, outlines the requirements for creating an effective Internet and e-mail usage policy.

Aims

In creating an e-mail and Internet policy, you should aim to end up with a document which:

Is clear and easy to understand

Explains the risks of abusing e-mail and the Internet

Sets out the rules for compliance

Warns of the consequences of employees' failure to comply

Describes the extent of any monitoring which the employer intends carrying out

Who is it for?

Anyone who has access to the employer's computer/telephone/fax facilities. In most cases this will be solely employees. If any users are not employees then the employer will need to consider how best to enforce the policy (since the disciplinary procedure will not be applicable to them). This could be achieved by inserting a suitable term in the user's contract.

Essential elements

There is no legal requirement to have an e-mail policy and so, to that extent, there are no essential elements. However, to safeguard the interests of both employer and employee, and in the interests of good industrial relations, the following areas should be covered.

Purpose: It is important that staff are be fully aware of the dangers of e-mail misuse and that it could have disciplinary consequences. Your policy should provide short, clear messages to employees warning them of the risks of misuse. In addition, you should make clear that the e-mail policy should be read in conjunction with the disciplinary policy.

Suggested clause:

The Company expects all its computer facilities to be used in a professional manner. These facilities are provided by the Company at its own expense for its own business purposes. It is the responsibility of each employee to ensure that this technology is used for proper business purposes and in a manner that does not compromise the Company or its employees in any way. This policy document is to be read in conjunction with the disciplinary procedure.

Confidentiality: Communicating via e-mail and the Internet tends to be very much more informal than written correspondence. The policy should warn staff that caution is needed to avoid breaching confidentiality.

Suggested clauses:

You should not transmit anything in an e-mail or fax message that you would not be comfortable writing in a letter or a memorandum. You should note that electronic messages are admissible as evidence in legal proceedings and have been used successfully in libel cases.

You should never assume that internal messages are necessarily private and confidential, even if marked as such. Matters of a sensitive or personal nature should not be transmitted by e-mail unless absolutely unavoidable.

Internet messages should be treated as non-confidential. Anything sent through the Internet passes through a number of different computer systems all with different levels of security. The confidentiality of messages may be compromised at any point along the way unless the messages are encrypted.

Offensive messages: E-mail is commonly used as a quick and informal means of "speaking" to another person. However, because the communication is not face to face it carries a risk that the recipient will be offended, albeit perhaps unintentionally. The risk of liability for discrimination is a particular danger and the policy ought, therefore, to specifically refer to the equal opportunities/harassment policy.

Suggested Clauses:

You must not send offensive, demeaning or disruptive messages. This includes, but is not limited to, messages inconsistent with the Company's equal opportunity and harassment policies. You should therefore not place on the system any message which you regard as personal, potentially offensive or frivolous to you or to any recipient.

If you receive mail containing material that is offensive or inappropriate to the office environment then you must delete it immediately. Under no circumstances should such mail be forwarded either internally or externally.

Passwords: The risk of misuse will be reduced if employees are restricted to using only their own computers. The policy should make this clear.

Suggested Clause:

You must not allow other employees to use your password. If you anticipate that someone may need access to your confidential files in your absence you should arrange for the files to be copied to somewhere where that person can access them.

Viruses: Viruses pose a serious threat to the employer's property and strict rules should be imposed which limit the risk.

Suggested Clauses:

Any files or software down-loaded from the Internet or brought from home must be virus-checked before use. You should not rely on your own PC to virus-check any such programmes but should refer direct to the IT Department.

You must not run any "exe" files. These should be deleted immediately upon receipt without being opened.

The Internet: The Internet provides employees with the potential to communicate with millions of other people and other businesses. Strict rules need to be imposes which provide the employer with protection and which warn employees not to waste time using the Internet for matters which are not related to their work.

Suggested Clauses:

Access to the Internet during working time should be limited to matters relating to your employment. Any unauthorised use of the Internet is strictly prohibited. Unauthorised use includes but is not limited to connecting, posting or down-loading any information unrelated to your employment and in particular pornographic material, engaging in computer hacking and other related activities, attempting to disable or compromise security of information contained on the Company's computers.

Postings placed on the Internet may display the Company's address. For this reason you should make certain before posting information that the information reflects the standards and policies of the Company. Under no circumstances should information of a confidential or sensitive nature be placed on the Internet.

Information posted or viewed on the Internet may constitute published material. Therefore, reproduction of information posted or otherwise available over the Internet may be done only by express permission from the copyright holder.

You must not commit the Company to any form of contract through the Internet. Subscriptions to news groups and mailing lists are only permitted when the subscription is for a work-related purpose. Any other subscriptions are prohibited.

Interception of communications: Monitoring of e-mails is regulated by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. Basically these Regulations, which are wide in scope, authorise businesses to carry out monitoring for certain purposes provided reasonable steps are taken to inform staff. The policy should, therefore, describe the purposes for which the employer intends to carry out monitoring. The examples listed in the clause below are of a type which the Regulations specifically authorise.

Suggested Clauses:

The Company reserves the right to intercept any e-mail for any of the following reasons: record keeping purposes, checking compliance with regulations, quality control or staff training, preventing or detecting crime, investigating or detecting the unauthorised use, checking for viruses or other threats to the system.

Note however, that if the employer wants to carry out monitoring for purposes outside the regulations then the consent of both staff and outsiders will be required under the Regulation of Investigatory Powers Act 2000

Warning: It is not only important to impress upon staff the dos and don'ts of the email policy but also to make it clear that non-compliance could be a disciplinary matter which could even, in extreme cases, result in dismissal. As well as reinforcing the importance of the guidelines, this may help the employer in any claims for unfair dismissal arising from breaches by employees.

Suggested Clause:

The Company considers this policy to be extremely important. If you are found to be in breach of the policy then you will be disciplined in accordance with the disciplinary procedure and you may be dismissed. In certain circumstances, breach of this policy may be considered gross misconduct resulting in immediate termination of your employment.

Best practice

The following areas, whilst not as important as those listed above, could also be covered in the policy if appropriate