Email and internet use: case study

Elizabeth Stevens of steeles (law) llp continues a series of articles on email and internet use with a case study.

OnlineInfo UK Ltd is a fast-growing online publishing company currently employing more than 200 people, the vast majority of whom use a computer every day to carry out their duties.

The company has a very brief internet and email policy, which states that employees' emails may be monitored, although in practice they are not at present. The policy also states that employees must not distribute 'inappropriate' material by email and that use of the internet and email system is restricted to business purposes only. The policy was drafted five years ago and has not been reviewed since then.

In reality, virtually everyone at OnlineInfo (from board level down) uses the email system for personal correspondence. Most people also access the internet from time to time for non-work-related purposes. Managers are aware of this (and use the internet themselves), but have always taken the view that they can generally trust staff not to spend excessive amounts of time surfing the internet or emailing their friends.

Several problems have recently come to light. A female employee has complained about a 'joke' email distributed to a group of employees and then forwarded to her by a colleague. The email contains a number of disparaging comments about female drivers.

In addition, the newly appointed IT manager has spotted that several employees are spending a lot of time accessing online gambling sites and eBay during working hours. It has also been rumoured that a member of staff has posted a video on YouTube of the managing director dancing to 'YMCA' at the office Christmas party. OnlineInfo is not named on the site.

How should the company deal with the distribution of the 'joke' email?

If the employee who has complained wants to raise a formal grievance, a proper grievance procedure should be followed. This should, as a minimum, comply with the statutory grievance procedures.

The nature of the email suggests that the content is in poor taste but it is unlikely to be highly offensive to most people. However, this does not mean that the employee's complaint should not be treated seriously, since the perception of the individual (ie the recipient of the email) has to be taken into account when deciding whether the email amounts to sexual harassment. This is the case even though the female employee was not an intended recipient of the original email.

Since the existing policy does not stipulate what amounts to 'inappropriate' material, it would probably not be advisable to take formal disciplinary action against the individual who distributed the email. However, the individual should be spoken to informally and made aware that a complaint has been lodged. He or she should be warned that the further distribution of similar material is likely to lead to disciplinary action.

In addition, it would be advisable to remind all employees that the distribution of such material is unacceptable. The policy should be expanded to clarify the types of material deemed 'inappropriate', including joke emails as well as more offensive and explicit material such as pornographic images.

What should the company do to address the high level of personal internet use by some employees?

Since personal use of the internet has been tolerated (and endorsed) by managers, it will be difficult to rely on the existing policy to bring disciplinary proceedings against any employee unless his or her use has been manifestly excessive, perhaps for several hours a day. In addition, the policy does not make reference to the fact that internet use can be monitored by the IT department.

At this stage, it would be advisable for OnlineInfo to clarify its policy on personal internet use. Is it realistic to ban all use of the internet for personal purposes? Since the company has allowed such use up to now, it might be a good idea to clarify that limited personal use is allowed during lunch breaks and outside normal working hours only. Staff should be informed that this is a privilege that could be withdrawn by the company in the event of it being abused.

The policy should also make it clear that users' access to the internet is recorded on an individual basis and will be monitored to ensure such use is neither excessive nor inappropriate. To comply with data protection obligations, employees should be provided with details of what monitoring will be taking place, when it will be taking place, the purpose of such monitoring, how this information will be used, to whom it will be disclosed and for how long the information will be retained. The company might want to consider blocking access to certain sites, including social networking and online gambling sites.

Can the employee be disciplined for posting the YouTube video?

It might be difficult to establish who posted the video and, since OnlineInfo is not identifiable from it, it will be difficult to show that it has brought the company into disrepute.

In a recent case, reported on the BBC website a supermarket was found to have unfairly dismissed a worker who had been sacked for posting a video clip of his colleagues filmed at the store during working hours on YouTube. The employment tribunal did not accept that the video had damaged the supermarket's reputation and said that an alternative sanction to dismissal should have been considered.

If it can be established who posted the video it might be worth drawing to the individual's attention the fact that the managing director is aware of the video and would like it removed. If the employee refuses to do so, OnlineInfo could consider taking formal disciplinary action but it is unlikely that dismissal could be justified in these circumstances.

What urgent action should the company take?

It is essential that OnlineInfo review and amend its existing email and internet policy, to bring it up to date with current practices. This should be done in conjunction with IT managers, who will be responsible for maintaining the security of the computer systems and reporting possible breaches and problems.

The policy should set out clear guidelines on what is regarded as unacceptable use of the system. This should cover use of the email system as well as personal use of the internet, and it should be made clear that the downloading and distribution of offensive or discriminatory material, even intended as a joke, will not be tolerated.

The policy should also explain the nature and frequency of any monitoring that is carried out by OnlineInfo, and set out the disciplinary consequences for those found to be in breach of the policy. For more information on what to include in the policy, see Email and internet use: writing a policy.

It is crucial that once the policy has been updated, it is reissued to staff and that steps are taken to ensure the policy is read and understood. Where appropriate, training on complying with and implementing the policy should be given. Prompt action should be taken if any breach of the policy is reported. The suspected breach should be investigated and, where appropriate, disciplinary action taken.

The next topic of the week article will be FAQs on email and internet use and will be published on 29 October.

Elizabeth Stevens is a professional support lawyer at steeles (law) llp (estevens@steeleslaw.co.uk)

Further information on steeles can be accessed at www.steeleslaw.co.uk