Internet and email policies

Employees, computers and e-mails are a potent mix. They can cause all manner of problems for employers. Such hassles include racial and sexual harassment, downloading of pornography, defamation of management, customers or competitors, breach of confidence, copyright infringement, inadvertent formation of binding contracts, excessive time on the internet in working hours and breaches of either the Computer Misuse Act 1990 or the Data Protection Act 2018.

To try to combat these potential problems and to provide staff with some guidance, employers adopt computer use and e-mail policies. Every business is different and no one size fits all. It is surprising how tough employment tribunals are prepared to be about the dismissal of employees for downloading of pornography, particularly if there is a policy in force forbidding this. One question that clients often ask us in these circumstances is whether they are required to notify the Police. In our experience, the Police are not interested unless the pornography is being sold by the employee or it involves children.

The terms of a specimen computer and e-mail use policy are shown below. The following comments about the policy may be of assistance.

(1) In clause 8 staff are allowed to send personal e-mails. There are two principal reasons for doing this

(a) it is virtually impossible to stop staff from doing this, and,

(b) whatever rules are laid down about this will largely be ignored by senior management thereby making it very difficult to justify a dismissal for breach before an employment tribunal (lawyers acting for employees are always quick to point out inconsistencies in this respect). The employer’s best ally in this area is the other staff. If a member of staff is spending an excessive amount of time on the internet, in our experience, the employer is likely to hear about it from other staff very promptly.

(2) The most important clause in the terms for the reasons stated above is clause 18 warning staff that monitoring could take place.

SPECIMEN COMPUTER AND EMAIL USE POLICY

We do not wish to restrict in any way your use of our computer system – indeed we encourage it. However we regard the integrity of our computer system as key to the success of our business. To avoid misunderstanding and confusion all employees must abide by the following policies. Breaches of this policy will be taken seriously and could amount to gross misconduct. You should direct any queries about this policy to the HR Department.

1. Licensed Software

Only properly licensed software may be loaded onto our system. You are not allowed to use within the company any material that you either know, or suspect to be, in breach of copyright. In addition, you are not allowed to pass such material on to anyone else. It is important to bear in mind that breach of copyright for business purposes can be a criminal offence both by the company and by the individual concerned. No software may be loaded onto our system without first obtaining the express permission of the IT Department. Software includes business applications, shareware, entertainment software, games, screensavers, and demonstration software. If you are unsure whether a piece of software requires a licence, please contact the IT Department. The copying of software media and manuals is also prohibited.

2. Networks

You are not allowed to make any change to the connection or configuration of your PC. None of our PC’s may be connected to a customer’s network without both permission from the IT Department and written permission from the customer concerned. In addition, none of our PC’s may be connected to a public network, e.g. internet, without permission from the IT Department.

3. Disks

You must not use disks from unknown sources or from home computers. All data disks must be virus checked before they may be used on our computer system.

4. Viruses

Generally, more damage to files is caused by inappropriate corrective action than by viruses themselves. If a virus is suspected you should do nothing more until instructed. The matter must be reported immediately to the IT Department. The most likely way that our computer system will be infected by a virus is by an external message. Any outside material must be properly virus checked before being loaded on to our computer system. Many viruses are now spread by email messages and use the address book of the recipient to pass it on to other people. Some of these viruses are activated when an attachment to the message is opened. Creators of these viruses frequently encourage the user to open the attachment simply by using a header such as “You must read this!” You should not open any attachment of this type and must generally be suspicious of any message that is received from an unknown source. In other words, only open mail when you know it is from a reliable source. If you receive email warnings about viruses please ignore the instructions they contain. In the majority of cases they are hoaxes and the instructions, if followed, will damage our computer system.

5. Customer Procedures

If you use a customer’s computer system you must observe the customer’s rules relating to their computers. In the absence of any such rules our rules should be followed.

6. Access

You are only allowed access to those parts of our computer system which you need in order to carry out your normal duties.

7. Inappropriate Material

You must not view or download or pass on any pornographic material on our computer system or place obscene or offensive screensavers on your PC. In line with the normal rules that apply to you as an employee, you are not allowed to send racist, sexist, blasphemous, defamatory, obscene, indecent or abusive messages on our computer system, either internally or externally. Do be careful and think carefully before sending any questionable messages that could reflect badly on us as a company.

8. Use of the internet at work

The primary reason for our providing you with access to the internet and/or email is to assist you in your work for us. You are allowed to send personal emails in a similar way to the way that minor incidental personal telephone use is allowed. However, personal emails should be kept to a minimum and the company’s footer MUST NOT be shown on a personal email. Such activity should not be excessive and must not affect your ability to work properly for us during normal working hours. You are not allowed to go onto the internet for your own purposes during normal working hours. You are allowed to do so outside normal working hours (and during your lunch hour).

You are not allowed to send unsolicited emails or email messages to multiple recipients or use email for personal gain. You are also not allowed to use the company’s internet access and email system to sign up for online shopping or internet membership schemes or chatrooms.

9. Orders

You must not order anything on our behalf by email without proper authorisation. You should always bear in mind that an email from the company has the same legal effect as a letter from the company on the company’s notepaper. This underlines the importance of being careful with what you say in an email in case it is misunderstood.

All company emails must contain our standard footer which will be notified to you from time to time. As stated above, personal emails must not contain the company’s standard footer.

10. Confidentiality

Before sending any confidential information by email consider carefully whether appropriate steps have been taken to maintain such confidentiality. Email is not inherently a more secure medium of communication than traditional means, and can be easily copied, forwarded and stored.

11. Security

Do not give internal passwords to anyone outside the company. In addition, you must not give any customer-related security information to anyone other than the customer unless specifically authorised in writing by the customer in advance.

12. Records

Keep proper records of our dealings with outsiders. It is always possible that what appears to be a relatively trivial point could be of immense significance later. It is not possible to foresee what will subsequently need to be checked so keep a complete record of all transactions.

13. Data Protection

If you have access to data about individuals you must bear in mind at all times the provisions of the Data Protection Act 2018. Guidance on these may be obtained from the HR Department.

14. Passwords

Use passwords at all times and change them at the intervals notified to you. Do not select obvious passwords. All passwords must be kept confidential.

15. Backups

Regular back-ups must be carried out in accordance with the rules laid down from time to time. Critical information should not be stored on the hard disk of your workstation in case it is lost.

16. Misuse

Misuse of computers is a serious disciplinary offence. The following are examples of misuse:

(a) fraud and theft
(b) system sabotage
(c) introduction of viruses and time bombs
(d) using unauthorised software
(e) obtaining unauthorised access
(f) using the system for unauthorised private work or game playing
(g) breaches of Data Protection legislation
(h) sending abusive, rude or defamatory messages via email
(i) hacking or
(j) breach of the company’s security procedures or this policy.

This list is not exhaustive. Depending on the circumstances of each case, misuse of the computer system may be considered gross misconduct, punishable by dismissal without notice. Misuse amounting to criminal conduct may be reported by us to the Police.

17. Breaches

All breaches of computer security must be referred to the IT Department. If you suspect that a fellow employee (of whatever seniority) is abusing the computer system you may speak in confidence to the HR Department. You are responsible for any actions that are taken against us by a third party arising from restricted and/or offensive material being displayed on or sent by you through our computer system.

18. Monitoring

The company reserves the right to intercept and monitor your communications, including email, internet and telephone calls. This right to monitor may be exercised, for example, for the purpose of deciding whether communications are relevant to the business, for the purpose of preventing or detecting crime or to ensure the effective operation of the system.

In addition, the company reserves the right to monitor communications in order to determine the existence of facts, to detect unauthorised use of the system and to decide the standards which ought to be achieved by employees using the system.

19. Improvements

We welcome suggestions from you for the improvement of this policy. These should be directed to the HR Department.