Since virtually every company relies on computers, email and the Internet to operate its business; and has employees who, every day, use the company’s computers, email and Internet access to perform their jobs and communicate with co-workers and with others outside the company, it is imperative that companies have in place effective acceptable-use policies. However, there are issues that businesses often overlook or get wrong when drafting and enforcing these policies.
To be effective, policies addressing the use of company computers, email and Internet should be crafted to meet the following key objectives.
• Promote Acceptable Business-Related Use. It may be obvious, but it should be clear that computers and other devices are made available for business-related use only and not personal use. Where companies are required to comply with certain industry regulations or laws that concern employee use of computers or restrict use and disclosure of certain electronically-stored information, the policy should specifically refer to those regulations and describe any prohibited conduct.
• Specifically Prohibit Abusive and Harassing Conduct. As employees often communicate with each other through email and text messaging, employers face an ever-increasing liability should employees use them inappropriately, such as sending derogatory and harassing emails or making unwanted advances towards a co-worker via text message.
To reduce this potential liability, employers must make sure acceptable-use policies clearly define and prohibit unacceptable behavior and conduct. In addition, the policy should require employees to report any conduct that they believe is unacceptable.
• Diminish Employee’s Expectation of Privacy. It should be made clear to employees that they should have no expectation of privacy with regard to their use of company computers or other devices. This includes the information contained on their computer, emails they have sent or received and their history of online activity. The policy should clearly state that the computer system and devices are subject to monitoring at any time, with or without notice.
• Protect Confidential Information. Along with confidentiality policies, an acceptable-use policy that specifically addresses the access, use and disclosure of the company’s electronic proprietary information and data is one of the main tools a company has available to it to protect both its own confidential and proprietary business information as well as that of its customers. It should also include guidelines regarding the access, use and disclosure of the confidential personal information of employees.
• Govern Use Across All Devices. Often overlooked, it is imperative that acceptable-use policies extend to employees’ use of all company devices, such as mobile phones and tablets. In addition, the policy should cover employees’ use of their own personal devices when they are being used for company-related business or when the device is connected to the company’s wired or wireless network.
Social Media, Social Networking
Given the prevalence of employees’ use of social media and social networking sites for both professional and personal use, companies are encouraged to have policies in place regarding the acceptable use of these services. However, companies should be mindful when they go about crafting and enforcing these policies.
Although a company’s main objective in having a social media policy is to prohibit employees from saying things on social media that are either critical of the company or that negatively impact the company’s reputation, companies should approach these policies with caution. Employers do not have the unfettered right to restrict and discipline employees who are critical of their employer or who communicate to each other about their working conditions. Certain laws prohibit this. Accordingly, companies need to craft these policies carefully so that they do not run afoul of these laws.
LinkedIn Profiles and Contacts
Professional networking sites, such as LinkedIn, raise some additional issues that companies need to consider. As employees utilize sites like LinkedIn to make professional connections, the employee is generating valuable contact information of clients, potential clients or other business connections. However, as long as this valuable information is maintained solely on an employee’s LinkedIn page, the company has no control over how this information is maintained or used by the employee.
Accordingly, employers should consider implementing a policy that makes it clear that the company, not the employee, owns all contact or other information provided to the employee by clients and other business connections, that employees may use client information for business-related purposes only and that employees will be required to turn over client information maintained on the employee’s LinkedIn page upon separation from employment.
Given the everyday use of computers, mobile devices, email and social media in the workplace, companies must have in place effective acceptable-use policies. Companies who do have such policies in place are encouraged to review their policies to see if they are in need of being updated.
Eric W. Gunderson is an attorney and partner at Farrell & Gunderson LLC. He may be contacted at 410-290-1955 or [email protected].