Acceptable Use Policies: Letting employees know what is/isn’t OK to do on your computers
July 10 2007
Business owner Johnie Champ knew that trouble was brewing. In the office one day, she saw an employee of her small research-services firm viewing pornography on his company-owned workstation.
She confronted him; he denied it. By looking at the logs, her network tech was able to confirm it hadn't been the first time.
Several months later, Champ succeeded in firing the employee, but not before a legal exchange that racked up attorneys' fees and cost everyone time and worry.
Champ's experience illustrates some of the liabilities that come with a business computer system. Owners may be held legally accountable for offenses committed by employees via company networks, including harassment and creation of a hostile work environment. Security of company secrets can be an issue.
In addition, few businesses want company resources sapped by employees who run their own gigs on the side, such as e-bay trading or other online ventures, or who simply spend too much time surfing on the job.
And finally, web-surfing to certain sites poses risks to the network thru potential infection from viruses, Trojans, and spyware.
Your shield from this predicament is called an "acceptable-use policy." By putting in writing how employees may and may not use your company network, you not only protect yourself against many legal risks, but also give employees a clear idea of what is and isn't acceptable.
Many small business owners feel they know employees too well to worry about these issues. Policies don't have to be overly prohibitive, and you can allow workers some leeway for personal use.
Most, for example, prohibit illegal activities, and let employees know their use may be monitored. But by having a policy on the books and signed off by employees, you go a long way to protecting yourself from legal pitfalls and to being able to get yourself out of unpleasant situations should one arise. Some tips:
- Make clear that use of employer's computer systems is for business purposes only, and all files and messages are company property.
- If personal use is permitted, prohibit personal use that interferes with employees' work or that of others (e.g., prohibiting non-work related websites such as chat rooms, games, travel, shopping, stock trading, hate/discrimination, pornography, etc.).
- Prohibit inappropriate use including transmitting or downloading of material that is discriminatory, defamatory, harassing, insulting, offensive, pornographic or obscene.
- Prohibit copying and sending any confidential or proprietary information, or software that is protected by copyright and other laws protecting intellectual property.
- Prohibit unauthorized access by employees of other employees' electronic communications.
- Notify employees that any misuse will be subject to discipline, up to and including termination.
- Inform employees that employer may access, search and monitor voice mail, e-mail or company files of any employee that are created, stored or deleted from company computer systems.
- Have employees sign a company policy or notice on acceptable usage of employer's computer information systems.
- Visit the Oregon State Acceptable Use Policy at: http://www.oregon.gov/DAS/IRMD/CIO/pol_SITP1_3.shtml
- Don't forget phones, copiers and faxes!
- For more pointers, see: http://humanresources.about.com/od/internetpolicysample/