Implementing Email & Internet Policy For Business Systems

Good email and internet policies go along way to improving workplace relations and keeping everyone safe. Steven Troeth, a lawyer with Gadens in Melbourne, advises that a good policy should:

•  Be in writing
• Explain that work email and internet access are business tools and that usage will be monitored from time to time, without warning.
• Be tested and updated regularly
• Not prohibit personal use of email, but should define “reasonable personal use”.
• Explicitly forbid unauthorised transmission of any important documents containing, for example, trade secrets or confidential Client information.
• Set out, unambiguously, the consequences of breaching the rules. If summary dismissal is an option, it should be made clear.
• Note that certain activities are against the law, not only against company policy, and explain them.
• Note that while there is no absolute right to privacy at work, a prudent employer will only intrude on employees’ privacy when it is legally justifiable and morally defensible, and there are good reasons for doing so.

To those factors, add:

• Maintain a receipt register of the signatures of staff to whom the policy statement has been provided. This adds the extra weight of your employees knowing that it can be proved that they are in possession of and are bound by the rules.
• Discuss your policy openly and invite employee input. Most of your team are going to be decent honest people who have their own opinions (sometimes more fixed and strict than yours) about what is and isn’t fair in the use of the company’s resources.
• Explain that some people think email is relatively secure between sender and receiver. Most e-mail is insecure and should be regarded as insecure unless it has been encoded or encrypted. Have your staff understand that e-mail can be compared to a postcard in that anyone who receives it can read it. E-mail may also be read if it is stored on servers during transmission.
• Have staff understand that e-mails are hard to destroy. Many people think that if they delete their e-mail it is gone forever. This is not so as most electronic documents are backed up and recoverable.
• Staff should also be aware of the “logging” function of most networks which include web servers, mail servers and gateways all of which log transactions and communications. These logs will normally include the e-mail addresses of senders and recipients of e-mail and the time of transmission. System administrators (who may not necessarily be employees of the company, but may be contractors or outside service providers) are also capable of reading the contents of e-mails sent and received by the corporate network.
• At the end of the day, open discussion on a frequent basis will serve to ensure that everyone is aware of and understands your wishes as expressed in your written policy, and you will find that “the good staff” support it, and will actively enforce it for you among less committed members.

From the Employee’s Side
It might be of interest to summarise the employee’s side of things from the perspective of the AMWU and its guidelines for email and internet access to its members:

The Unions accept the prohibition of employees:

• Accessing offensive materials, such as sexually-explicit images and/or text; racist materials; and other hateful commentary.
• Accessing, saving or distributing information that could damage the employer’s reputation; be misleading or deceptive; result in victimisation or harassment; or lead to criminal penalty or civil liability;
• downloading unauthorised software;
• computer hacking

For more information from this source, check http://www.amwu.org.au
For the Government’s take, see http://www.privacy.gov.au/internet/email/