The Importance of Acceptable Use Policies

Virtually every company relies on technology to operate its business, and has employees who everyday use the company’s computers, email, and internet access to perform their jobs. These should also be communicated with others outside the company. That is why it is so important to have effective acceptable use polices regarding their use of their computer, email, and internet.

When businesses are developing, implementing, and enforcing these policies, leaders should consult their IT professional  and their legal counsel regarding these policies. Here are several issues which businesses often overlook, misunderstand, or are simply not aware of.

Computer, Email, and Internet Acceptable Use Policies

From a legal perspective, to be effective an acceptable use policy should be crafted so that it does the following:

  • Consistency
    Promotes use that is consistent with company policies and prohibits use that is in violation of those policies, industry regulations, or other laws with which the company must remain in compliance. It should be clear that computers and other devices are made available for business activities and operations of the company. The use of these devices is permitted for business-related purposes only, and employees are expected to use the devices in a professional manner that does not violate company policies or the law.  Where appropriate, specific industry regulations or laws and the conduct they prohibit or restrict should be cited.
  • Reduce Liability
    Reduces the occurrence and potential liability of claims by employees such as harassment, discrimination, or defamation. Clear boundaries should be set for employee conduct, specifically with regard to the use of email communications and the internet.  In addition, the policy should encourage, if not require, employees to report any conduct that they believe is in violation of this policy. It should also cross-reference the company’s anti-discrimination and anti-harassment policies.
  • Reduce Privacy Expectations
    Reduces an employee’s expectation of privacy regarding the information contained on their computer, emails they have sent and received, and their history of online activity. It should be made clear to employees that they should have no expectation of privacy with regard to their use of company computers or other devices. The computers system and devices are the property of the company and are subject to monitoring at any time, with or without notice, irrespective of whether the information, emails, or online activity involves personal information or subject matter.
  • Protect Company’s Confidential Data
    Serves to protect the company’s confidential and proprietary business data. An acceptable use policy should be consistent with and reference the company’s policies regarding the use and disclosure of the company’s own confidential and proprietary business information or that of its customers. It is important in this day and age that businesses have in place a business information and confidentiality policy.
  • Protect Individual’s Confidential Data
    Serves to protect the confidential personal information of employees. An acceptable use policy should also be consistent with and reference the company’s policies regarding the access and disclosure of the personal and confidential information of its employees.  It is also important to have in place this type of policy as well.
  • Extends to Personal Devices
    Extends to an employee’s use of their personal devices when there is the potential for the use to impact the company or its workplace. Policies should be crafted so that they apply when an employee uses a personal device for company-related business, or even for personal business if it is connected to the company’s wired or wireless network.

Can a company restrict their employees from sharing information about their employer on social media?

Next month, Eric will share with us acceptable use policies for employees’ social media and social networking. This will include how to address both personal and professional use, and whether or not it is legal for employers to prohibit employees from posting company information, or their opinions about their supervisors, or work conditions.

About Eric Gunderson

Eric W. Gunderson is an attorney and partner at Farrell & Gunderson, LLC.  Mr. Gunderson focuses his practice on working with businesses and their corporate leaders to provide counsel and representation in matters involving employment law, employee relations, business disputes, and other business and civil litigation matters in Howard County as well as throughout Maryland and the District of Columbia.