Internet and Email Policy

Most businesses will use the Internet and e-mail every day in the general running of the business. Whether this is just internally or externally contacting customers and dealing with suppliers etc.

Why Have a Policy?

The purpose of implementing Internet and e-mail policies at work is to ensure that employees understand the way in which it should be used. It should:

• Enable both employees and the company to derive the maximum benefit from e-mail and the Internet
• Alert employees to the dangers that can arise to the organisation if it is misused
• Inform employees of the consequences of any misuse, including possible disciplinary action

Obviously, some companies are stricter than others when it comes to Internet and e-mail use and some may require its employees to use it more than others so there is no standard policy right across the board. However, any organisation should have a clear and coherent policy which is understood fully by its own employees.

Implications Regarding The Data Protection Act 1988

Employees can sometimes be suspicious of their e-mail and Internet use being monitored by their employers and it is necessary to ensure that employers are compliant with the Data Protection Act (DPA). The Information Commissioner has produced 'The Employment Practices Code' which includes guidance on and employer's rights to monitor staff. The code recommends that employers carry out an impact assessment to establish whether their Internet and e-mail monitoring complies with the DPA.

Such an assessment should identify:

• The purpose of the monitoring
• The benefits it is likely to deliver
• Any likely adverse impact

Once the Risk Assessment has been completed, it is important that a code of practice is drawn up and made available to employees as to what is and isn't acceptable use of e-mail and the Internet and their approach to monitoring.

Policies can state that viewing pornographic material, for example, is prohibited and highlight disciplinary procedures for those who break the rules.

Network Security

The risk from the Internet to an individual computer is limited. However, most organisations with Internet access will also have their own computers linked into a local network which then becomes vulnerable to misuse - be that unintentional or deliberate. Technical security features can include:

• Firewalls - to protect against unauthorised access
• Protocols - which can encrypt sensitive information
• Anti-virus software - which can prevent the threat of viruses invading and shutting down the computer network although there is still an element of risk and employees should be made fully aware of the company's policy on downloading files
• Passwords - Any policy should state what the rules are for employees changing passwords and for disclosing them

Browsing the Internet

The policy must state who will be allowed Internet access and whether that can be for business use only or can include personal use. The problem is that, even for business use, web browsing can become unfocused and time consuming, wasting both the company's and the employee's time. Often, the IT department may monitor what sites are being browsed and by whom and, if monitoring of this kind takes place, it should be stated in the policy alongside any action that could take place should an employee misuse the Internet. The policy should state unequivocally that browsing offensive, obscene or indecent material is strictly forbidden.

Using Email

E-mail communication is so quick that it has garnished a reputation of being as informal as using the telephone but it is important to remember that it has the same permanence of other forms of written communication and, as such, must be controlled.

The policy should state whether it can be used for business use only or is also permitted for personal communication and should state that sending offensive material will not be tolerated. The sender of a message which causes offence should be subject to the normal disciplinary procedures and remember that unlike verbal communication, an e-mail is often hard evidence to back up a particular complaint. Employees should also be made aware if their e-mail is being monitored.

The Internet and e-mail has revolutionised the speed and the way in which we can communicate at our place of work but, for all its benefits, there are the drawbacks associated with the loss of productivity if the access is abused - some people have even been known to e-mail the person next to them to ask a simple question - hardly an efficient use of time.

Then there are also the wider implications of security. A significant risk to a company's security occurs through inappropriate and careless use of computer networks so a company should be extremely vigilant when drawing up its own policy on e-mail and Internet use and ensure that employees are fully aware of what the policy contains and the consequences of abusing it.