Volume 11, Number 6 - July/August 2002

Some Sample Provisions and Why to Use Them

Related Article:   Work Station or Purgatory?       By Porter, Wilson & Scheib

• Business reasons for a policy — State the business reason for adopting a policy, which may include the need for protecting trade secrets, maintaining the integrity and security of the company's computer system, protecting sensitive customer information, protecting the employer from liability to third parties, protecting the integrity and reputation of the company and its line of business, and ensuring optimal employee productivity. These needs establish the reasonableness of the policy and its scope, and demonstrate that the policy is not unnecessarily intrusive.

• Dispel expectations of privacy — State that e-mail, Internet and computer usage will be monitored. State that monitoring "will" occur, as opposed to monitoring "may" occur. State that the employer "reserves the right" to monitor. Spell out exactly what monitoring activities will be. Many states have laws prohibiting e-mail or computer-use monitoring without notice to the employee of such monitoring. Even in those states without such monitoring laws, courts have regularly allowed invasion of privacy claims for telephone eavesdropping, communications recordings and the intercepting of employee private mail. A company that never tells employees that monitoring will occur may run into legal problems if it starts to monitor.

• Consent — Have employees sign an acknowledgement form with the policy attached or require every user to accept the terms of the policy each time (or periodically) that he or she logs onto the company's network as evidence of consent to the policy and monitoring. Documenting consent to the policy will combat the employee's later claim that he or she was unaware of it.

• Prohibit inappropriate, sexually explicit or offensive material and language — Computer screens can create liability for the employer if they are used to depict sexually explicit images or materials that offend persons in the workplace. Informal, inappropriate e-mails between co-workers can often be embarrassing, if not damaging, for a company. Merrill Lynch recently discovered that when internal employee e-mails negatively describing the value of certain dot-com businesses that they or other company analysts were simultaneously promoting were made public.

• Deter defamatory language — Prohibit the use of defamatory language, the ability to enter chat rooms and limitations on the use of the Web for other than business purposes. Provide clear guidelines on how to describe and use competitors' trade and service marks, products and services in communications without engaging in trade libel. These measures will deter employees from going onto Web sites, bulletin boards and chat rooms to voice criticisms of executives or their employers.

• Prohibit solicitations, ads or promotions — The distribution of solicitations wastes employee time and often puts pressure on employees. More critically, an employer who permits such distributions may find that it is compelled to permit employees to use e-mail to distribute union literature and notices or other materials that could be harmful to the interests of the employer. In one example, the National Labor Relations Board found that E.I. du Pont engaged in discriminatory conduct when it put its e-mail system off limits to a union, yet allowed the e-mail system to be used to distribute information on such subjects as drugs, the IRS, religion and TV programs.

• Avoid intellectual property infringement, misappropriation and hyper-linking — State that all employees should comply with software and other intellectual property licenses and all copyright and trademark laws. The average employee is often unaware that downloading a screensaver, copying software, forwarding an e-mail or downloading music can all trigger copyright infringement claims under certain circumstances.

• Protection of confidential information — Reference the confidentiality agreements already in place between an employer and key employees. Additionally, explicitly restrict the release of confidential information about the company and its clients/customers. Remind employees about the widespread forwarding of e-mail to help keep employees more cautious about what they say and how they say it.

• Ban unapproved encryption devices — Specify that the employer must approve encryption devices. This ensures that the employer will be able to access and monitor equipment and content. This protects against the misuse of information, or loss of information if the employee leaves the company.

• Spell out disciplinary action — State the sanctions that will be imposed for violations of the policy. Punishment should range from a warning, to suspension of Internet and e-mail privileges, to counseling, to demotion, and finally to termination. This flexibility will ensure that the "punishment fits the crime." Enforcing these sanctions consistently and promptly will help defend against a claim of unfair treatment.

• Provide a clear method for reporting violations — Specify a confidential means by which an employee can inform management of possible violations of the policy. Designate more than one person who may be told of violations, to ensure that no one person is untouchable and that employees will have a choice and may report to the person with whom they feel most comfortable. The persons designated to receive reports should have an explicit duty to investigate each reported violation.