Home » NEWS » Acceptable use policy protects business from abuse
Improper use of technology by employees causes problems

Acceptable use policy protects business from abuse

A newspaper ad for a sports site on the Web shows an employee hunched over the computer. The ad’s script says that if you stand around the water cooler talking about

last night’s game, you look like your are goofing off. But if you’re at your terminal looking at the sports Web site, you look busy.

Loss of productivity is just one reason why businesses are advised to have an acceptable use policy (AUP) governing how employees use the Internet.

Andy H. Prussack, an attorney in the Jackson office of Phelps Dunbar, L.L.P., Jackson, said there are three primary reasons to have an AUP.

“The Internet is a valuable resource in the workplace, but it can also lead to legal liability, as well as loss of productivity,” Prussack said. “From a legal standpoint, in-office

viewing of pornographic or otherwise inappropriate Web sites and the circulation of off-color jokes over the electronic mail system may lead to employee claims of sexual

harassment or racial discrimination. The other concern is a potential breach of the company’s confidential and proprietary information.”

Still another concern is downloading of computer viruses. That can affect a business drastically as was seen with the Love Bug virus seen in February of this year.

Prussack recommends that employees be required to comply with the company’s virus-screening procedures before downloading software or opening attachments.

He also recommends:

• A statement that Internet usage will be for businesses purposes only, or in furtherance of the employer’s business.

• Make it clear that what happens through the employer’s e-mail or Web site belongs to the employer. Employees need to expressly acknowledge their activities through

the Internet on company computers are not private, and that the employer reserves right to monitor and inspect employees’ use of Internet.

• A sexual harassment statement should prohibit using Internet sites that contain obscene, pornographic or objectionable materials.

• A statement is also needed regarding the consequences to employees for breaching the policy.

• There needs to be some form of acknowledgement by the employee that he or she has received the AUP. If the AUP is in the employee handbook, employees may be

asked to sign indicating receipt of the handbook. Or the AUP can be circulated as in interoffice memo to be signed by each employee.

There are a number of sample AUP documents available on the Internet. But Prussack said laws can vary state by state, and federal and state laws may apply differently

depending on the type of industry.

“The risk you run is that you don’t know that the state and federal laws that applies to you have been analyzed in connection with an AUP from a Web site,” Prussack

said. “Two, you don’t know that the policy you are copying has ever been reviewed by a lawyer. You could just be perpetuating an unreviewed policy.”

The fact is that businesses are responsible for their employee’s use of the Internet, and that makes it important that written policies are in effect that protect the business.

H. Stephen (Steve) Brown, an attorney with The Bogatin Law Firm, P.L.C., Memphis, Tenn., says that while most large businesses have an AUP, many small- and

medium-sized businesses don’t. Brown, who specializes in Internet privacy and security issues for businesses, recommends that the AUP be carefully considered.

“If a business adopts a policy that it doesn’t understand, it could turn out to be an inappropriate policy,” Brown said. “My experience is that businesses, small and large,

don’t have appropriate Internet privacy and security policies.”

A security breach becomes possible when a cookie is placed on an employee’s hard drive. Businesses may not realize that if someone is using an office computer, a

cookie can be sent through the employee’s browser to the business’ hard drive.

“The breach of security and the possible violation by the business of federal and state privacy laws would both be of major concern,” Brown said. “Every business at least

needs to be knowledgeable and aware of the problems. As businesses become more educated, they will see there is a big benefit to having such policies. Without an

understanding of the Internet and how it works, and without having an appropriate policy, the security of the data bases within a business are at risk.”

Brown recommends considering policies that require a firewall between the business’ server and its database, and suggests that sensitive information should be encrypted

in the event of a breach of security.

Another issue to be considered is how employees’ use of the Internet will be monitored. Most large companies have a type of electronic monitoring, which employees may

find more fair and private than having someone monitor their e-mail. For example, one large company automatically sends out a warning if an employee is hitting a large

number of different sites. If the warning is ignored, it is followed up with another warning and then disciplinary action.

Greg Geren, public affairs manager for State Farm in Mississippi and Alabama, said the company believes it is important to have an AUP in place and for employees to

know what the policy is.

“We want to make sure employees know if they violate that policy, there can be some ramifications for that,” Geren said. “The policy says if there is evidence of abuse,

we can verify that but only through the highest levels of organization. For example, the front line manager does not monitor Internet usage or look at e-mails. Those

decisions are made much higher up in the executive level.

“We think it is important, since State Farm is a mutual insurance company owned by policyowners, that we use the resources provided to us in a business manner. Our

policy owners benefit from us having such a policy in place to prevent abuses that might occur.”

State Farm employees are reminded on an annual basis what policies are in regards to use of the Internet and company equipment. Geren said all new associates are

trained in the policy, and steps are taken to make sure the policy is administered on a fair and equitable basis after a proper investigation has been done into any alleged

abuses.

Some companies aren’t opposed to limited personal use of the Internet at work. For example, BellSouth guidelines allow occasional personal use of BellSouth

Internet/intranet communication systems so long as such use does not affect job performance or disrupt others, and doesn’t violate guidelines for Internet usage.

“BellSouth encourages its employees to use the BellSouth Internet/intranet communications systems when such use supports the goals and objectives of BellSouth and its

business units or affiliates,” said Patsy Tolleson, spokesperson for BellSouth. “Use of these systems for inappropriate purposes is prohibited. Inappropriate use includes:

threats, pornographic or sexually explicit material, material containing derogatory racial, gender, religious or hate-oriented comments, offensive language, or material which

is otherwise inappropriate or unlawful, or discriminatory language or remarks that would constitute harassment of any type.”

Contact MBJ staff writer Becky Gillette at mullein@datasync.com or (228) 872-3457.

About Becky Gillette

Leave a Reply

Your email address will not be published. Required fields are marked *

*