Publications: Updating Your Electronic Communications Policy

To read the formatted version of this Client Update, please click the Related Files link.

Today’s employees are more reliant on e-mail and the internet, and more capable of computerized mischief, than ever before. Employers consequently face at least three recurring problems: 1) employees conducting personal business on company time by accessing personal e-mail accounts (AOL, Yahoo, Comcast, etc.) through company computers; 2) employees sending and/or receiving inappropriate e-mail messages or internet links via company computers; and 3) unauthorized sharing of network passwords and access.

In a holiday season that’s sure to set records for internet shopping, untold employee “working” days have undoubtedly already become unauthorized shopping days. Particularly in office environments with universal computer access, the drain on productivity now, and throughout the year, is dramatic. This loss of employee time exacts a personnel cost that is difficult to quantify, but real and substantial. The problem is compounded by the risk and reality of employees using company computers, and both personal and business e-mail accounts, to commit sexual and other unlawful harassment through inappropriate e-mails and other unauthorized internet usage.

Improper e-mail traffic over company computers, even through otherwise personal email accounts, creates employment liability and so cannot be immune from employers’ scrutiny. Employers should not be lulled into a false sense of security that otherwise inappropriate employee e-mail use or website access may somehow be less risky when it takes place through personal e-mail accounts.

Employees’ unauthorized sharing of network passwords and network access with other employees, or even non-employees, also exposes the enterprise to serious risks. These security risks range from tampering with network data to unauthorized downloading of confidential employer information to system sabotage. System security from these risks is obviously critical to protect the company, its customers and its clients from irreparable losses. A discussion of network security measures to contain unauthorized access is beyond the scope of this bulletin. But as with protecting employee productivity and preventing computerized harassment, the human resources solution starts with a clear, universally distributed and uniformly enforced policy on electronic communications and information systems.

Employers should issue or update electronic communications policies that prohibit or limit unauthorized internet use for personal business on company time. Policies should cover both e-mail use and internet website access through business and personal email accounts. They should make it clear that employees should have no expectation of privacy in their use of company computer equipment, including portable devices, and make it clear that compliance will be monitored. Harassment policies should make it clear that harassing, offensive or inappropriate e-mails and website visits are unqualifiedly prohibited, whether committed through company or personal e-mail accounts.

Finally, employers should update their electronic communications policies to expressly prohibit employees’ unauthorized sharing of network passwords and bar unauthorized access to, or use of, network data. Internal information technology specialists or outside IT professionals should be regularly consulted for specific direction on new risks and necessary security measures, including monitoring programs, to ensure the integrity of the network and to safeguard it from misuse or, worse yet, sabotage. Remember, as with all employment policies, even-handed enforcement of your electronic communications policies is essential to defeat employees’ claims of discrimination.