How to Set Up and Maintain Internet and E-mail Policies

Electronic communications have revolutionised business communications, although the huge increase in use has taken some organisations by surprise. Many people now routinely use e-mail and the Internet for personal communication and interest, as well as in the workplace.

Clearly formulated policies can help ensure that decisions made within the organisation, which affect workers, are well thought out, understood by all users, are consistent and fairly applied, take full account of their effect on all areas of activity, satisfy legal requirements and contribute to a productive relationship between the employer, the workforce and their representatives.

Managers who know the objectives and policies of the organisation are more likely to act consistently and fairly. Workers can be more effective when uncertainties about the organisation's intentions and any inconsistencies in management decisions are removed. Involving workers and their representatives in the development, implementation and operation of policies is more likely to make them acceptable and successful.

* help protect itself against liability for the actions of its workers (vicarious liability);
* help educate system users about the legal risks that they might inadvertently take;
* make clear to users who they should contact about any particular aspect of the policy;
* notify users of any privacy expectations in their communications;
* prevent damage to systems; and
* avoid or reduce unnecessary time being spent on non-work-related activities.

The organisation may wish to get individuals to sign off that they have read and understood the policy, perhaps by incorporating it in contracts or terms and conditions of employment. It should be part of the induction process for new workers. This will help prevent any claim that someone has not seen or understood the policy if a problem surfaces.

Consultation with trade unions or other worker representatives if a union is not recognised in the organisation, as well as management and contractor representative, will help provide authority and legitimacy. Consultation will also demonstrate the commitment of the organisation and its senior management to producing a workable and sensible framework. The policy should generally cover everyone in the organisation unless there are good reasons for exceptions, for instance levels of access to organisational information.

The advantages and benefits of electronic communications will depend on the aims of the organisation and the way the technology is introduced and operated, but common benefits might include the speeding up of communication with the ability to contact a specified group of people at the same time if required, revolutionising the possibilities for flexible working, allowing easy contact for freelancers, tele-workers and for video conferencing, and the opportunities the Internet offers for research, for contacting organisations or people in the same field of interest or trade, for commercial transactions and the provision of a shop-window for the organisation via a website.

In introducing electronic communications the organisation should consider possible problems, which may include:

* e-mail is not the informal and transient form of communication that many people think it is; deleting a message does not mean it is unrecoverable;
* intensive use of e-mail and unnecessarily wide broadcasting, can lead to information overload and stress, as workers try to keep up with the number of e-mails received;
* the ease and speed of e-mail can lead to inadequate thought going into a message and the possibility of the words or tone being misinterpreted by the recipient;
* sites visited via the Internet are traceable;
* there are a number of laws that cover electronic communications and employer monitoring of emails and Internet use by workers;
* it is essential that any organisation using these technologies, or thinking of installing them, considers the impact they might have, the position of workers and the legal liabilities that may by incurred; and
* having a proper policy in place will help everyone understand the boundaries that may be imposed.

As well as the many benefits of e-mail, it is essential that all workers in an organisation realise the following potential pitfalls:

* it is not an informal communication tool, but has the same authority as any other communication to and from the organisation;
* external e-mails should have disclaimers attached;
* it should be regarded as published information;
* e-mails are not confidential and can be read by anyone given sufficient levels of expertise;
* binding contracts may be inadvertently created; and
* defamation of colleagues or other parties (deliberate or otherwise) may occur.

The organisation may allow full personal use of the e-mail facility, or limited use, or prohibit any personal use. If personal use is allowed, staff should be made aware of the possibility of importing viruses into the system and what action to take if, for instance, an e-mail has a suspect attachment, or they are sent a chain letter. The organisation should have a nominated person, who can advise on security issues. Breaches of the policy should be dealt with like any other breach of the rules, perhaps leading to disciplinary action as set out in the organisation's discipline and grievance procedures.

The Internet is a valuable business tool for research and for comparing products, supply and prices. Some organisations allow reasonable personal use of the web, perhaps outside working hours; some allow no personal use at all. If personal use is granted, the organisation has to be aware of some of the issues that may arise. Factors to consider include the fact that connection costs can be high, with resulting high telephone bills, viruses can be imported into the organisation's system, inappropriate sites may be visited (pornographic, racist, sexist etc), people may spend too long on personal surfing during working time, and whilst there are no national or cultural boundary restrictions, there are legal boundaries

Most policies will seek to establish a balance between business and personal use, whilst encouraging staff to develop effective computer skills. Organisations should cross-reference any computer use policy with other relevant policies, for instance, the handling of confidential information, use and storage of personal data, consultation and communications at work, training, equal opportunities and harassment, and discipline and grievances at work.

Some organisations will need to have a detailed policy, others may be less so, but there will be features in common, such as:

* how much personal use can be made, if any;
* confidentiality issues, trade secrets, access to organisational information;
* when to attach disclaimers to e-mails;
* good housekeeping practices, including locking keyboards and password security;
* use of language and appropriate etiquette (no capitalisation of text, correct forms of address and signing off);
* prohibition of inappropriate messages i.e. any that might cause offence or harassment on grounds of age, sex, race, disability, age, religion;
* prohibition of deliberate accessing of offensive, obscene or indecent material from the Internet, such as pornography, racist or sexist material, violent images, incitement to criminal behaviour etc;
* being aware of copyright and licensing restrictions that might apply to downloaded and forwarded material, whether Internet or e-mail, and including unauthorised software, games etc. (The importation of viruses is often through downloading files and programmes from external sources);
* what monitoring, if any, will be carried out by the organisation; and
* what might happen if a breach of the policy occurs.

Generally speaking, in larger organisations personnel/human resources employees are likely to be responsible for the overall operation of the policy, making amendments as necessary and dealing with breaches. IT departments are more likely to be responsible for the security of the communications system and reporting possible breaches and problems. Some smaller organisations may contract out their IT work, including security responsibility. Training is likely to be a management responsibility, with IT departments or contractors giving specific technical training as required. The policy should make clear who in the organisation is responsible for the implementation of training. It is important to note that the field of electronic communications and the relevant legislation changes rapidly, so policies should be reviewed regularly and revised/reissued as necessary.

The decision whether to monitor systems and information should be part of the initial development of the policy. All organisations are likely to install anti-virus software to protect their systems, but there are many other forms of software available, which can be used for automatic blocking and monitoring of flow and content of communications such as blocking access to certain Internet sites, monitoring of emails, by content, size of attachments or graphic/animation files, monitoring large-scale circulation of emails, which might make the system less effective and run less smoothly.