Rules of engagement

Even the smallest business needs a policy to govern internet use and misuse, says Lesley Meall

Blogs. Viruses. Pornography. Personal e-mails. Instant messaging. The internet’s time-wasting and trouble-making potential just keeps on growing. But it is a fact of life in most work environments, and if it is to be more of a boon than a burden, its use must be managed. Left unchecked, it can lead to all sorts of problems: from poor system performance and inappropriate records management procedures, to corporate identity theft and sex discrimination claims.

So computers with internet access need the protection of firewalls, virus check software, spam filters and anti-spyware – and most now have them in place. Formal written policies governing internet use are much less commonplace, but they are just as important. Employee misuse of the internet raises issues about productivity, responsibility, legal liability and security; and they must all be managed, not left to chance.

Not everyone instinctively understands why it is a bad idea to download and store the trailers for all of their favourite films, e-mail the client database to a cousin who sells time share apartments on the Costa del Sol, or discuss company business in an open blog exchange. But once people are made aware of the implications their behaviour can have, most will think twice before doing something that could have a negative impact on the company or their future career.

E-mail has the same legal status as the printed word. Both internal and external electronic communications are potentially actionable for breaches of legislation ranging from the Data Protection Act, through copyright, defamation and libel, to sexual harassment. Employers and employees are potentially liable – ignorance is no defence – and inaction can result in a fine, or even a jail sentence (see www.buys.co.za/casestudies_email_internet.htm).

So businesses need to integrate electronic messages, in their various forms, into a formal records management procedure. It is inadvisable for decisions about the retention and storage of electronic documents or correspondence to be made by the individuals who create or receive them. Specialist computer-based tools are available to help with this, but a visit to www.archives.gla.ac.uk/ bacs/electronic-records.html can help to clarify the issues – and it doesn’t cost anything.

It is also important for employers and employees to be absolutely clear on what does, and does not, constitute acceptable use of the internet. Without an up-to-date policy it can be very difficult to discipline staff, as the accounting firm Wilson Dixon discovered when it came across the web diary created by one of its staff (for more information, Google blog+la+petite+anglaise+accountants). Organisations without an internet use policy should introduce one; those with one need to ensure that it remains current; and everyone needs to be made aware of its contents, and any action that will, or could be, taken against those who break it.

Free guidance on what to include in an internet use and abuse policy can be obtained from organisations, including the Chartered Institute of Personnel and Development (www.cipd.co.uk), the Information Commissioner’s Office (www.ico.gov.uk), and Business Link (www.businesslink.gov.uk). The latter even has a sample internet use and abuse policy available for download. So creating the policy doesn’t have to be a problem, even if coming to terms with the scope of it, and putting the necessary procedures in place, is significantly more complex and time-consuming.

Lesley Meall is a writer on business and technology issues.