- Establish the business reasons for the policy. The business reasons can include protection of client information, trade secrets, maintaining a secure computer system.
- Set expectations for the level of privacy. Inform employees that email, internet and computer usage will be monitored by the company. Indicate how the company will monitor the employee’s use.
- Consent. Obtain the employee’s consent prior to monitoring. This may be accomplished by including the policy in the employee handbook.
- Personal Use. It is not practical or efficient for an employer to prohibit all personal use of email and the web. You may be better off allowing an employee to handle small personal matters efficiently rather than requiring the employee to be out of the office on errands or making multiple phone calls. However, the company should restrict the uses so that an employee would know what is an appropriate use of those resources.
- Prohibit inappropriate or offensive material and profanity. This should include sexually inappropriate materials, including jokes that are often sent by email among the employees.
- Limit the use of the Web. You should provide limits on use of the Web for other than business purposes so that employees are not using chat rooms or bulletin boards. In addition, the company should prohibit solicitations, ads or promotions via electronic mail because the Company may be required to allow distribution of notice or materials that are adverse to the Company’s interests.
- Provide employees with a confidential manner in which to report potential violations.
- Provide consequences for violation of the policy. There should be a range of punishment – from warning, suspension of use, counseling, demotion to termination.