An employee has been copying pornographic images off the Internet and showing them to co-workers. Another has been using company e-mail to distribute racist jokes. And several others have downloaded some hot new software onto their office PCs-violating federal copyright laws. It’s bad enough these employees are surfing the Net instead of working. But you also have another big problem-you can be held legally liable for their online activities. Fortunately, some simple but important steps, such as formalizing an Internet policy and monitoring employee Internet activities, can buy you a great deal of protection.
Are Employees Working Or Surfing?
The Internet is a valuable tool for many businesses, and more and more companies find it’s worthwhile to provide access for their workers. But as Internet use expands, so do your potential problems and risks.
Employees who use the Internet to send sexist or racist e-mail messages expose you to the claim that you permitted an illegal hostile work environment to exist. You could be hit with a sexual harassment lawsuit if, for example, an employee obtains pornographic materials via the Web and shares them with co-workers or even if other employees happen to see them on the computer screen.
In addition, many workers download software or other materials off the Internet without realizing they are subject to copyright restrictions. Employees may also be tempted to “borrow” materials found on the Internet and incorporate them into company reports, brochures, materials or products-putting your organization at risk for a copyright infringement lawsuit.
The Internet also makes it easier than ever for employees to disclose -intentionally or not-your valuable company trade secrets. The problem is compounded because many workers incorrectly assume e-mail messages are private and secure.
400+ pages of state-specific, easy-read reference materials at your fingertips—fully updated! Check out the Guide to Employment Law for California Employers and get up to speed on everything you need to know.
Protecting yourself from these dangers doesn’t have to be complicated. The key is to draft a written policy regulating employee use of online resources and clearly informing workers that their computer activities may be monitored. While the specific provisions will vary depending on your organization’s own needs and goals, an Internet policy should cover these seven areas:
- Define acceptable uses. Spell out exactly what’s considered acceptable on-line use. For example, you can limit it to work-related purposes only. Or you might want to allow more flexibility-such as permitting workers to send personal e-mail or to surf-but restrict the hours of the day or amount of time they can spend on personal Internet use. In either case, make clear that employees cannot state their company affiliation or purport to represent the company in any way while on the Internet unless authorized as part of their job duties.
- Prohibit harassment and pornography. Be sure to state what types of on-line conduct are off-limits. Make it absolutely clear that sex, age, race or other harassment is prohibited, including sending racially or sexually offensive messages. Also forbid retrieving, downloading or sending pornography of any kind.
- Protect confidential information. Make sure workers know your trade secrets policy and stress that they must be careful because confidential company information can be inadvertently disclosed over the Internet. Consider investing in some type of encryption software so that even if sensitive material falls into the wrong hands, the person won’t be able to read it.
- Limit privacy expectations.
If you monitor your employees’ Internet use without their knowledge, you could be sued for invasion of privacy. The best way to avoid this is to make sure workers understand that their online communications are not private.
Your policy should make clear that all messages sent or retrieved over the Internet are company property. Then spell out under what circumstances, if any, employee e-mail or Internet use may be monitored.
For example, you may choose to monitor online usage whenever there’s a business reason for doing so, either on a periodic basis, or at any time for any reason. And regardless of whether you intend to monitor, remind employees that e-mail messages are not private because they can easily be forwarded to someone other than the designated recipient or printed out and distributed to others. Even deleted messages can usually be retrieved from the system. (For more on e-mail privacy, see CEA March 1996.)
- Restrict unauthorized downloading. Inform employees that copying software or other material off the Internet can violate copyright laws unless the vendor or author authorizes it. Also, you may want to require employees to have your advance written authorization before any software is downloaded into your system from the Internet or any other source.
- Specify penalties. Put some teeth in your policy by clearly stating that violations will subject the worker to disciplinary action, up to and including termination. Then make sure you follow through and consistently enforce the rules.
- Publicize your policy. Distribute the policy to all workers and have them sign an acknowledgment that they have read, understood and agree to abide by it. Also, consider having an electronic reminder summarizing your policy-for example, that Internet access is not private and is permitted for business use only-appear on the screen each time employees log on. Finally, make your Internet policy a central part of any computer training you provide and explain the risks to both employees and the company if the system is misused.
Installing software that allows you to monitor your workers’ use of the Internet can also provide some added protection. A number of products will track exactly where your workers go on the Internet and what they do there. Many programs also allow you to restrict which sites your workers may visit. The cost ranges from under $100 to many thousands, depending on the number of users you have.
Numerous programs are available for networked systems, including WebSENSE from NetPartners Internet Solutions (800) 723-1166; LittleBrother Pro from Kansmen Corp. (800) 200-9881; and ON Guard Internet Manager from ON Technology Corp. (617) 374-1400. NetSnitch (888) 424-5900, originally designed for home use, tracks Internet use on individual PCs.