• Share on Facebook
  • Share on Facebook
  • Share on Linkedin
  • Share by email
  • Share on Facebook
  • Share on Facebook
  • Share on Linkedin
  • Share by email

Kieran Cooper and Sean Egan consider how organisations can protect themselves on the Internet.

Giving staff access to the Internet is not without its problems. The key issue that organisations need to consider is that under UK law they are liable for the actions of their employees during the course of their employment. This also applies when staff are using the company IT infrastructure for tasks that are not related to the organisation?s activity. If a member of staff were to download illegal copies of music CDs or write something defamatory or libellous in an email whilst they were at work, then the company may be liable. Even something like forwarding a sexually-explicit joke email could become a problem for the organisation if someone were to complain, not to mention the bad publicity.

Most companies can trust their employees not to abuse the system; but as with Equal Opportunities and Health & Safety, having a written policy makes sure that all staff know what the organisation expects of them. If a member of staff breaks that agreement then the company is in a position to take disciplinary action. If everything is left to trust, an employee could legitimately argue that they weren?t aware that what they were doing was wrong and could therefore challenge any formal warning or dismissal proceedings against them.

What all organisations that employ staff need, therefore, is some kind of Acceptable Use Policy (AUP) for the Internet. This will set out in plain language exactly what the company will, or will not, allow staff to use the Internet for. It also needs to be realistic. It makes no sense to proclaim a complete ban on sending private emails if it is clear that everyone is doing it; but there will be areas (such as downloading sexually or racially offensive material) where zero tolerance is clearly appropriate.

A policy is worthless until it is communicated to all staff and, ideally, everyone should sign a document binding them to the policy and confirming their awareness of its terms. This should then sit in their personnel file. It is also advisable, particularly if you are introducing a new policy, to organise training and briefing sessions for everyone so that there is a chance for questions to be answered. Above all, AUP?s need to be applied fairly and consistently in order to be fully effective.

It is also sensible for organisations to use the available technology to minimise the possibility of any problems in this area occurring. Systems that can filter emails or restrict access to websites are plentiful now but they do need to be kept up to date. If staff aren?t able to access the websites they need in order to do their jobs they are clearly going to be frustrated.

Using software to monitor access to websites by individual staff should also be considered ? indeed, many regard an AUP as worthless unless the company takes steps to identify misuse before problems arise. This is a tricky area because of legislation that governs data protection privacy. The Information Commissioner has issued a code that suggests best practice, but goes further than the law requires (http://www.informationcommissioner.gov.uk). The interception of employee emails is a potential minefield. The position is clear if the AUP states that no personal emails are allowed and all emails may be monitored. However, this may be an unrealistic policy to sustain. If some personal email is allowed then you need to make the rules clear ? for example, the subject field must state ?Personal?. In that case an employer should not monitor the contents of those emails but is still able to monitor email traffic. Only when an employer has reasonable grounds to believe the employee is behaving improperly should personal emails be opened. If the employer opens an email when it shouldn?t (and the temptation will be great), the employer will appear to be acting unfairly in the way it investigates problems. The issue normally arises in relation to unfair dismissal claims, when an employer that has not acted by the book is vulnerable to losing what may well be an otherwise unmeritorious claim.

The majority of organisations are unlikely ever to have a problem, but there are risks if something were to go wrong ? not least the legal liability for an employee?s actions or the risk of an adverse employment tribunal decision. It is therefore advisable for steps to be taken to address the issues.

Kieran Cooper is a Director of the arts management consultancy Catalyst Arts.
t: 01225 340340; e: kieran@catalystarts.com. Sean Egan is Head of the Arts and Media Department at Bates Wells & Braithwaite Solicitors. e: segan@bateswells.co.uk