Start / ... / Email Troubles and why you need an online policy

Email Troubles and why you need an online policy

Author: Tony Connolly

WHY DO YOU NEED SUCH A POLICY? Electronic Mail (Email) has become a widespread form of communication for businesses, both internally and externally, providing ease of communications, enhanced workflow, the transfer of information and ideas, and a mechanism for easy file transfer. In addition online access to the World-Wide-Web enables users to access data, services and information to assist them in performing their duties. While most businesses encourage the use of online electronic and email systems for business and for limited personal use, the fact that the business has legal responsibility for that usage have prompted the need for a formal policy regarding the use of email and the Internet within the workplace. A formal electronic online and email usage policy allows users of these systems to understand their rights and more importantly, their responsibilities when using these systems. It allows the Company to implement and communicate the proper procedures to protect against potential disclosure of sensitive information, and against potential litigation arising out of illegal or immoral use of the Company’s systems by staff. It also protects individual users from harassment of any form be it racial, sexual, religious or indecent. DEFINING AN ELECTRONIC & ONLINE USAGE POLICY The Company should appoint a Computer Security officer who has responsibility for the policy. Employees as users of the company’s electronic online and email system should be aware and comply with their responsibilities under the company’s electronic online and email policy. As evidence of this they should be required to sign the policy document confirming that they have read and understood it. The following are examples of the sort of issues that should be covered by such a policy: • All emails and all material generated using these systems, including all associated backups, represent an asset owned by the Company and the company retains all rights, including intellectual rights, to that material. • The Company reserves the right to monitor all aspects of the electronic online and email system for the purposes of operations, maintenance, auditing, security or investigation. • Network, system and mail administrators are not authorised to monitor or view employee’s email without the express permission of the user or authorised to do so by the Computer Security officer as part of the email monitoring process. • Any monitoring of individual usage should be authorised by the Computer Security Officer. Employees involved in the monitoring of electronic online and email facilities are obliged to keep all details of the monitoring process confidential. • Users of the email system should be made aware that unlike written communication, material written or transferred in an email message can be forwarded to third parties without their prior knowledge. • Employees should be obliged to inform management of any abuses of the policy. • The company will not be liable for any information sent by a user of the email system in the event that the user chooses to send such information in violation of the policy. • Users will access email and other online files only as authorised in the performance of their job function. Any user, who discovers a “security hole” in any system allowing them to access information they are not authorised to, should report the incident to the Computer Security Officer. • Users may not send fraudulent, harassing, embarrassing, indecent, profane, obscene, pornographic, intimidating or other unlawful material using any email or any other form of electronic communication system provided for by company. Any users receiving such material should report the incident to the Computer Security Officer. • Users may not access indecent, profane, obscene, pornographic, or other unlawful material using electronic online systems provided for by the company • The email systems may not be used for the transmission of commercial advertisements, solicitations, electronic chain letters, promotions, destructive programs (such as computer viruses, Trojan and/or self replicating code), political, pornographic and/or illegal material. Users receiving such material should inform the Computer Security Officer immediately. • Email users should use the same care when drafting email and other electronic documents as they would for written communication. Users should be aware that material written in emails could be forwarded to other users without their knowledge and can be accessed and reviewed by others. • Users may not send any material via the company’s email system that is in breach of software licenses and/or software copyrights, or copyrighted material such as text, picture, video and sound files. • Users of the email system may not use profane, abusive, derogatory or obscene remarks in email correspondence about fellow employees, competitors and/or customers. • All users are responsible for their email user id and password and for all correspondence and activities carried out using that user id. If a user suspects that their password has been changed without their permission or that someone else is aware of their password, they should change it immediately and notify the Computer Security Officer. CONCLUSION Businesses need to be aware of the legal implications of their staff using e-mail and Internet in the workspace. An electronic online usage policy should be in place to address these legal obligations. Various technologies exist to automate the enforcement of such a policy, including spam and content filtering which sets parameters for emails being received or issued and for websites accessed and either rejects or quarantines unacceptable content. However these only serve to implement the policy.