Employers need to keep in mind that equipment such as computers, laptops, phones, and tablets, which are provided by the company for employee use, belong to the company. As such, the company may, and should, set acceptable use policies for this equipment and specify sanctions for violations of those policies.
Such policies typically prohibit employees from using company equipment to:
- download any material that may be offensive, is subject to copyright laws, or was not scanned for viruses;
- disseminate any company or customer information without permission; and
- send offensive or harassing material to other employees.
Doing so can help protect the company against claims that the employee is using the company’s equipment to harass another, as well as maintain the security of the company’s confidential information.
Acceptable use policies may also prohibit or limit the use of company equipment for anything other than company business. The company should determine whether it wants employees to use their company equipment for any personal use – internet surfing; shopping; stock checking; personal email; Facebook; etc. Keep in mind, however, that whatever policy the company sets should be one it intends on enforcing.
Even though the equipment belongs to the company, state privacy laws may limit the company’s ability to inspect or monitor employee actions. For that reason, employers should notify employees that the company has the right to monitor their use of company equipment, and may access documents, emails or other material stored on company equipment, networks and servers, and obtain whatever written acknowledgement or permissions are necessary to comply with local laws.
In summary, acceptable use policies may help protect the company against:
- Damage to computer systems. Employees using the internet could expose the company’s network to hackers, or inadvertently download viruses and worms. Employees downloading materials could also slow down the company’s network and use up virtual storage space.
- Corporate espionage. As mentioned above, employees may inadvertently expose the company’s network to hackers, viruses or worms. This could enable outsiders to access confidential information belonging to the company or its customers. Indeed, news reports are full of stories of this very thing happening to banks, retailers and even government departments. Conversely—an employee may be engaging in corporate espionage on behalf of themselves or another so monitoring employee computer use could be key.
- Unauthorized disclosure of confidential information and/or damage to company reputation. Acceptable use policies may bar employees from disclosing company or customer information, whether through the internet, email, social media or other means, to persons outside the company without authorization by the company.
- Discrimination, sexual harassment, hostile work environment and other employment law claims. Employers could be held liable for an employee who displays offensive material on his or her computer screen at work. Employers could be held liable for an employee who uses computer and phone systems, such as email, to unlawfully discriminate against other employees, sexually harass other employees, or send offensive material to other employees.
- Copyright claims. Employers could be held liable if employees download to company equipment any material or software that is copyrighted or otherwise protected by the law.
- Productivity losses. The time that employees spend during working hours shopping, checking sports scores, posting to social media and other personal use of the internet all results in steep costs to employers for lost productivity.
An acceptable use policy can be included in the employee handbook or distributed as a standalone document. Employers should require employees to sign an acknowledgement that they have received the policy. Employers should also consult with counsel when drafting their acceptable use policies, to be sure that such policies complies with any applicable federal, state or local laws.