Corporate computers and information and communications systems (collectively, “electronic resources”) remain the workhorse for most businesses, even as alternatives, such as third-party text messaging services, external social media, and cloud computing, flourish. Employees rely on corporate electronic resources for e-mail, calendaring, business contacts, Internet access, document creation and storage, and a multitude of other business applications. Consequently, for employers, it is critical to establish and maintain their right to inspect all information stored on, and to monitor all communications transmitted by, corporate electronic resources. The corporate acceptable use policy is the linchpin of that effort.
Preparing an acceptable use policy is far more challenging today than it was just a few years ago. Simply invoking the mantra, "employees have no expectation of privacy," as some employees have done in the past, will not suffice. Recent technology developments, new laws and regulations, and novel judicial precedent have exposed employers to litigation for inspecting information stored on, and monitoring communications transmitted by, their own electronic resources.
The ten tips below are intended to aid employers who either want to implement an acceptable use policy for the first time, or who need to update their policy. These ten tips are not a comprehensive list of every point that should be addressed in an acceptable use policy. Rather, they are designed to help employers avoid some common pitfalls.
Employers should strongly consider implementing an acceptable use policy or updating one that currently is in effect. The policy’s principal objective should be to inform employees up front about the employer’s expectations for their use of corporate electronic resources and about the employer’s ability through the use of monitoring technology and otherwise to enforce those expectations. In addition, a carefully drafted and thorough acceptable use policy can serve as a defense when an employer’s conduct with respect to its own electronic resources is challenged. Employers should keep in mind that rapid changes in user and monitoring technology and an evolving legal framework mean that the acceptable use policy should be revisited at least annually to confirm that it is accurate, comprehensive and adequately addresses recent developments.