Corporate computers and information and communications systems (collectively, “electronic resources”) remain the workhorse for most businesses, even as alternatives, such as third-party text messaging services, external social media, and cloud computing, flourish. Employees rely on corporate electronic resources for e-mail, calendaring, business contacts, Internet access, document creation and storage, and a multitude of other business applications. Consequently, for employers, it is critical to establish and maintain their right to inspect all information stored on, and to monitor all communications transmitted by, corporate electronic resources. The corporate acceptable use policy is the linchpin of that effort.
Preparing an acceptable use policy is far more challenging today than it was just a few years ago. Simply invoking the mantra, “employees have no expectation of privacy,” as some employees have done in the past, will not suffice. Recent technology developments, new laws and regulations, and novel judicial precedent have exposed employers to litigation for inspecting information stored on, and monitoring communications transmitted by, their own electronic resources.
The ten tips below are intended to aid employers who either want to implement an acceptable use policy for the first time, or who need to update their policy. These ten tips are not a comprehensive list of every point that should be addressed in an acceptable use policy. Rather, they are designed to help employers avoid some common pitfalls.