Webtrends Tracking Code
 
UK Home >  Legal Info About... >  Employment >  Internet and Email policies

Internet and email policies

This guide is based on UK law. It was last updated August 2008.

Overview

It's common for businesses to provide internet and email facilities to their employees. The aim is to allow faster and improved communication between businesses. However, it can be a double-edged sword. Email is less formal than letter or fax and, consequently, some employees will exercise less caution and attention to detail than they would if using the hard-copy methods of communication. Sometimes, little or no thought is given to confidentiality and security before clicking the "send" button. Further, businesses may give their employees free-rein on the internet without considering what they choose to download.

If employees have no rules or guidelines to follow, each will form his or her own view as to what is and what is not permissible in email and internet practice. This makes it difficult for the employer to achieve a united approach, to maintain security and to take effective disciplinary action if necessary. It can also be embarrassing and expensive for an employer when it is held responsible for the actions of its employees.

It is therefore advisable for all businesses to have an internet and email policy. To enforce any such policy, businesses will need to monitor the use of email and internet use by their employees in some way. There are rules to say how far businesses can go in monitoring their employees, dealt with below.

Drafting your policy

When drafting your internet and email policy, the following general principles should be considered:

  • Use of email and internet should be consistent with employee responsibilities and should comply with all your other rules and procedures.
  • Activities which might be illegal, offensive or likely to have negative repercussions for the business should be avoided. Consider what best practice procedures should be put in place, particularly internet and email etiquette do's and don'ts.
  • Decide the extent to which employees can use the internet and email for personal purposes. Set down the parameters clearly and specify the consequences of misuse/abuse of the system, including disciplinary action and summary dismissal.
  • Depending on the nature of the firm's business, a higher level of security (for example, encryption) might be required and tighter restrictions on the use of email as a means of sending business information might be necessary.
  • Hacking and/or unauthorised modification of computer material is a criminal offence. See our guide on Crime in the New Economy.

Things to remember about email policies

Client / business communications

Check if the business has an existing policy concerning business and internal communications (e.g. that any letter to a client should be first checked by a manager). If so, the same rules should apply to sending emails, in addition to any etiquette unique to email. Bear in mind that email messages might be delayed, intercepted or lost after sending. Therefore, where the information is particularly sensitive, confidential or time critical, you should consider whether more traditional methods of communication are more appropriate. (You may find our Confidentiality guide useful for these issues).

In all external correspondence, the firm's email designation notice should be attached at the beginning of all email messages. For example, your external emails could have the following wording above each message:

***** Email confidentiality notice *****

This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.

Beneath the message, you might want to give the name, address and contact telephone number for your business. (For more information see our guide to Email notices.)

Confidentiality notices such as this should not be relied on as being completely effective. If the disclosure of the contents of an email became the subject of legal action, it would only be possible to point a court to the existence of a confidentiality notice and argue that the recipient should have known to not disclose the contents of the message.

Some businesses automatically add a disclaimer to all their emails. In most cases, disclaimers that in effect tell a recipient not to rely on the content of the email will be ineffective. They also fail to inspire confidence in the sender, so they make little commercial sense.

Court evidence

Email content is treated in the same way as verbal and written expressions and statements and is admissible in a court of law. It is a commonly held misconception that emails carry less weight than letters on headed notepaper.

Employer's vicarious liability

An employer will be held liable for any representations made or contractual arrangements entered into by its employees if it is reasonable for a third party to assume that such employees were acting with the employer's authority. Liability may also extend to illegal or unlawful activities carried out by employees which are linked to the employer. Always ensure that employees observe the firm's authorisation/vetting procedures and other policies on employee conduct when they are on-line, just as they would have to when off-line. Further, set out clearly all activities which are prohibited. Remember:

  • Casual contractual undertakings given in a business context may bind the firm unintentionally.
  • The firm may be sued for inaccurate statements or misrepresentations.
  • Some statements may amount to defamation.
  • Unlawful or unfair processing of personal data may cause the firm to be in breach of its data protection obligations. See our guide on Data Protection.
  • Illegal or unlawful activities may incur criminal liability for the firm. See our guide on Cybercrime.

Things to remember about internet policies

Capacity

An employee's electronic address at work identifies not only the individual, but also the firm. Therefore, any activity engaged in by an employee on-line may negatively impact on the firm. (Also, see employer's vicarious liability, above.) If employees are allowed to use the internet for personal purposes, they should always identify themselves as acting in a personal capacity - for example, booking flights or engaging in discussions on internet chat sites.

Infringement / crime

Most images, text and materials put up on web sites are protected by copyright; others are protected by trade marks. The downloading, possession, distribution or copying of copyright works (for example, a document, photograph, piece of music or video) is an infringement of copyright unless the person downloading is properly authorised to do so by the copyright owner. Bear in mind that some of the material available on the internet is illegal. See our guides on Cybercrime and Branding and Intellectual Property.

Monitoring email and internet use

In the UK, it is unlawful to intercept electronic communications unless the interception has been authorised, whether by a warrant, by consent, or by regulations. Regulations that came into force in October 2000 provide circumstances in which a business can lawfully intercept emails (and telephone calls) made on its own systems, such as:

  • Gaining routine access to business communications;
  • Monitoring standards of service and training;
  • Preventing or investigating crime; and
  • The unauthorised use of systems.

There are other conditions on monitoring found in these Regulations, the Human Rights Act and guidance from the Data Protection Commissioner, including:

  • The employer must have taken all reasonable steps to inform the recipient and caller that the email and/or phone call will be intercepted.
  • The employer must be open about monitoring. Therefore, the limits of personal use should be set out and any restrictions specified. Ensure that employees know that their email and internet use will be monitored before they begin using it or before monitoring begins.
  • The employer should not intrude on the privacy of the employee and provide a mechanism for employees to delete email from the system.
  • Where possible, monitoring should be limited to an automated process. Do not monitor the content of emails unless the traffic record alone is not sufficient and do not open emails which are clearly personal.
  • Any personal information that is found that concerns employees must be used fairly.
  • The employer must establish a business purpose for monitoring (for example, to ensure that working time is used productively),and ensure that the impact on staff is not out of proportion to the benefits to the employer.
  • Do not monitor web sites visited/content viewed unless the business purpose cannot be achieved by recording the time spent on the internet.
  • In using the results of monitoring, take into account the ease with which sites can be visited by accident, and always give the employee an opportunity to explain or challenge the results.
  • If you permit employees to access the internet for personal reasons, ensure that no record is kept of the sites visited. If this is not technically possible, you must ensure that employees are made aware of what is retained and for how long.

Conclusion

So having read this, what should you do as an employer? The first thing you should do is review your current procedures regarding email and internet use. If you don't have an email policy, you should get one which takes into account the issues raised here. OUT-LAW.COM offers a free Communications Policy that you can download, amend and use in your business.

As for monitoring email and internet use, as an employer you can do so if your purpose falls within the circumstances set out above and you have made your employees and all recipients aware that the communication may be intercepted, provided you do so in an appropriate and proportionate manner.

If implementing a new policy, notify all employees by memo or circular that there will be a change of their contract terms, identify the date of implementation and give employees an opportunity to review the policy. Any policy can only be effective if it has been brought to the attention of employees and they follow it. The best approach is not to rely only on a policy but also to educate your employees on the correct use of email and the internet.

Finally, bear in mind that a policy will not be effective unless it is enforced. An employer cannot turn a blind eye to abuse of an existing policy then expect to suddenly enforce it against one or a number of employees. Such an unfair approach could easily backfire on the employer.

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

Advanced Search
UK Home
OUT-LAW News
Legal Info About...
Accessibility and Usability
Branding and Intellectual Property
Companies
Competition
Confidentiality
Consultancy
Contracts
Copyright
Crime and Security
Data Protection
Designs
Development
Dispute Resolution and Litigation
Domain Names
E-commerce
Email
Employment
Checklist for Teleworkers for Employers
Data protection and monitoring at work
Basic Guide to TUPE
The laws relating to monitoring your employees
Cyberslackers - all in a day's work?
Equal Opportunities Policies
Offshore outsourcing - what happens to the employees
Contracts of employment - the rules
Issues for Employers
Internet and Email policies
An introduction to pension schemes
Monitoring your employees' emails - legally
When is a contractor not a contractor?
Key employment issues around home working
Free communications policy
Disciplining an employee
An introduction to monitoring employees
References: How to write them
Mediation: how it can help to resolve employment disputes
Restrictive covenants in employment contracts
Staff and their personal blogs
Directors' pensions (menu of articles)
Directors' remuneration issues
Financial Services
Freedom of Information
Funding
Games
Hosting and Maintenance
Jurisdiction
Marketing and Advertising
Media and Creative Industries
Outsourcing
Patents
Procurement
Software
Tax
Trade Marks
User-generated Content
Forthcoming legislation
Case reports
Legal Info For...
Our Services
Case Studies
Events and Training
Fun
About Us
Contacts
Legal Notices

OUT-LAW Magazine

OUT-LAW Magazine: delivered FREE to registered users
OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.