Internet and email policies (Hong Kong law)

This guide is based on the law of Hong Kong. It was last updated March 2005. A UK version is also available.

Overview

It's common for businesses to provide internet and email facilities to their employees. The aim is to allow faster and improved communication between businesses. However, it can be a double-edged sword. Email is less formal than letter or fax and, consequently, some employees will exercise less caution and attention to detail than they would if using the hard-copy methods of communication. Sometimes, little or no thought is given to confidentiality and security before clicking the "send" button. Further, businesses may give their employees free-rein on the internet without considering what they choose to download.

If employees have no rules or guidelines to follow, each will form his or her own view as to what is and what is not permissible in e-mail and internet practice. This makes it difficult for the employer to achieve a united approach, to maintain security and to take effective disciplinary action if necessary. It can also be embarrassing and expensive for an employer when it is held responsible for the actions of its employees.

It is therefore advisable for all businesses to have an internet and email policy.

Drafting your policy

When drafting your internet and email policy, the following general principles should be considered:

• Use of email and internet should be consistent with employee responsibilities and should comply with all your other rules and procedures.
• Activities which might be illegal, offensive or likely to have negative repercussions for the business should be avoided. Consider what best practice procedures should be put in place, particularly internet and email etiquette do's and don'ts.
• Decide the extent to which employees can use the internet and email for personal purposes. Set down the parameters clearly and specify the consequences of misuse/abuse of the system, including disciplinary action and summary dismissal.
• Depending on the nature of the firm's business, a higher level of security (for example, encryption) might be required and tighter restrictions on the use of e-mail as a means of sending business information might be necessary.
• Hacking and/or unauthorised modification of computer material is a criminal offence. See our guide on Cybercrime

Things to remember about email policies

Client / business communications

Check if the business has an existing policy concerning business and internal communications (e.g. that any letter to a client should be first checked by a manager). If so, the same rules should apply to sending emails, in addition to any etiquette unique to email. Bear in mind that email messages might be delayed, intercepted or lost after sending. Therefore, where the information is particularly sensitive, confidential or time critical, you should consider whether more traditional methods of communication are more appropriate. (You may find our Confidentiality guide useful for these issues). In all external correspondence, the firm's email designation notice should be attached at the beginning of all email messages.

Court evidence

Email content is treated in the same way as verbal and written expressions and statements, unless the parties have agreed otherwise, and is admissible in a court of law.

Employer's vicarious liability

An employer will be held liable for any representations made or contractual arrangements entered into by its employees if it is reasonable for a third party to assume that such employees were acting with the employer's authority. Liability may also extend to illegal or unlawful activities carried out by employees which are linked to the employer. Always ensure that employees observe the firm's authorisation / vetting procedures and other policies on employee conduct when they are on-line just as they would have to when off-line. Further, set out clearly all activities which are considered prohibited. Remember:

• Casual contractual undertakings given in a business context may bind the company unintentionally.
• The company may be sued for inaccurate statements or misrepresentations.
• Some statements may amount to defamation.
• Unlawful or unfair processing of personal data may cause the firm to be in breach of its data protection obligations. See our guide on Data Protection.
• Illegal or unlawful activities may incur criminal liability for the firm.

Things to remember about internet policies

Capacity

An employee's electronic address at work identifies not only the individual, but also the company. Therefore, any activity engaged in by an employee on-line may negatively impact on the company. (Also, see employer's vicarious liability, above.) If employees are allowed to use the internet for personal purposes, they should always identify themselves as acting in a personal capacity for example, booking flights or engaging in discussions on internet chat sites.

Infringement / crime

Most images, text and materials put up on web sites are protected by copyright; others are protected by trade marks. The down-loading, possession, distribution or copying of copyright works (for example, a document, photograph, piece of music or video) is an infringement of copyright unless the person downloading is properly authorised to do so by the copyright owner. Bear in mind that some of the material available on the internet is illegal. See our guide on Branding and Intellectual Property.

Conclusion

If you are an employer and your employees have use of e-mail and/or the internet, you should certainly have a policy in place. If you do not have one, you can obtain one here. If you use it, make sure you bring it to the attention of your employees and make sure they follow it. The best policy is not to rely on a policy alone but to educate your employees on the correct use of email and the internet.

Any questions? Please contact peter.bullock@out-law.com / +852 2521 5621 or one of our other contacts.