EPOLICY DOS
AND DON'TS
ePolicy DO's
1. Establish comprehensive, written ePolicies that address employee use of eMail, the Internet,
and software.
2. Educate employees about software piracy. Ensure compliance with all software licenses.
3. Communicate the fact that the organization's eMail and Internet systems are to be used strictly
as business communications tools. But don't stop there. Provide clear guidance on what is,
and is not, considered appropriate electronic business communication.
4. Bear in mind that some personal use of your organization's eMail system may be warranted.
Employee’s today put in more on-the-job hours than at any time in history. For employees who
leave the house before dawn and don't return until well past dark, eMail may be the most efficient
and effective way to stay in touch with family members. For the sake of employee morale and
retention, savvy employers generally are willing to accommodate their employees' need to check
in electronically with children and spouses. Let your employees know where you stand on this
issue, and how much personal use (if any) is acceptable.
5. Incorporate an overview of your organization's discrimination and sexual harassment policies
in your eMail policy. Because of the relaxed, informal nature of eMail, some employees will
put in writing comments they never would say aloud. Make sure employees understand that regardless
of how it is transmitted, an inappropriate comment is an inappropriate comment. And all it
takes is one inappropriate comment to land you on the wrong side of an expensive, protracted
lawsuit.
6. Review your written ePolicies with every employee. New hires and long-time employees, managers
and supervisors, full-time professionals and part-time staff, telecommuters and temporary employees,
independent contractors and freelancers--everyone should be informed of your eMail, Internet,
and software usage policies. Have all employees sign and date copies of each policy to confirm
they have read and understand each document.
7. Incorporate your written ePolicies into your organization's employee handbook and new-hire
orientation materials. Have the organization's human resources director review ePolicies with
every new employee.
8. Address ownership issues and privacy expectations. Let employees know that the contents
of the eMail system belong to the organization, not the individual user. If management monitors
and reads employee eMail, say so. Make sure employees understand that their eMail can, and
will, be read at any time without notice to or permission of the employee. If there is any
chance you may want to monitor employees' home computers, make that clear as well.
9. Support your eMail and Internet policies with eWriting and cyberlanguage policies designed
to reduce risks by controlling content.
10. Establish netiquette policies for eMail senders and receivers, managers and staff.
11. Implement a risk management policy that incorporates retention and deletion policies, password
policies, and monitoring and filtering software.
12. Establish a computer security policy. Put into place procedures and tools designed to keep
unscrupulous hackers and internal saboteurs out of your system.
13. Install software to monitor and filter eMail and Internet use.
14. Purchase cyberinsurance policies to help mitigate electronic risk.
15. Develop an eCrisis communication policy for dealing with the media and public should an
eDisaster occur.
ePolicy DON'TS
1. Rely solely on eMail to communicate your ePolicies. Require each employee to
read, sign, and date a hard copy of each policy. Do use eMail messages, along with the
company's Intranet system, to remind employees of your policies and management's commitment
to enforcing them.
2. Expect employees to train themselves. Educate employees about what’s, why's,
and how's of your ePolicies. Make employees aware of their eRisks, eRights, eResponsibilities,
and the repercussions they will face for violating eMail, Internet, and software usage
policies.
3. Create separate policies for management. Establish corporate eMail, Internet,
and software policies, and insist that officers, managers, supervisors, and staff all
adhere to them. A supervisor who turns a blind eye to an employee's online gambling addiction,
a manager who winks at software piracy, a board member who sends risqué jokes
to senior executives--all are putting the organization at risk.
4. Forget your international associates. If you do business or operate facilities
abroad, incorporate a discussion about effective international eCommunication in your
eMail policy.
5. Assign one individual the responsibility of single-handedly enforcing your organization's
ePolicies. Make all managers and supervisors aware of the important role they play when
it comes to monitoring employee behavior. Assign specific monitoring and enforcement
roles to HR and information management professionals.
6. Allow employees to dismiss the organization's ePolicies as insignificant or
unenforceable. Make sure employees understand that their computer activity will be monitored.
Stress the fact that ePolicy violators will face disciplinary action that may include
termination. Let employees know you mean business by enforcing your ePolicies consistently.
Excerpted from The ePolicy Handbook by Nancy Flynn, ©2001. www.ePolicyInstitute.com.
