EPOLICY DOS
AND DON'TS

ePolicy DO's

1. Establish comprehensive, written ePolicies that address employee use of eMail, the Internet, and software.

2. Educate employees about software piracy. Ensure compliance with all software licenses.

3. Communicate the fact that the organization's eMail and Internet systems are to be used strictly as business communications tools. But don't stop there. Provide clear guidance on what is, and is not, considered appropriate electronic business communication.

4. Bear in mind that some personal use of your organization's eMail system may be warranted. Employee’s today put in more on-the-job hours than at any time in history. For employees who leave the house before dawn and don't return until well past dark, eMail may be the most efficient and effective way to stay in touch with family members. For the sake of employee morale and retention, savvy employers generally are willing to accommodate their employees' need to check in electronically with children and spouses. Let your employees know where you stand on this issue, and how much personal use (if any) is acceptable.

5. Incorporate an overview of your organization's discrimination and sexual harassment policies in your eMail policy. Because of the relaxed, informal nature of eMail, some employees will put in writing comments they never would say aloud. Make sure employees understand that regardless of how it is transmitted, an inappropriate comment is an inappropriate comment. And all it takes is one inappropriate comment to land you on the wrong side of an expensive, protracted lawsuit.

6. Review your written ePolicies with every employee. New hires and long-time employees, managers and supervisors, full-time professionals and part-time staff, telecommuters and temporary employees, independent contractors and freelancers--everyone should be informed of your eMail, Internet, and software usage policies. Have all employees sign and date copies of each policy to confirm they have read and understand each document.

7. Incorporate your written ePolicies into your organization's employee handbook and new-hire orientation materials. Have the organization's human resources director review ePolicies with every new employee.

8. Address ownership issues and privacy expectations. Let employees know that the contents of the eMail system belong to the organization, not the individual user. If management monitors and reads employee eMail, say so. Make sure employees understand that their eMail can, and will, be read at any time without notice to or permission of the employee. If there is any chance you may want to monitor employees' home computers, make that clear as well.

9. Support your eMail and Internet policies with eWriting and cyberlanguage policies designed to reduce risks by controlling content.

10. Establish netiquette policies for eMail senders and receivers, managers and staff.

11. Implement a risk management policy that incorporates retention and deletion policies, password policies, and monitoring and filtering software.

12. Establish a computer security policy. Put into place procedures and tools designed to keep unscrupulous hackers and internal saboteurs out of your system.

13. Install software to monitor and filter eMail and Internet use.

14. Purchase cyberinsurance policies to help mitigate electronic risk.

15. Develop an eCrisis communication policy for dealing with the media and public should an eDisaster occur.

ePolicy DON'TS

1. Rely solely on eMail to communicate your ePolicies. Require each employee to read, sign, and date a hard copy of each policy. Do use eMail messages, along with the company's Intranet system, to remind employees of your policies and management's commitment to enforcing them.

2. Expect employees to train themselves. Educate employees about what’s, why's, and how's of your ePolicies. Make employees aware of their eRisks, eRights, eResponsibilities, and the repercussions they will face for violating eMail, Internet, and software usage policies.

3. Create separate policies for management. Establish corporate eMail, Internet, and software policies, and insist that officers, managers, supervisors, and staff all adhere to them. A supervisor who turns a blind eye to an employee's online gambling addiction, a manager who winks at software piracy, a board member who sends risqué jokes to senior executives--all are putting the organization at risk.

4. Forget your international associates. If you do business or operate facilities abroad, incorporate a discussion about effective international eCommunication in your eMail policy.

5. Assign one individual the responsibility of single-handedly enforcing your organization's ePolicies. Make all managers and supervisors aware of the important role they play when it comes to monitoring employee behavior. Assign specific monitoring and enforcement roles to HR and information management professionals.

6. Allow employees to dismiss the organization's ePolicies as insignificant or unenforceable. Make sure employees understand that their computer activity will be monitored. Stress the fact that ePolicy violators will face disciplinary action that may include termination. Let employees know you mean business by enforcing your ePolicies consistently.

Excerpted from The ePolicy Handbook by Nancy Flynn, ©2001. www.ePolicyInstitute.com.