It’s time to make some serious New Year resolutions and what better one to make than to review your organisation’s communications policy. After all, the changing ways we are sending email, browsing the Internet and interacting with social media websites such as Twitter, LinkedIn and Facebook whilst at work still provide potential risk hot spots for the organisation.
Just this month, a survey conducted by the Yorkshire Post has revealed a rising number of work place disciplinary hearings across Yorkshire. Hundreds of staff at local councils, hospitals and schools have been investigated and in some cases sacked for misusing the Internet at work. Many got into trouble for using social networking sites and for posting abusive messages while others resigned or were dismissed for viewing pornography.
At a time when the public sector is under increased scrutiny to perform well these kinds of disciplinary hearings don’t look good for top managers. But private companies are also facing similar problems with staff bringing their corporate reputations into disrepute. Indeed, even top law firms have slipped up in the past – remember Claire Swires at Norton Rose?
So, here’s some top points to consider when writing your communications policy
Reviewing your communications policy
1. Ensure that your communications policy covers use of all corporate communications systems and networks, including email, Internet, websites, mobile devices and social media.
2. State that non-compliance of your communications policy can lead to disciplinary action and/or termination of contract. It must be legally incorporated into the terms and conditions of employment (or contractor/consultant contract) and can be referred to in a staff handbook, IT policy, new joiner’s manual, etc.
3. Bring the policy to the attention of every worker who has access to your systems. Make it clear that workers must never send or store emails or attachments that are obscene, indecent, sexist, racist, defamatory, abusive, in breach of copyright, compromises data protection, or is otherwise inappropriate. Highlight other legal and regulatory issues in your training
4. Specify that workers should treat emails as having the same legal authority as signed letters on headed paper
5. Lay down procedures for contracting by email (or IM – instant messaging), including specifying which level of employees are authorised to enter into such contracts on behalf of the organisation.
6. Stipulate that the processing of personal data must comply with the organisation’s privacy/data protection policy.
7. State whether workers are permitted to use the organisation’s email accounts to send and receive personal email. Organisations that allow employees to use the organisation’s email account for personal use must also inform workers of any relevant restrictions on use
8. Inform workers not to open attachments to email messages from unknown senders without first having them scanned for viruses. Organisations should consider deploying an automatic checking system for viruses, worms, bots and other malware, and inform workers accordingly to help reduce infection and spread of infection
9. Contain a warning that strictly confidential emails should not be send via the Internet without the recipient’s prior consent unless encrypted.
10. Discourage personal advertising by email (or IM) or sending messages for missing items and other trivial administrative matters unless genuinely urgent (workers should be encouraged to use bulleting boards instead, for example via the Intranet/Extranet.
11. Refer to the procedures that are in place for dealing with disputes and complaints in relation to email and IM
12. State that employees must not discuss any aspects of the organisation’s business (e.g. on the Internet or in newsgroups) unless part of the employees job description;
13. Inform workers that the organisation reserves the right to monitor worker Internet use. Monitoring must be carried out in accordance with Data Protection and The Lawful Business Practice Regulations. Internet browsing should be monitored regularly, log reviewed, and filtering put in place to stop accessing inappropriate or illegal material;
14. Where personal Internet browsing is allowed, to specify the limits of use (e.g. during specific periods, such as in their lunch time);
15. Discourage the practice of downloading material which is unnecessary for business purposes;
16. Refer to the procedure for resolving complaints / disputes over Internet use;
17. Encourage workers only to go online when necessary;
18. Make sure to scan downloads or transmitted materials to/from the Internet. Install firewalls and any other software for workers to check files and attachments for viruses, and give them training.
Further information
You can find some standard policy templates in E RADAR’s new online shop. We can also help you with your corporate training needs
Related articles
About the Author:
Specialist in Internet | e-business | social media | ICT governance, public policy and legal compliance; UK, EU and global laws and regulations; standards and good practice; business affairs and government relations; commercial risk. Industry Representative, Ministry of Justice's EU Sales Law Task Force. Visiting Lecturer on IT Governance and Security, Manchester University School of Computer Science. Author of 'Privacy in E-business', published by the British Standards Institute 2004.
Will Roebuck – who has written 89 posts on E RADAR | Smarter business online.
• 
• 
• 
• 
Latest market rates
