INTERNET AND EMAIL ACCESS
POLICY
www.hwca.com
�Internet and Email Access PPolicy
olicy
In order to protect the firm, its employees, customers and suppliers, all members of staff
should be given a copy of the firm’s policy regarding acceptable use of IT resources –
particularly internet, email access, and data protection policies. It may also be necessary to
have a separate Bring Your Own Device (BYOD) policy covering the use of personal devices
and to what extent (if any) these are permitted to connect to corporate information
systems.
Any such policies should form part of the contract of Personal phones, personal headsets and
employment - to the extent that any breaches of the use of social networks
policy could result in disciplinary action, and in some
Firms may wish to include references to the use of
cases even dismissal.
personal phones, personal headsets and social
Having an acceptable use policy not only helps protect networking. The use of these or restrictions on the use of
the organisation’s exposure to rogue software, legal these will very much depend on the working
action, and loss of corporate/personal data but can also environment.
help in disputes with employees.
Email Model policy statement
Employees need to be wary of the content of all emails To minimise these kinds of potential problems, employers
they may send. One email sent without thought as to the should consider setting out a policy statement for all
potential repercussions can have unintended employees embracing internet and email access.
consequences for both the employee and organisation.
A suggested policy statement is shown below which you
Illegal material may find useful as a starting point.
Due to the uncensored nature of the material on the
internet, there are a large number of websites which
contain offensive, obscene and illegal (in the UK) Policy and scope
material. Employees should not access such sites. The company/firm (delete as appropriate) sees the
internet and the use of email as an important business
Viruses and phishing tool.
Innocent looking websites and emails have been used to
tempt users to download material which has been found Staff are encouraged to enhance their productivity by
to contain a virus, or to disclose company, or personal using such tools - but only in accordance with the
confidential data they would not normally impart. guidelines set out in this document.
The internet is largely unregulated and uncensored and
we have a duty of care to protect the security of the
company’s/firm’s internal information, our customers, our
suppliers and our employees from malevolent, obscene
and illegal material.
www.hwca.com
�Monitoring - Optional paragraphs 1 and must not interfere with the person’s job
responsibilities. Private use must not disrupt IT systems or
With this in mind, the company/firm reserves the right to
harm the company/firm’s reputation.
monitor emails and internet sites visited on an employee
basis. However, this will only be performed where there is You should exercise caution in any use of the internet
a suspicion of behaviour which breaches the company’s and should never rely on information received or
‘email and internet access’ policy. downloaded without appropriate confirmation of the
source.
Staff under surveillance will be informed, by
management, that they are being monitored.
Access to the internet and email
Covert monitoring will only be performed in exceptional All/The following users have access to the internet and
circumstances and only when sanctioned by a senior email from all/the following PCs...
officer(s) of the company/firm.
Personal use
Monitoring - Optional paragraphs 2 The internet may not be accessed for personal use during
With this in mind, the company/firm reserves the right to normal hours of employment. Occasional use for personal
monitor email and internet traffic. However, individual reasons is allowed outside working hours, however the
users will not be identified in the monitoring process. restrictions set out in ‘Browsing/downloading material’
(below) must be adhered to.
It will be assumed that all staff understand and agree to
the policies unless a director (partner) is notified Personal emails may not be sent/received unless in an
otherwise. Any exceptions are to be appended to the emergency and with prior authority from a manager.
employee’s contract of employment and signed by a
director (partner) and the employee. [Optional paragraph on Personal use of mobile phones,
personal headsets and social networking]
All the company’s/firm’s resources, including computers,
access to the internet and email are provided solely for Emails and email attachments
business purposes. Emails must conform to the same rules as issuing
correspondence on the company’s/firm’s headed paper.
The purpose of this policy is to ensure that you
understand to what extent you may use the computer(s) Optional sentence - Emails must be authorised by either a
owned by the company/firm for private use and the way director/partner (or manager).
in which access to the internet should be used within the
company/firm, to comply with legal and business Emails must not contain controversial statements/
requirements. opinions about organisations or individuals. In particular,
racial or sexual references, disparaging or potentially
This policy applies to all employees of the company/firm libellous/defamatory remarks and anything that might be
and failure to comply may lead to disciplinary action in construed as harassment should be avoided.
line with the Disciplinary Procedure. In addition, if your
conduct is unlawful or illegal you may be personally liable. Emails must not contain offensive material.
General principles Emails containing a virus must not knowingly be sent.
A computer and internet access is provided to you, to Emails coming from an unknown source must not be
support the company’s/firm’s activities. opened but disclosed to management (see Disclosure).
Private use of computers and the internet is permitted Emails sent externally, must contain the company’s/firm’s
subject to the restrictions contained in this policy. Any disclaimer (see sample below)
private use is expected to be in the employee’s own time
www.hwca.com
�Emails (sent and received) must be stored in the • persistent downloading of illegal/obscene/offensive
appropriate client files and use the same naming material
conventions which are used to store letters and other • loss of corporate data or loss of machines and devices
correspondence. containing corporate data
Browsing/downloading material Disciplinary
Only material from bona fide business, commercial or A breach of any of the policies is a disciplinary matter.
governmental websites should be browsed/downloaded.
Illegal activities will also be reported to the relevant
No other material should be browsed/downloaded. This authorities.
specifically includes games, screensavers, music/video
and illegal, obscene or offensive material.
Laptops/portables and portable media Inappropriate use
devices Computers are a valuable resource to our business but if
used inappropriately may result in severe consequences
a) TTra
ravvelling with laptops/portables
to both you and the company/firm. The company/firm is
• Laptops are liable to be inspected by authorities particularly at risk when you have access to the internet.
particularly if travelling by air/sea/rail, both within and The nature of the internet makes it impossible to define
outside the UK. Where an employee has a company’s/ all inappropriate use. However you are expected to
firm’s laptop they must ensure that it does not ensure that your use of computers and the internet
knowingly contain illegal material. meets the general requirements of professionalism.
• Laptops containing corporate data should be Specifically, during any use of the computer or internet
encrypted. you must not:
b) Using laptops/portables on remote connections • copy, upload, download or otherwise transmit
commercial software or any copyrighted materials
• Company’s/firm’s laptops may be used for email/
belonging to the company/firm or other third parties
internet use without being connected to the
corporate server. Appropriate security software to • use any software that has not been explicitly approved
allow such access and to control viruses, should be for use by the company/firm
installed. • copy or download any software or electronic files
without using virus protection measures approved by
c) Using portable media de
devices
vices the company/firm
• Portable media devices include USB drive, CDs, DVDs • visit internet sites or download any files that contain
etc indecent, obscene, pornographic, hateful or other
objectionable materials
• Where these contain confidential corporate or
personal data, the data contained on these devices • make or post indecent, obscene, pornographic, hateful
should be encrypted. or otherwise objectionable remarks, proposals or
materials on the internet
Disclosure • reveal or publicise confidential or proprietary
Employees have a duty to report the following to information (including personal data) about the
management: company/firm, our employees, clients and business
contacts.
• suspect emails/email attachments/websites
• obscene/illegal material found on a PC The following activities are expressly forbidden:
• persistent use of the internet for personal reasons
www.hwca.com
�• the deliberate introduction of any form of computer of using the internet, to assure compliance with all our
virus policies. Such monitoring will be used for legitimate
• seeking to gain access via the internet to restricted purposes only.
areas of the company’s/firm’s computer system or
another organisation’s or person’s computer systems
or data without authorisation or other hacking Sample eMail disclaimer
activities This email and all attachments it may contain are
• downloading corporate information onto portable confidential and intended solely for the use of the
media devices (such as USB drive or CD) unless individual to whom it is addressed. Any views or opinions
management has expressly approved this activity presented are solely those of the author and do not
• uploading personal/private information (for example necessarily represent those of [the company/firm]. If you
music, films or photographs) from portable media are not the intended recipient, be advised that you have
devices (such as USB drive or CD) onto a local or received this email in error and that any use,
network drive, unless management has expressly dissemination, printing, forwarding or copying of this
approved this activity. email is strictly prohibited.
Please contact the sender if you have received this email
in error.
Monitoring
At any time and without notice, we maintain the right
and ability to examine any systems and inspect and Companies Act 2006 emails and
review any and all data recorded in those systems. Any
information stored on a computer, whether the
websites
information is contained on a hard drive, computer disk Changes to Company law mean that, every company
or in any other manner may be subject to scrutiny by the must include their company registration number, place of
company/firm. This examination helps ensure compliance registration and registered office address on corporate
with internal policies and the law. It supports the forms and documentation (this includes emails and
performance of internal investigations and assists the websites).
management of information systems.
In particular, all external emails must include this
In order to ensure compliance with this policy, the information - whether as part of the corporate signature
company/firm may employ monitoring software to check or as part of the corporate header/footer.
on the use of the internet and block access to specific
websites to ensure that there are no serious breaches of How we can help
the policy. We specifically reserve the right for authorised
We will be more than happy to provide you with
personnel to access, retrieve, read and delete any
assistance in formulating an acceptable use policy, or if
information that is created by, received or sent as a result
any additional information is required.
For information of users: This material is published for the information of clients. It provides only an overview of the regulations in force at the date of publication, and no action
should be taken without consulting the detailed legislation or seeking professional advice. Therefore no responsibility for loss occasioned by any person acting or refraining from action
as a result of the material can be accepted by the authors or the firm.
www.hwca.com
