In 2016, the majority of businesses rely on IT resources and communication systems to facilitate their work and there is no denying that there are significant advantages in doing so.
However, there are also risks associated with it, and employees’ inappropriate use of IT systems is high on the list of potential risk factors.
What risks could employers be exposed to?
Employees’ misuse of IT could lead to:
- Unauthorised disclosure of confidential information, relating to a client, supplier, employee or the organisation itself, which could expose a business to reputational damage and may also breach the Data Protection Act 1998.
- Loss of productivity.
- Harassment, discrimination and bullying of colleagues may also occur via sending of inappropriate material or making comments about others.
Further, failure to communicate to your staff what is and is not acceptable can lead to difficulties when you try to take disciplinary action for what you consider to be misuse. For example, in a recent Australian case, a man was held to have been unfairly dismissed for watching hard core pornography during his lunchbreak at work because there was no IT policy preventing him from doing so! Of course, we do not know the precise the circumstances of the case and there might have been other factors that influenced the decision but it is clear that you must ensure your employees understand what is expected of them.
What should employers do?
Introducing comprehensive IT and social media policies will help you to manage the risks associated with employees’ use of IT and social media by educating employees about the risks and consequences of improper use.
Top Tips for drafting an IT/Social Media Policy
- Clarify rules on personal use
Think about when it is ok for your employees to use your IT. Lots of employees can use their smart phones to access the internet and social media and so you may take the view that there should be no personal use of your systems. However, this is not necessarily practical and you may prefer that employees put their phones away all day. Therefore, you might be happy for them to do a bit of internet shopping on their lunchbreak. Whatever you decide to do, you should ensure your policy sets clear boundaries.
- Make sure the policies reflects your organisation
Drafting the policy is your opportunity to set ground rules to ensure that you, your managers and your employees take a consistent approach to using IT and social media. You should take time to consider the needs of your business and tailor your policies accordingly.
- Keep policies up-to-date
The way in which we use IT and in particular, social media, evolves and changes at an alarming pace and it is, therefore, important that you review and update your policies regularly to ensure that they are current. You should also ensure that updates are communicated to your staff as there is little purpose in having a policy on something if no one knows about it.
- Include examples of unauthorised use
The list does not have to be exhaustive but having examples will ensure your employees know exactly what is expected of them, e.g.” not to defame or disparage us, our staff or any third party; to harass, bully or unlawfully discriminate against staff or third parties; to make false or misleading statements; or to impersonate colleagues or third parties.” You should also cross refer your IT and social media polies with other relevant policies, e.g. equal opportunities, confidential information and data protection, to make it clear that a breach of those policies via the use of IT/social media will be considered a disciplinary matter.
- Who owns your contacts?
If employees will be using social media to build contacts on your behalf during their employment, you need to think about who those contacts belong to? For example, are employees entitled to add business contacts to their personal social media accounts? Are they expected to delete those contacts when they leave? This is something that should be dealt with in your policies. However, it is important to remember that this applies to contacts created in the course of employment, not contacts an employee has brought with them to your business.
For senior employees who have greater access to business contacts, you may also want to consider having restrictive covenants in their employment contract to restrict their ability to “poach” business contacts post-employment. However, trade restrictions should not be imposed for any longer than is necessary to protect your business and it is important that you take advice on drafting such restrictions.
- Remember to notify employees of monitoring
If, as part of your IT strategy, you will be monitoring employees’ emails or internet use, you must inform them. This is because monitoring an employee’s use of internet and emails amounts to the collection of “personal data” and, therefore, falls within the protection of the Data Protection Act 1998. An easy way of communicating this is to include it in the business’ IT policy.
We also suggest that the policy asks employees to mark their private emails as “personal”. Employers should respect their employees’ privacy by not reading these emails.
If you are concerned about social media use within the workplace or wish to find out more information, please contact Amy Jones at ajones@thorntons-law.co.uk or call us on 01382 229111.
