General Practice, Solo & Small Firm DivisionMagazine
Internet Use Policies
BY MICHAEL J. MORSE AND CHARLES P. MAGYERA
Michael J. Morse is the village attorney for the Village of Menomonee Falls in Waukesha County, Wisconsin. He is the immediate past chair of the Milwaukee County Bar Association’s technology committee. He can be reached by e-mail at email@example.com . Charles P. Magyera are partners with the Milwaukee law firm of von Briesen, Purtell & Roper, S.C. He is a member of the firm’s business law section and regularly provides services to management in all aspects of labor and employment law. He can be reached by e-mail at firstname.lastname@example.org .
As law firms increasingly use the Internet as a resource for both legal and nonlegal information, and as e-mail becomes a preferred method of communication, Internet use policies are becoming a necessity.
These policies should be firmly grounded in common sense. Ultimately, law firm policies governing Internet usage should permit some incidental personal use but protect the firm from the negative aspects of inappropriate Internet use. There are four basic options for a law firm (or other employer) when crafting an Internet use policy:
1. Don’t provide the resource to employees, and prohibit Internet access at work and during work hours. While reasonable minds may differ, many experts believe this option does not make business sense, particularly for lawyers and law firms. In the Information Age, business success is more and more dependent on the ability to quickly access and process information. Lawyers are not immune from this trend. In addition, the proper use of technology helps to level the playing field for the small firm or solo practitioner faced with increasing competition from nonlawyers and large law firms.
2. Provide the resource, but don’t regulate its use. This option makes even less business sense than the option of not providing the resource at all. Inappropriate Internet use can adversely affect a law firm’s business, interfere with the work of its employees, increase its costs, and expose the firm to liability.
3. Provide the resource, but limit its use to solely business-related purposes. This is a reasonable alternative to the first two options, and some firms/employers have adopted such a policy. However, while technologically viable, the resources required to monitor and effectively enforce policy can make it a financially burdensome option.
4. Provide the resource primarily as a business tool, but permit incidental personal use. The basic premise for any Internet policy should be that Internet access provided by a law firm is intended primarily as a tool to help the firm better serve its clients. However, some incidental personal use of the Internet is likely to improve employee morale, increase employee productivity, and cement employee loyalty. Within that framework, common sense should dictate when incidental personal use of the Internet or Internet e-mail is appropriate, both as to the frequency of such conduct, and the nature of the use.
A Common Sense Policy
So what should be included in your firm’s policy? While this is not an exhaustive list, consider these points:
Integrate the Internet use policy with other existing policies. Since law firms have provided their employees with other resources for years, such as telephones, the Internet policy does not have to be viewed as an entirely “new” policy. It can instead be modeled after current policies governing the personal use of those other resources during work hours. For example, just as an employer would not reasonably be expected to tolerate hour-long personal telephone calls, the employer would not be reasonably expected to condone hours spent for personal enjoyment on the Internet during the workday.
The Internet use policy should be coordinated with preexisting employment policies such as the prohibition of sexual harassment in the workplace, and the rules governing privacy in the workplace (discussed further below).
The policy should stress that incidental personal use is a privilege that can be lost through abuse. The Internet policy should stress that firm-provided Internet access is a privilege and not a right. The policy could acknowledge that, while Internet access is primarily a business tool, the firm recognizes and accepts the fact that there will be incidental personal use of the Internet just as there is personal use of the telephone. The policy should make a clear statement to the employee that Internet use will be monitored; and if the privilege is abused, it will be lost. The Internet policy should be tailored to avoid or eliminate potential abuses of the Internet. Establishing guidelines and/or examples of acceptable and unacceptable uses of the Internet can help meet this objective.
Employees should be informed that when they go online at the office, their actions might be identified with the firm. This is particularly true for e-mail, since business e-mail addresses typically identify the organization in some manner. For example, a lawyer’s e-mail addresses may include the firm’s name. In such instances, the policy should advise employees that when using the firm’s Internet e-mail system, the firm is normally identified in the e-mail. It is therefore impossible for employees to send e-mail without associating themselves with their employer/firm.
Also, the consequences of that association should be clearly spelled out. The firm’s lawyers may have a keen understanding of the rules of respondeat superior, but other employees may not. Therefore, the policy should state in plain English that any statements, even personal ones, could very well be attributed to the firm and that the firm may be held responsible for employee conduct.
Employees should be informed that sending e-mail over the Internet is instantaneous and generally unretrievable. Drafting and sending e-mail is not like sending a letter. Unlike a letter that can be retrieved from the mailroom, the e-mail is instantaneously sent from the computer station, and you cannot get it back for editing or stop it from reaching its destination. It simply cannot be recovered, even if misdirected.
Employees should be informed that they lose a degree of privacy when they use the Internet or send e-mail over the Internet through the firm. The law firm should advise the employee in both its Internet policy and a policy dealing with more general workplace privacy issues that e-mail sent from the office should not be considered private communications. Such a clear statement can act as a defense to an invasion of privacy claim in the event that a personal e-mail is read by others whom the sender did not intend to read it. An employee who was clearly advised that the e-mail is not to be in any way considered private would not have a reasonable expectation of privacy when others receive or have access to the e-mail message.
Employees also should be told in the Internet use policy that they run the risk of giving up privacy protection just by sending e-mail. While hacking or stealing Internet e-mail messages is illegal, it is technologically possible for an individual to intercept and read an e-mail message. Employees should understand, therefore, that there is this potential loss of privacy. A common sense illustration for employees is that e-mail is very similar to writing on the back of a postcard.
Finally, employees should be advised that in many instances the technology creates a record of their Internet activities. For example, it is currently possible in at least a limited way to retrace the sites visited by an employee. It is also possible to monitor e-mail activity.
The policy should deal with issues of security. In order to protect the firm’s computers, the policy should address the issue of computer viruses, and establish procedures for opening e-mail attachments and downloading off the Internet.
Also, the policy should focus on the use of e-mail security such as passwords or encryption. An Internet e-mail policy should address the issue of when, if ever, an employee can encrypt personal e-mail. In addition, the policy should state that passwords or encryption keys must be made available to the firm so that the firm can have access at any time.
This is another area where reference to existing policies may be helpful. Employers frequently have a policy relating to a right of access to an employee’s desk or file cabinet. The Internet policy should provide that just as the employer has a right of access to the employee’s desk or file cabinet, the employer will have access to the employee’s computer and e-mail messages.
The Internet use policy should focus on excessive or inappropriate use. A number of activities should be expressly prohibited in every e-mail or Internet use policy, including:
• Copying, disseminating, or printing copyrighted materials, including articles, images, games, or other software.
• Accessing, sending, soliciting, displaying, printing, or otherwise disseminating material that is reasonably likely to harass, threaten, or embarrass others; or that is sexually explicit, fraudulent, or otherwise inappropriate in a professional environment.
• Transmitting statements, language, images, or other material that are reasonably likely to be perceived as offensive or disparaging of others based on race, national origin, sex, sexual orientation, age, disability, or religious or political beliefs.
• Engaging in personal, non-firm-related activities for gain or profit. Examples include consulting for pay, or advertising or selling goods or services for personal gain.
• Engaging in illegal activities or using the Internet for any illegal purposes, including initiating or receiving communications that violate any laws or regulations.
• Interfering with or disrupting the work of others.
• Gaining or improperly gaining access to the Internet by using any access control mechanism not assigned to the particular user, or permitting another person to have access to the Internet by using the employee’s access control mechanism.
• Hacking—gaining or attempting to gain unauthorized access to any computers, computer networks, databases, data, or electronically stored information.
In addition, the policy should state that excessive personal use of the firm’s e-mail or Internet resources will lead to loss of the privilege to use them. It may be difficult to define “excessive” with precision. However, the most obvious definition is when work is suffering as a result. A further method of controlling excessive use is to incorporate a progressive discipline procedure with regard to what the law firm considers to be excessive use, and the progressive discipline will then provide the employee with ample warning as to the law firm’s expectations.
The firm should also be flexible in its policy on excessive use. At certain times the personal use of e-mail may far exceed normal personal use. For example, if the home team has won the Super Bowl, one could expect that Monday morning will generate a larger than normal volume of e-mail transmissions dealing with nothing other than the results of the Super Bowl. Again, common sense would dictate that this would not be the appropriate time to crack down on personal use of the Internet, but rather for a reasonable employer to recognize that certain extraordinary events result in extraordinary usage of the e-mail system.
As noted above, the policy should be aimed at avoiding offensive language or activities that might be considered offensive to a reasonable person. This is particularly true of e-mail use. This offensive conduct could involve the choice of language, improper or inappropriate jokes, or harassing “teasing” of a particular individual in the firm.
The policy should inform employees that if they are subjected to e-mail transmissions involving improper language, jokes, or harassing behavior, they have the ability to report the activity to management; and that swift and appropriate actions will be undertaken to stop such offensive conduct. Again, it is recommended that the e-mail policy be cross-referenced against or even incorporate portions of the firm’s sexual harassment policy in order to underscore the importance of these prohibitions against improper use. CL
Table of Contents