A woman who discovered nine of her colleagues had circulated obscene e-mails about her has received £10,000 compensation after settling her sexual harassment case against her former employer.
The Sales Support Administrator and Personal Assistant discovered the e-mails inadvertently after she was given access to a colleague’s e-mail folders while he was on extended leave. After making a formal complaint to her employer, Holden Meehan Independent Financial Advisers Ltd, which she felt was not treated seriously, she eventually lost confidence in her employer and said she had no choice other than to resign.
“Various high profile media stories in recent years should not have left any room for doubt about the dangers of people misusing e-mail at work,” said Julie Mellor, Chair of the Equal Opportunities Commission, who supported the case.
“All employers should make their staff aware that sexual harassment can take many forms and can be deeply distressing for the person on the receiving end. The fact that comments are made by e-mail doesn’t mean they should be treated any less seriously than if they were spoken or written down. This needs to be made clear in harassment and IT policies,” she warned.
According to the Information Security Breaches Survey 2002 [.pdf], although 83% of large organisations do have email policies in place, 43% of businesses overall do not.
The problem of not having an email policy is that unless the parameters of email use are defined there is no recourse if you want to take disciplinary action on an employee who is deemed to have abused the system.
For the argument to stand up, should the case go to a tribunal, you will have to have defined your email policy beforehand – in black and white and preferably with the employee’s signature on the piece of paper stating that they had read and understood the document.
- Scanning and enforcing:
An indication of the measures in place to show determination to enforce; the penalties for/consequences of breaching the policy; and why the policy exists (protection of staff, company reputation and IT security). - Responsibility:
Name the individuals responsible for training and indicate where to go for answers to queries regarding the policy. Employees should be fully aware at all times of what constitutes the policy and know the consequences should it be abused. - Liability:
Details of legal liability should the policy be breached (to reinforce the seriousness of the problem). - Definitions:
A definition of what is appropriate business and personal Internet usage if an Internet connection is provided for business use. This should include details of sites which should never be accessed using business facilities and time; a clear statement on whether the company allows private Web-based e-mails, and if so, under what circumstances e.g. no attachments; video or music files, only for making arrangements; times of day; costs etc. - Business materials:
Company policy on the circulation of business materials, in particular those likely to be generated within an employees own field of work; potential pitfalls in the circulation of materials (how to avoid accidental distribution of confidential information). - Lost productivity:
How to avoid it and what the consequences might be. - Forbidden files:
What types of files may not be circulated via e-mails or downloaded or uploaded via the web. - Data theft:
How to avoid it (Cyberwoozles, cookies and how to spot them). - Viruses:
How to avoid them. - Acknowledgement:
A form to sign acknowledging that the employee has understood their obligations, making adherence to the policy part of their terms and conditions of employment.
Related sources:
