No Image Available

Protecting yourself from email evil


Barrister Charles Price provides an example of an internet and email policy that should protect you from any legal pitfalls.

These guidelines apply to your employment at XXXX and all other organisation sites that you may be asked to work at from time to time. Please note that these guidelines also apply to you if you are working as a contractor within the organisation, rather than an employee.

Breaches of this policy

Any breach of this policy will be dealt with under the disciplinary policy. Serious breaches of these guidelines shall constitute gross misconduct and shall allow XXXX to terminate your employment, immediately, without notice. Or terminate your contract immediately without notice if you are a contractor, rather than an employee. Serious breaches are as follows:

  • Accessing pornography or sites which promote discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age.

  • Sending abusive emails or emails containing sexually explicit content

  • Using the internet or email policy in competition with your employer


XXXXXX reserves the right to monitor all external and internal employee communications and access to the organisation network, intranet and the internet, where the property of the organisation is used in the communication or is accessed remotely from outside the organisation. The organisation reserves the right to use the following methods for monitoring of communications:

  • Fileserver log file analysis.

  • Data packet analysis.

  • Email message analysis, including content of individual emails and attachments where required.

XXXX shall inform all employees prior to the introduction of any such monitoring or the extension of any existing monitoring.

Internet Usage

The Internet should only be used for personal use during breaks and lunch time.
Furthermore access to streamed or real time audio, data, graphics, video or any other data that uses a large amount of bandwidth or system resources is not allowed either during work time or break or rest periods unless access to such services is directly related to your work.

You must not use the internet to download and activate third party software programs or utilities unless authorised. Furthermore you must not load any third party software from CDs, 3.5 inch diskettes, Zip tapes or any other data or media storage product that you have in your possession onto your PC. This also applies to any software received from a partner organisation. All software received from a partner organisation must be given to so that it can be assessed. You must also provide with reasons why the third party software is required for evaluation and or use.

Email usage

XXXXX reserves the right to access your organisation email account and messages at any time, however you will be informed if your email account is accessed.

All emails, (including replies and forwarded emails) should contain the standard email signature of the organisation. From time to time you may be requested to alter or update your email signature file, if requested this should be carried out immediately. If your email signature contains your personal contact information such as office telephone number, mobile number or pager you should ensure that these details are correct and kept up to date.


Why have an internet and email policy?
The above policy has two key features;

  • Consistency

  • Definition of ‘limited and reasonable use’

A policy like this means, if applied to all workers, a united approach in the way mistakes and misconduct is treated throughout the company. With such a policy in place workers will not be able to say in a tribunal that they have not been treated even handedly or that they were unsure as to what they did was wrong. With 70 per cent of employers complaining that they have had to discipline employees for accessing pornography this is a live issue.

The law behind monitoring

Part three of the Employment Code of Practice on “Monitoring of Employees”, issued under Data Protection Act 1998, which was finally prepared before the new Information Commissioner took over in November sets out basic rules for employers who monitor, or are planning to monitor, employee activities. It will be particularly relevant when monitoring of employee use of the internet and e-mail are in point, but also covers use of the telephone and a whole raft of other activities.

The theme throughout is transparency. If monitoring takes place, then save in exceptional circumstances the employer should ensure that employees know what is being done, how it is being done and the reasons for it. Employers must always tell their staff about the types of monitoring taking place, the reasons for it, the sort of information that will be obtained, when, why and how it will be obtained, how the information will be used and to whom it will be disclosed.

When drafting your internet and email policy, consider what best practice procedures should be put in place, particularly internet and email etiquette ‘do’s and ‘don’t’s.

  • For example, in all external correspondence, the firm’s email designation notice should be attached at the beginning of all email messages. For example, your external emails could have the following wording above each message:

***** Email confidentiality notice *****

This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.

  • Decide the extent to which employees can use the internet and email for personal purposes. Set down the parameters clearly and specify the consequences of misuse/abuse of the system,
  • Depending on the nature of the firm’s business, a higher level of security (for example, encryption) might be required and tighter restrictions on the use of email as a means of sending business information might be necessary.

Employer’s vicarious liability
Businesses should be wary that an employer will be held liable for any representations made or contractual arrangements entered into by its employees if it is reasonable for a third party to assume that such employees were acting with the employer’s authority.

  • Casual contractual undertakings given in a business context may bind the firm unintentionally.

  • The firm may be sued for inaccurate statements or misrepresentations.

  • Some statements may amount to defamation

  • Bullying and harassment of workers via the Internet or email.

One Response

  1. Email Procedure
    The article is a timely reminder for a lot of organisations, as this is an area causing a lot of heartache in New Zealand, as I imagine in the UK also.

    My comment relates to the opening of this suggested policy………where we begin by referring to “guidelines” and then go on to call it a policy. I recommend the use of the word ‘polciy’ throughout, as an reference to a ‘guideline’ gives many the notion they have some flexibility in how they interpret the requirements. In this as in other policies there is, or should be, a specific requirement and the only flexibility allowed is to do better. Other than that, hopefully many managers/owners, will take up this recommended policy. Cheers.

No Image Available

Get the latest from HRZone.

Subscribe to expert insights on how to create a better workplace for both your business and its people.


Thank you.