Balancing Acceptable Use Policies and Corporate Culture
While Internet, instant messaging, texting, and email access at the office have brought productivity gains, they have also brought some legal and business headaches along as baggage. And those are just the old distractions. Today we can also add Twitter, LinkedIn, Facebook, and other social networking sites into the mix.
Over the years, I've written many columns on the law and the importance of acceptable use policies as tools to reduce these headaches. Today however, I want to focus on corporate culture and civil war.
For the purposes of this column, the legal part is only background. So, let's start with the fundamentals. Your employee's online activities can cause your company legal nightmares. I could do a book of lists on the different ways you might find this nightmare manifested, but for present purposes, I'll just offer a few examples. You might want to be sipping some wine as you read this although this isn't recommended if it's 8AM Monday morning.
Let's see. How about the boys gathering around Joe's computer during lunch to share his new subscription to an adult site. The ladies may think that it's a hostile work environment. This may cause you to become intimately familiar with the address of your local courthouse.
Email can cause many legal problems for you especially if your employees don't get the rudimentary concept that email counts. Somebody suing you can subpoena email and it has the same legal impact as a "formal" letter. Libel and copyright infringement are merely two examples of the ways email can cause a problem.
The first step in minimizing the nightmares for your company is for you to create an Acceptable Use Policy (AUP). In it, you lay out the rules for the use of the technology you provide to your employees.
Since I've written many of these over the years, you might imagine that I have a ready-to-go policy for your company, but you would be wrong. That's because there is no one-size-fits-all AUP that you can copy and paste and call yours.
In some ways, the legal part is the easy piece. The law reduced to its essence is that if you do wrong online, it will come back to haunt you. However, this one sentence of legal essence is useless in guiding a company executive in setting policy.
The problem is that the Internet is a tool that has both business and personal uses. Further, the number of ways people use it is as varied as the people. If you impose a sledgehammer approach like, "You shall not use the Internet for any personal purposes” you may find a rebellion on your hands.
I think that a better approach is to tailor your AUP so that it takes into account things like corporate culture, job description, and rank.
At the restrictive end, you might have a customer service representative working at a call center computer. While the job may require Internet access, the nature of the job is more like a production line for providing service, rather than a professional service. Last time I checked, Ford doesn't have any televisions showing soap operas during the day on its production lines. (Okay, I never really checked, and in fact, I've never seen a Ford production line in person, but I'm betting that it's a good guess.) Likewise, your call center computer is an example of a computer that arguably can and should be designated a "business use only" tool.
However, it's still a corporate culture issue as much as a legal issue. You shouldn't impose this type of rule if it doesn't fit your corporate culture. You know your culture and no lawyer can advise you on it. This is the civil war part. You can make people feel like distrusted idiots if you suddenly impose rules that don't fit the way you've always done business.
At the other end are your executives. Presumably, you trust them and that's why they have the job they have. Telling them that they are prohibiting from taking a quick look at cnn.com during the work day or occasionally checking how the stock market is doing that day might make them feel like you aren't giving them the professional respect they have earned.
Yes - I'm suggesting that you accept some hard to quantify increased legal risk to create a better work environment. Whether it's an AUP or any other corporate issue, I don't think you want your lawyer's worst-case possible scenario to guide your every move. Legal is but one part of the business picture, albeit an important part. However, business and life are filled with risks and you can't get anywhere always choosing the least risky path.
I think that as you establish your policies, you should place more emphasis on monitoring rather than prohibition. I'm suggesting that you frequently remind all employees, including your highest-ranking executives, that you monitor all Internet and computer use. You should take the position that nobody has an expectation of privacy when using the company's systems.
Then, you should monitor. Trust is great, but knowing that somebody may be watching is an effective check.
Where you find that balance between monitoring and prohibition is that corporate culture thing. Look at your organization's personality as you make your decisions.