Here’s a simplified example of the type of a limitation of liability provision that you’ll see in tech agreements—this one’s from a software as a service agreement. “The liability of the software as a service provider to customer for any reason and upon any cause of action related to the performance of the work under this agreement whether in tort or in contract or otherwise shall be limited to the amount paid by the customer to the software as a service provider pursuant to this agreement.”

No Tricks up My Sleeve

Now, if you sign-off on a clause like that because you figure that your lawyer will find some technicality to overcome it, I’d say don’t depend on it. As a generalization, it means what it says and says what it means.  Judges can read, and a judge would probably enforce it as written.

If you had to sue for damages that exceed what you’ve paid under the agreement, all isn’t necessarily lost. Still, it’s like fighting with both hands tied together. While it’s clearly one-sided, courts aren’t in the business of rewriting deals to make them fairer. That’s your job when you’re negotiating your deal.

It’s the Norm

When you negotiate your agreement and tell the other side that the limit of liability has to go, you’re likely to get a blank look. You know, it’s the same one you get from your kids when you remind them that they haven’t given you your change.

I know what I say when I represent the seller of tech services. I say things like, “Limits of liability are the norm.” “Everybody uses them.” “We’ve never done a deal without one.” “We would have to increase the price dramatically because of the additional risk we would be assuming.”

Ironically, all of this is true. So, we’re done, right? Wrong. A skilled and experienced negotiator can make all the difference here.

While it is the norm to see limits of liability in deals like software as a service, cloud computing, licensing, telecom and outsourcing deals, it’s not necessarily true that they’re all as onerous as my example. While getting the other side to remove it completely may be like climbing Everest, making it fairer isn’t necessarily so hard if you ask for the right things.

The Negotiation

If they won’t eliminate the limit of liability provision, which no well-represented tech, telecom, or outsourcing company would, you have to start pecking at it to chink their armor. So let’s go back to my example where the software as a service provider’s liability is “limited to the amount paid by the customer to the software as a service provider pursuant to this agreement” and look at some ways to start pecking at it.

Let’s say you have a five-million dollar deal cooking, which calls for five equal payments over five months as work progresses. Let’s say that after the first month it becomes clear that the work they’re doing is causing more harm than good, so you rightly refuse to make your second one-million dollar payment. Finally, let’s say that they’ve somehow caused you damages valued at two-million dollars.

You might think that you could easily obtain a judgment for your two-million dollars.  However, you can’t because the limitation of liability provision limited your recovery to the amount you paid – i.e. a refund. Therefore, as written, no matter what they do and no matter how bad it is, the most you get is a refund of the one-million dollar you’ve paid to date. They risked nothing!

King Henry VI (Photo credit: TranceMist)

My first attempt to chink their armor would be to ask them to agree to a limit of liability of an amount equal to the total value of the contract to them (five-million dollars) and not the amount paid to date. Failing that, I might ask for some multiple of the amount paid to date.

Another approach would “reciprocity.” In fact, I’d say that no single word is more important in moving a one-sided agreement toward the middle than reciprocity. What’s good for them is good for you. Don’t be embarrassed to ask. They certainly were not embarrassed to make the provision one-sided to their advantage.

The idea is that the most that they can ever recover from you is equal to the most you can recover from them. Why should they have a protective limit, but not you? They won’t like that, but it’s hard to argue against the proposal’s inherent fairness.

Yet another approach would be to carve out an exception if they infringe the intellectual property rights of a third party. In the example as written, if they “created” software for you and you were sued for millions for infringing some third party’s copyright, you would pay millions.  Still, you could only recover one-million dollars from them as the ones who really caused the infringement. Again, it would not be fair.  Therefore, liability for indemnification arising from the infringement of intellectual property should be excluded from the limitation of liability.

Another thing you want to exclude from the limitation of liability is any third party’s property damage or bodily injury claim. As with the copyright situation, it seems inherently unfair that you should pay unlimited amounts of money to a third party because of something your software as a service provider did.

A few other items that I want excluded from a limitation of liability include willful or intentional torts, claims arising from their breach of a confidentiality provision, a claim arising from their improper use of personal identifiable information, any claim for indemnification other than for IP which we discussed above, claims arising from their failure to comply with the law, and their intentional breach of contract.

It’s almost a waste of time to put effort into negotiating a contract to have it emasculated by a one-sided limitation of liability clause. Don’t let that happen to you. While it may be true that these types of clauses are “normal,” don’t assume that the one in their proposed agreement has dropped from the heavens as the only way it can be.

==================================

This week’s blog is a reprint of an article I wrote that appeared in the Winter 2011 edition of “Inside,” a journal published by the Corporate Counsel Section of the New York State Bar Association.

===================================

It is time for companies to take their blinders off.  Social networking is not going away.  You can choose to embrace it now or wait until your company is the last one in.  Either way, your company will use social networking at some point.  Why wait?

Image by Getty Images via @daylife

If your answer is that there is legal risk, I would submit that this is a poor answer.  Most activities carry legal risk and our job as lawyers is to help our clients manage those risks.  Moreover, the risks that come from social networking are manageable.  This article will help you accomplish this.

The “risk” issue reminds me of when Internet email was hitting corporate desktops in the 1990’s.  Companies engaged in what today seem like nonsensical debates about whether employees needed email.  Of course, they did.  Similarly, they worried about legal risk in the face of unknown law.  Sound familiar?

I remember writing a column in the 1990’s where I said that virtually every employee with a telephone on their desk would have email access within five years.  That is one prediction I got right.

Now I have a new prediction.  Within two years, virtually every company will be using social media like LinkedIn, Facebook, Google+, and Twitter to promote itself.  Does your company really want to be last in?

Image via Wikipedia

Reining in Risk for the Enterprise

Most commentators would acknowledge that social networking for the enterprise is not without risks.  In fact, it is like any other public forum and carries most of the same risks.  Some of the issues that your company needs to consider include copyright infringement, trademark violations, litigation related issues, advertising and employment law, and privacy.

The starting point of any legal analysis of any issue involving the Internet is that the Internet is not the Wild West.  Rather, it is a forum that is at least as regulated as any newspaper.

The problem is that like any new technology, new law trails the development of the technology.  After all, nobody regulates technology that is yet to arrive.

And “new” is where we are with social media in that the law is still developing.  Thus, as we had to do with the Internet generally in the 1990’s when “Internet Law” was still in its infancy, we must look to current law and use common sense to apply it by analogy to social networking.  (The problem is the concept of “common sense” since “law” has been described as “common sense as modified by the legislature and courts.”)

Some of the analogies are easier than others.  For example, it is certainly clear that your company cannot use material created by others in violation of general copyright law.  The Digital Millennium Copyright Act (“DMCA”) is yet another Federal statute that is relevant to social networking.  The DMCA could require that your company promptly take down material from a social networking site it controls whether an employee or third party posted the infringing content[1].

Likewise, your company’s social networking posts must be sensitive to trademark law.  If your trademark analysis says that your company could not use “Coke’s®” logo in a company brochure, you could not use it on your company’s blog.  This is the common sense part.

Another easy one is in the area of litigation.  There can be no doubt that if your company has a litigation hold is in place for whatever reason, this hold would also apply to all social media.  Thus, your company may not erase a blog post that is relevant to litigation although common sense says that it would be wise to remove public access to a problematic post.

Another area of concern is advertising law.  It is certainly “common sense” to assume that the Federal Trade Commission act, which bans unfair and deceptive trade practice[2] and the CAN-SPAM Act[3], which regulates “spam” are relevant to the world of social media.

Using copyright and trademark concerns, litigation holds, and advertising and employment law as mere examples, you can begin to see the importance of training your employees.  It goes without saying that they are the actors for your company and that their lack of training and sensitivity to these issues is your nightmare waiting to happen.

You must dispel the myths about the “Wild West.”  In an online environment where the entire world might see a social networking post, you certainly do not want employees posting things like, “Our only competitor is a thief” because lo and behold defamation law applies to social networking activities.  (That is unless you really want to go down the truth is an absolute defense to libel path.  I will go out on a limb here and guess that you do not.)

Employees’ Personal Social Networking

A whole other area of concern for your company is how your employees use social networking outside the office.  After all, they have personal accounts on Facebook, LinkedIn, Twitter, Google+ and others.  They may not understand that what they say on their personal Facebook account could haunt their employer and them.

If your company does not already have a social media policy in place, you are late at getting there.  However, you can begin rectifying that today and you should.  A great example of a personal blog policy is one Yahoo developed.[4]

Among the most important concepts in the Yahoo policy is that any employees who identify themselves as Yahoo employees “should notify their manager of the existence of their blog just to avoid any surprises.”[5]  Knowledge is power and your company can mitigate the risk employees create online by merely knowing the post is there.  You should encourage this notice.

While many companies may want their employees promoting their business in their personal LinkedIn and Facebook accounts, it is important to sensitize employees to the fact that when they speak on behalf of their employers on a personal social networking page, they are putting their employer at legal risk just as if they were posting on the employer’s “official” LinkedIn page.  This may not be obvious to the average employee who may think that different rules apply on a personal social networking page.  It is the same theme yet again.  It is all about training.

Monitoring Employees’ Online Activities

Many companies have started to monitor their potential and current employees’ online activities.  The fact is that people will post “remarkable” stuff online for all to see.  Many companies will look at that “remarkable” stuff and choose to pass on a potential hire or consider terminating an employee over online posts.

It can be hard to feel sorry for someone who “friends” his boss on Facebook and posts, “My boss is an incompetent fool.”  (“Oops.  I forgot he was among my friends.”)  Still, it is important for your company to have a written policy in place that clearly states that the company does and will continue to monitor social networking activities for posts the company reasonably deems inappropriate.  Further, this policy should make it clear that termination is among the possible consequences for inappropriate activities.

A bit of caution is in order when monitoring personal activities online because some states including New York have laws that prohibit an employer from punishing an employee due to legal leisure time conduct[6].  Nonetheless, many think that it is a best practice to monitor employees’ online activities while being aware of the parameters for action set by statutes or otherwise.

Embrace but Understand

If your company has not yet jumped headfirst into using social networking to its advantage, it is time to do it.  This should be about as obvious as the need for a corporate website should have been in 1996.

While it is true that the law can be murky with social networks, with some education, training and supervision, you could and should minimize those risks.  Do not permit yourself to be a nay-saying lawyer fearful of new technologies.  If that is you, hire an outsider to assist.  Do whatever it takes.  Just do it.

______________________

Related articles

• Digital defence – keep your business safe online (simplybusiness.co.uk)
• TechLaw-Using a Chat Program for a Back Channel during Telephone Negotiations (ecomputerlaw.com)

The trends are clear.  When negotiating deals, we’re all increasingly using online tools like WebEx and GoToMeeting, and conference bridges in lieu of face-to-face meetings.  When doing deals using these tools, it is essential that you have a back channel for real time communication with your team.  I am huge advocate of using an instant message or chat program for this back channel.

Image via Wikipedia

It’s amazing how fast these online meeting tools have changed the way we do deals.  The cost savings of using a WebEx or GoToMeeting can be compelling.  Still, you lose a lot when you’re not face-to-face even if you are using web video conferencing.  The information gained when you’re in the room across the table from someone is invaluable.  Moreover, I think that people find it harder to take hard contrarian positions in-person.  Still, in a world of tight travel budgets, it is increasingly common to forego these and the many other advantages of in-person meetings.

One of the things you can do to improve this remote, one channel environment is to open a back channel for communicating with your own side in real time.  The starting point is to agree on a compatible instant message program.  It could be an encrypted corporate type solution that will make your IT folks happiest (but this type of solution will have some costs), or a no cost solution like AOL’s Instant Messenger (aim.com).

The goals of using this back channel are several.  One is to avoid stepping on each other.  Being able to type messages like “drive home that point,” “let’s change our direction,” or “let me talk” in the background can help keep your team acting like a team and not simply a bunch of uncoordinated one-on-one players.  Another goal is minimizing the need for breaks while your team reconvenes on a private conference bridge to coordinate its efforts, positions, and impression.

You might find it useful to have several chat windows open at once.  One could be a window that your entire team can see and type in, and another might be for the two or three leads only so that they can have their own private chats.

Image via Wikipedia

I’m not sure why, but some of my clients resist setting up this back channel.  I cringe every time I have no way to type something like, “You are making a big mistake with that position.  Stop!  Let’s talk on my other line before you continue down this direction.”  Without that back channel, I’m forced to call a break in a way that draws attention to the disagreement within our team.  That’s not the type of information you want the other side to have.  If they’re smart, they just may be able to exploit that type of internal division.

It’s essential that the other side in a negotiation see your team as a monolith with a single position.  Having to discuss internal positions on a single open phone line with the other side is poor technique.  My recommendation is that you create a back channel and use it to keep internal communications private.

Related articles

• 3 Must-Have Apps for Today’s Business Professionals (mycricket.com)

After almost 30-years of practicing law, I’m still amazed at the number of

Image via Wikipedia

legal fallacies that even sophisticated business people have about doing deals and properly documenting them. A prominent fallacy is that Letters of Intent (LOI) are always nonbinding or just not important for some reason that I cannot fathom.

I suppose that the misconception arises because — well — it does say “Letter of Intent” and not “Contract” at the top of the page.

Do yourself a favor. Press the “I Believe” button on this one when I tell you that LOIs can be binding agreements — you need to take them seriously, and they need to be written by your attorney.   When you think that you have an exciting deal to close, please take a deep breath and make sure that you get the documentation right.

LOIs go by many names, such as Memorandum of Understanding, Agreement in Principle, and Term Sheet, among other things. Whatever you call them, they can bite you if you’re not properly circumspect about the things you sign.

Yes, it’s exciting when you have a big cloud computing or software as a service (SaaS) deal to sign for your enterprise.  I know that when they mention the LOI, it’s a Right Guard moment. Just understand that once you sign that LOI, you may be blurring the line between engagement and marriage.

If you never close your deal because you never could work out all the details, you may find that LOI under lots of scrutiny. LOIs can and do end up in courtrooms. The essence of the lawsuit is often plain ol’ “breach of contract.”

It really comes down to this. Nonlawyers are often under the misconception that the title of the document absolutely governs the situation.

If the language in your LOI reads like a binding contract, it’s probably a binding contract. Don’t make the mistake of thinking that just because not every detail of your deal is in the LOI that this necessarily means you would win if sued.

The starting point in drafting an LOI is to remember its purpose. Usually, parties are looking to summarize their deal as a prelude to negotiating the details. It’s usually intended to be superseded by a more formal and lengthy document.

Using a SaaS deal as an example, the LOI might talk about the basic service that the vendor will provide.  It might even talk about some of the customizations that they will do for you.  Usually, the parties don’t intend for these terms to be binding if they never sign a more formal contract that includes all the details.

However, the parties usually have terms they do expect to be binding even if they never close the deal. Some examples would include a confidentiality provision and a provision that says each party is responsible for their own attorneys’ fees and other expenses in connection with the negotiation of the deal.

If your LOI isn’t specific about whether it’s really a contract or a nonbinding summary of the state of your negotiations, you could be creating an unpredictable mess for yourself. If there’s ever a dispute about the LOI, you’re forcing a court to look at the document as a whole, accept testimony with those who participated in the LOI creation process, and then make an educated guess as to the intent of the parties.

In this situation, the fact that it says, “Letter of Intent” at the top is just a single piece of evidence that a court will use to find the parties’ intent. If everything below the title reads like a binding agreement, the court may find that you have a contract and not just the simple outline of terms to be negotiated that you thought you had.

In some ways, if your lawyer does it right, this can be simple. A well-drawn LOI has a provision that specifically states to what extent the parties intend it to be a binding agreement. A typical provision will say that the LOI in fact has provisions that the parties intend to be binding even if they never sign another document. It will then go on to specify those provisions.

Whatever you do, just remember that an LOI is a legal document, which you should have your lawyer write. If you think that you are up to the task, let me give you some perspective: As somebody who mentors young lawyers, I’ve yet to find one who fell out of law school with an innate ability to draft legal documents. It takes years of mentoring and training for a young lawyer to master the art of legal writing. I just ask, “Who mentored you?”

Related articles

• Venture Deals: Chapter 12: Letters of Intent – The Other Term Sheet (askthevc.com)

Image via CrunchBase

My 2-hour seminar “The Art & Science of Negotiating Tech, Telecom & Cloud Deals” is next week – Tuesday December 6 in New York City.  We have three seats remaining.  If you would like to attend, please RSVP today.

—————–

This headline caught my attention earlier in the week – “Judge orders Google and Facebook to remove fake sites.”  You can find a short summary of the case at http://www.bbc.co.uk/news/technology-15959882.

The case arises from the brand “Chanel” waging a war on counterfeit goods and websites purporting to sell “Chanel” products.  In its lawsuit, Chanel alleges that counterfeiters use certain domain names to promote the sale of counterfeit handbags, shoes, etc.

Image by antonellomusina via Flickr

While I’m extremely sympathetic to Chanel trying to stop counterfeiters from selling counterfeit goods, I am not okay with the unprecedented relief the court gave to Chanel.  I can certainly live with the court ordering domain name registrars to essentially transfer the domains to the court.  This seems like a reasonable remedy and makes total sense.  However, the major Internet companies with obligations resulting from this case should have been parties to the suit.  I discuss this more below.

What troubles me the most is this language from the court’s order: “The [domain names in question] shall immediately be de-indexed and/or removed from any search results pages of all Internet search engines including, but not limited to, Google, Bing, and Yahoo, and all social media websites including, but not limited to, Facebook, Google+, and Twitter until otherwise instructed by this Court.…”

My issue here is not really an Internet Law issue per se.  I’m concerned about ugly facts making bad law.  The ugly facts are that nobody is sympathetic to the slime that counterfeits goods and sells it on the Internet or from the back of a truck.  The bad law is a court order that requires a non-party to a lawsuit to do something.  It’s contrary to American legal tradition and simply a bad idea.

We are treading on a slippery slope here because of the lack of sympathy most of us share for players here.  We have the counterfeiters who we want to crucify.  We have non-parties like Google and Facebook that rarely garner sympathy from anyone about anything.

However, I must remind you that our legal system is all about law created by judicial precedent.  This is a precedent for anyone – even you – receiving a court order from a court when you were not a party and could not defend yourself.

What I’m suggesting is that we don’t want our lack of sympathy for the players here to make bad law and this is bad law.  At the very least, the court could have required that Chanel add Google and others as parties so that they would have had notice of the suit and the ability to respond if they wanted.  Of course, Google probably does not care about the court requiring it to delist the rogue sites and that’s fine.  Still, Google and the other non-parties should have had that choice.

We can easily create bad precedents when the bad guys are not sympathetic characters.  I’m just suggesting that the bad precedent the court created here may be worse than the counterfeiting.

Related articles

• Chanel counterfeiters beware: US federal court orders domain names seized and de-indexed (engadget.com)
• Chanel wins court order in US to transfer domains and more (slashgear.com)
• Court OKs Private Seizure of Domain Names Which Allegedly Sold Counterfeit Goods–Chanel, Inc. v. Does (ericgoldman.org)
• Federal Judge Orders Google, Facebook to Disappear Hundreds of Sites (wired.com)
• Courts Take Deeply Problematic Actions Against Fake Chanel Websites [Sopa] (gizmodo.com)
• Judge orders search giants: Delist Chanel rip-off merchants (go.theregister.com)
• Hundreds of Web Sites Seized on Court Order; No SOPA Bill Required (blogs.discovermagazine.com)

ONLY FIVE SEATS REMAINING. PLEASE REGISTER NOW IF YOU WANT TO ATTEND.

LOCATION: Tannenbaum Helpern Syracuse & Hirschtritt, LLP
900 Third Avenue, 13th Floor
New York, NY

TIME: 8:30 a.m. – 9:00 a.m.
Registration & Continental Breakfast
9:00 a.m. – 11:00a.m. Program
CLE: NY 2 hours

Featuring Mark Grossman, Attorney, Author and Technology Law Columnist

Tech, telecom and cloud deals raise many complex legal and business issues that need to be thoroughly negotiated and documented in your agreements. From complex software licensing and telecom deals to cloud computing deals, tech deals have their own customs, usages, and norms. In this seminar, Mark Grossman will give you an insight into the real language he’s used in real deals. What are the norms in the industry? What concessions should you expect? How technical must a tech contract be?

The discussion will include intellectual property, licensing, warranties, limitations of liability, performance standards, acceptance testing procedures and change orders, to name a few. You will find these issues arising in all types of deals including those that involve managed services, cloud computing, telecommunications, and Software as a Service.

In this seminar, you will learn:

• Four key provisions you need in every technology contract.
• How a limitation of liability clause can emasculate your agreement.
• How intellectual property provisions in your agreements can be a trap for the unwary.
• Three negotiating techniques guaranteed to work every time.
• Four ways to keep your technology contracts out of court.
• How to negotiate an agreement that simply communicates your deal so that the parties have nothing to fight about.

Intended Audience: Business executives, IT professionals and lawyers involved with tech, telecom or cloud deals.

To RSVP please contact Nancy Wu at wu@thsh.com or 212-702-3147.

When a lawyer drafts a contract, he or she must use an entirely different mindset. If he means to say the same thing as he said earlier in a document or related document, then he should say it with the same words. The penalty for getting this wrong is that if your contract finds its way to a courtroom, some litigator may argue that since the contract did not use identical words in both places, the parties must have intended a different meaning. Absurd? Of course, but it’s justice American style.

Creating a defined term is one way to ensure consistent language use, but even if you don’t have defined term, a lawyer must – absolutely must – use identical language to express an identical thought.

One of the things I use when I judge another lawyer’s work is how consistent he is with his use of language. It’s simply sloppy to say the “package delivery truck,” “the brown truck,” and the “UPS truck” in the same agreement.

I see this type of sloppiness regularly in agreements. It’s inexcusable and amateurish. Those of you that have been reading my posts for some time certainly know that I am extremely critical of the quality of lawyering I see in tech deals. This one is a “Drafting 101” mistake and simply unforgiveable.
——
My Website is Completely Redone

After a couple of false starts, I have completely redone my website at www.eComputerLaw.com. Please check it out. It’s now the home of my blog, and for the first time I’ve designed it to create a dialog. Please leave your comments there.

Also, as you run the new website through its paces please email me regarding any cosmetic recommendations–or most importantly, glitches. I feel like I still need to fly swat some small issues, and if you find any I would appreciate it if you let me know.

My content will change a bit too. I intend to start posting and emailing content more frequently. Many of my future posts will be shorter like this one. Others will continue in the longer form that I’ve used for years. Again – I welcome your comments.

Finally, I’ve written well over 200 articles over the years. You can find all of that old content at my firm’s website at http://www.thsh.com/Publications/Articles-by-Topic/Technology-Telecom-and-Outsourcing.aspx.

Over the years, I’ve written many columns on the law and the importance of acceptable use policies as tools to reduce these headaches. Today however, I want to focus on corporate culture and civil war.

For the purposes of this column, the legal part is only background. So, let’s start with the fundamentals. Your employee’s online activities can cause your company legal nightmares. I could do a book of lists on the different ways you might find this nightmare manifested, but for present purposes, I’ll just offer a few examples. You might want to be sipping some wine as you read this although this isn’t recommended if it’s 8AM Monday morning.

Let’s see. How about the boys gathering around Joe’s computer during lunch to share his new subscription to an adult site. The ladies may think that it’s a hostile work environment. This may cause you to become intimately familiar with the address of your local courthouse.

Email can cause many legal problems for you especially if your employees don’t get the rudimentary concept that email counts. Somebody suing you can subpoena email and it has the same legal impact as a “formal” letter. Libel and copyright infringement are merely two examples of the ways email can cause a problem.

The first step in minimizing the nightmares for your company is for you to create an Acceptable Use Policy (AUP). In it, you lay out the rules for the use of the technology you provide to your employees.

Since I’ve written many of these over the years, you might imagine that I have a ready-to-go policy for your company, but you would be wrong. That’s because there is no one-size-fits-all AUP that you can copy and paste and call yours.

In some ways, the legal part is the easy piece. The law reduced to its essence is that if you do wrong online, it will come back to haunt you. However, this one sentence of legal essence is useless in guiding a company executive in setting policy.

The problem is that the Internet is a tool that has both business and personal uses. Further, the number of ways people use it is as varied as the people. If you impose a sledgehammer approach like, “You shall not use the Internet for any personal purposes” you may find a rebellion on your hands.

I think that a better approach is to tailor your AUP so that it takes into account things like corporate culture, job description, and rank.

At the restrictive end, you might have a customer service representative working at a call center computer. While the job may require Internet access, the nature of the job is more like a production line for providing service, rather than a professional service. Last time I checked, Ford doesn’t have any televisions showing soap operas during the day on its production lines. (Okay, I never really checked, and in fact, I’ve never seen a Ford production line in person, but I’m betting that it’s a good guess.) Likewise, your call center computer is an example of a computer that arguably can and should be designated a “business use only” tool.

However, it’s still a corporate culture issue as much as a legal issue. You shouldn’t impose this type of rule if it doesn’t fit your corporate culture. You know your culture and no lawyer can advise you on it. This is the civil war part. You can make people feel like distrusted idiots if you suddenly impose rules that don’t fit the way you’ve always done business.

At the other end are your executives. Presumably, you trust them and that’s why they have the job they have. Telling them that they are prohibiting from taking a quick look at cnn.com during the work day or occasionally checking how the stock market is doing that day might make them feel like you aren’t giving them the professional respect they have earned.

Yes – I’m suggesting that you accept some hard to quantify increased legal risk to create a better work environment. Whether it’s an AUP or any other corporate issue, I don’t think you want your lawyer’s worst-case possible scenario to guide your every move. Legal is but one part of the business picture, albeit an important part. However, business and life are filled with risks and you can’t get anywhere always choosing the least risky path.

I think that as you establish your policies, you should place more emphasis on monitoring rather than prohibition. I’m suggesting that you frequently remind all employees, including your highest-ranking executives, that you monitor all Internet and computer use. You should take the position that nobody has an expectation of privacy when using the company’s systems.

Then, you should monitor. Trust is great, but knowing that somebody may be watching is an effective check.

Where you find that balance between monitoring and prohibition is that corporate culture thing. Look at your organization’s personality as you make your decisions.