COOLEY GODWARD LLP
Form Internet and Email Use Policy
This policy is a sample form for companies to use with employees who are given access to the email system and the Internet.
1. Because this policy is a significant statement of how the company perceives its relationship with its employees, this policy should be drafted with careful consideration of its effects on employee morale. This particular version has been drafted without permitting the employees to make personal use of the Internet or email. As a practical matter, this restriction will be difficult to enforce and thus may strike employees as unreasonable and oppressive, in which case employee morale may be adversely affected (or employees may scoff at the policy in general, since one provision so clearly cannot be enforced). If a company wanted to permit limited personal use of the resources, consider the following clause:
“Occasional personal use of the System that does not violate our policies, interfere with employee productivity, or undermine our business objectives is permitted.”
2. This policy needs to be harmonized with other corporate policies, such as any document retention policy, notebook loan agreement, policy regarding corporate communications, purchasing procedures, or code of conduct. In particular, it may be appropriate to describe when a user should print out and file copies of emails and downloaded files, and how long electronic copies of emails and downloaded files should be retained. In addition, some of the policy provisions might touch on issues addressed in a Proprietary Information and Inventions Agreement or employee agreement. so these agreements may need to be reviewed for conflicts as well.
3. Clients should consider access control or filtering software to effectuate their objectives about restricting inappropriate personal use of the computer resources. However, each technology has different pros and cons, and no technology is perfect. Thus, it may be helpful to discuss with the client the effects of limited access on the utility of the Internet and on employee morale.
With respect to pirated software, some clients use license management software internally to restrict software use. If appropriate, the client might find it desirable to describe the scope of this license management software in the policy.
4. Employee consent successfully waives the applicable privacy statutes. We recommend that clients obtain consent by getting a signature from every employee who is given access to the resources.
5. While this policy seeks consent to waive the applicable privacy statutes, there may be other legal restrictions on monitoring employee use. For example, in some states both the sender and recipient of private communications must waive their rights before such communications may be accessed. Thus, companies that are interested in monitoring or reading employee emails (either on a systematic basis or on an ad hoc basis) should discuss the specific procedure with counsel and should not rely strictly on the purported consent contained in this form.
6. Clients are particularly concerned about harassing email or Web screen displays. While this is problematic, it is unlikely that a single harassing email or a single harassing Web screen display will be sufficient BY ITSELF to make the company liable for harassment. However, such emails or screen displays could be combined with other harassing conduct to demonstrate a pattern of harassment that is actionable. Thus, clients need to continue to deploy anti-harassment efforts as a general undertaking.
7. This policy addresses only email and Web use. If other types of use, such as Usenet, telnet, and dial-up modem use, are permitted, the policy should be adjusted to reflect the specific issues raised by these other uses. In addition, in certain cases it might be appropriate to address the use of related technologies—such as voicemail, computer and telephone—in the same policy. Special rules may apply if the client has a company intranet, especially if there is a bulletin board area designed for certain types of communication (such as a classified section).
8. A limited number of companies permit their employees to have firm-sanctioned web pages. In this case, additional provisions should be considered to govern the contents of such web pages.
9. Clients might want to add specific provisions regarding technical operation of their system. For example, a client might want to spell out: what should and should not go in a auto-signature block, whether or not offline browsers such as Pointcast can be used, any limits on the size of attachments that can be sent or received, whether or not it is OK to sign up and participate on email lists, password expiration procedures, the length and characteristics of the password, logout procedures, how to respond to spam sent to a user’s account, policies regarding the acceptance of cookies and the disposition of cookie, cache and history files, etc.
10. Some companies are beginning to allow third parties to place advertisements on their intranets. In this case, a provision might be appropriate regarding the proper use of the advertisements. Note that clients who permit third party advertising on their system may have more difficulty prohibiting unions from soliciting employees using company resources/facilities.
11. If the client has a union or other collective bargaining arrangement, there may be additional issues to consider.
12. Most companies do not have training programs for system administrators explaining when administrators can and cannot monitor employee communications. Therefore, in connection with deploying this policy, counsel should advise clients to consider having a training session to explain in more detail what system administrators can and cannot do. Otherwise, this training will occur on an ad hoc basis or, worse, on a post hoc basis.
This form was last updated July 7, 1998 by Eric Goldman (x5154).
Internet and Email Use Policy
We provide certain of our employees with an email account and access to the Web. Because our email and Internet systems (the “System”) are expensive and valuable resources designed to enhance job productivity, we provide this policy statement (the “Policy”) so that you will understand your responsibilities with respect to the System. Your failure to comply with this Policy could lead to disciplinary action which could include termination of your employment. This Policy does not limit or amend other company policies or agreements that may be in force.
1. Emails Live Forever. Simply deleting an email message from your account does not destroy the message. This message probably remains on our email server, and we often make back-up copies of our email servers that we may store for months or years. Even after we erase the back-up copies, a skilled technician may be able to restore the erased message. Further, in the case of emails sent over the Internet, copies of the email could persist on the recipient’s system (or any person who receives a forwarded copy from this person) indefinitely. Thus, you should only send emails that you are willing to have live forever.
While we may have back-up copies of your materials, we encourage you to make back-up copies yourself and dispose of such copies in accordance with our document retention policy.
2. You Cannot Control Your Emails Once Sent. Once you send an email, you have effectively no ability to control who sees it. Emails sent over the Internet cannot be “retrieved.” Further, emails are often forwarded to people you did not anticipate would receive it. Also, we may be required in future litigation to produce copies of your emails in a court proceeding, and we may do so without notifying you or asking your permission. In short, you should always write emails assuming that the person you least want to read your email will see it.
3. Check Email Headers. You should always check email headers to confirm the identity of the recipients, especially when you reply to a message (particularly when you reply to all recipients). It is very easy to reply to a message in a way that causes your message to be sent to the wrong people. This is especially problematic if you inadvertently cause an internal message to be sent outside the company.
4. The System is a Company Resource. The System is our valuable business asset, and therefore we do not permit you to use the System for personal use. We spend significant amounts of money to procure the hardware, software and telecommunications services necessary to offer Internet access and email, and we have not invested the resources to permit the System to meet our legitimate business needs plus the demands placed by personal use of the System. Pursuant to the terms of your Proprietary Information and Invention Agreement, all messages and files composed, sent or received using the System are and remain our property.
5. Prohibited Uses of our System. Our general policies regarding employee communications also apply to communications made using the System. Without limiting the foregoing or the previous section, you may not use our System to send, receive, store or display communications or files that: (a) infringe any third party intellectual property or publicity/privacy right; (b) violate any law or regulation; (c) are defamatory, threatening, insulting, abusive or violent; (d) might be construed as harassing, derogatory, disparaging, biased or discriminatory based on a person’s age, sex, race, sexual orientation, religion, disability, national origin or any other protected classification, (e) are obscene, pornographic, harmful to minors, child pornographic, profane or vulgar; (f) contain any viruses, trojan horses, worms, time bombs, cancelbots or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information, or (g) are solicitations or advertisements for commercial ventures, religious or political causes, outside organizations or other non-job related activities. Under no circumstances may you use our System to gain unauthorized access to third party resources.
Without any further notice to you, we may use software that restricts your access to certain websites or that keeps a log of the websites you visit.
6. Do Not Expect Privacy. We may access, read, monitor, intercept, copy and delete your communications if we deem appropriate; however, we expect we would do so only when there is a legitimate business reason. By way of example, we might do so if we suspect any violation of law, breach of security, or violation of our policies. Further, we may disclose your communications to third parties if we deem appropriate. Thus, you should not expect privacy in your System account or any communications on the System.
7. You May Use Only the System to Access the Internet. We expect that all business use of the Internet and email will be made using our System. Thus, while at work, you may use only the System to use the Internet or to access email unless you are given prior management approval. Without limiting the foregoing, unless permitted by management, you may not use a modem to reach outside resources, nor may you use the System to reach a remote email provider (such as a free email service).
8. Do Not Always Believe What You See. You should always evaluate the quality of your information sources on the Internet. Since anyone can publish information on the Internet, you should not assume that information available over the Internet is correct. Further, we may use “caching” software that stores copies of frequently requested material and delivers these copies to you instead of getting fresh copies from the Internet. Because caching software might cause you to retrieve outdated or inaccurate information, if you have any doubts about the currency of material you are seeking, please contact your system administrator.
Also, you should not assume that an email that claims to be from someone is in fact from that person. It is very easy to forge headers, effectively falsifying the identity of the email originator, or someone may have forgotten to log out. Check first before making assumptions.
9. Help Maintain Security. Our System is not perfectly secure and is susceptible to break-ins. Thus, we need your help to maintain security.
You may not share your System passwords with anyone else (including other company employees), and you may not gain access to other System accounts, without prior management authorization. However, we reserve the right to override your password for legitimate business reasons.
Further, because electronic communications are inherently unsecure, you should not electronically transmit sensitive or confidential information to any third parties without prior management approval. However, you may not use any encryption programs unless specifically instructed to by management, and then you may only use encryption technology supplied to you. Also, the transmission of our or third party intellectual property outside the United States may be subject to laws on export control; before sending such materials, consult management and/or counsel.
If you are given permission to send confidential information to third parties, you should include the following header on such emails: “____ Confidential.” In addition, when sending electronic communications to in-house counsel or an attorney representing us, you should include the following header on each communication: “Privileged and Confidential/Attorney-Client Communication.”
10. System Integrity. You should not use the System in a way that disrupts or degrades its performance. For example, you should not attempt a large file download during peak usage periods. We may place limits on the amount of data you can store on the System. Also, unless we tell you that we are automatically scanning email attachments and Internet downloads for viruses, you should virus-check all such files before executing them, loading them onto the System or forwarding them.
11. Corporate Communications. Every time you send an email that contains our domain name or transmit files using our System, third parties might interpret these communications as official corporate communications or legally-binding statements of the corporation. Therefore, at minimum you should not use the System to make any statements or take any action which might be interpreted as a press release or publicity statement without management approval.
12. Third Party Materials. You should not redistribute third party materials, particularly email attachments, without prior authorization by those third parties, our management and, if necessary, our counsel. Articles, photos, graphics, sound files and other attachments are generally the intellectual property of some other party, in which case your redistribution can create liability for us. Further, you should assume that anything you download from the Internet is protected by intellectual property laws, and you should not make further use without approval from management and counsel.
13. Amendments to this Policy. This Policy supersedes all prior communications, oral or written, regarding the System. You agree that we may amend this Policy by sending you an email containing the new policy, and the amended policy shall be effective as soon as it is sent by us.
Acknowledgement: I understand and agree to comply with this Internet and Email Use Policy, and in particular I understand and agree that the company may access, read, monitor, intercept, copy and delete my communications if it deems appropriate. I understand that my failure to comply with any of the provisions in this policy may lead to disciplinary action, up to and including termination of my employment.