Email and Internet Usage Policy

Email and internet usage policy

Introduction

This document describes the Company’s policy on the use of Electronic Mail (e-mail) and Internet including social media systems. This policy applies to all employees, sub contractors, consultants or directors (exec or non-exec) in the Company and any associated or subsidiary companies.

The aim of this policy is to give guidance on the acceptable use of these systems.

Electronic Mail

All messages sent or received through the Company’s e-mail network are the property of the Company.

A)  Business Use

Do

• Make full use of e-mail to communicate with clients, suppliers, colleagues, etc, on business matters.
• Make maximum use of free resources on the web for research and business purposes.

Don’t use e-mail

• Containing any language or content that could be considered offensive.
• To conduct any business activity not pertaining to the Company.
• In a way which may conflict with the Company’s interests.
• To let another person use your address or system.
• To request the automatic reception of messages from anonymous originators or to participate in chain letters.

B)  Personal Use

Don’t

• Make excessive personal use of e-mail, as a guide, 2-3 messages sent or received a day is a maximum.
• Send or receive personal file attachments.
• Keep personal messages longer than a month.
• Log on or participate in any message site

C)  Internet Access and Web Browsing

Do

• Make full use of the Internet to research clients, competitors and to develop market knowledge.

Don’t

• Waste time browsing or surfing sites.
• Browse sites that could potentially embarrass the Company.
• Access, transmit or download material that could be considered inappropriate or illegal, for example anything of an obscene, pornographic, threatening, discriminatory or otherwise offensive nature.
• Download files from any web site unless these are required for your work.
• Browse to conduct private business or for-profit activity.
• Access Internet based e-mail systems.

Misuse

The Company reserves the right to monitor the use of the Internet system and the traffic of e-mails from time to time to ensure compliance with this policy. If it is suspected that the system is being misused, the Company reserves the right to monitor the content of e-mails.

 In the event that an employee has misused the e-mail or Internet system, formal disciplinary action may be taken at the discretion of a manager, and depending on the severity of the misuse this may lead to dismissal with or without notice or payment in lieu of notice for very severe cases.

 Social Media Usage

 Personal use of social media is never permitted during working hours or by means of the Company’s computers, networks and other IT resources and communications systems.

 Employees must avoid making any social media communications that could damage the Company’s business interests or reputation, even indirectly.

 Employees must not use social media to defame or disparage the Company, their staff or any third party; to harass, bully or unlawfully discriminate against staff or third parties; to make false or misleading statements; or to impersonate colleagues or third parties.

 Employees must not express opinions on the Company’s behalf via social media, unless expressly authorised to do so by their manager. Employees may be required to undergo training in order to obtain such authorisation.

 Employees must not post comments about sensitive business-related topics, such as Company performance, or do anything to jeopardise the Company’s trade secrets, confidential information and intellectual property. Employees must not include the Company’s logos or other trademarks in any social media posting or in their profile on any social media, unless specifically permitted to do so as part of the duties of their role. Examples of permitted use include but are not limited to:

• Use of LinkedIn for sales lead generation or marketing
• Use of Twitter and Facebook for sales and marketing purposes

 The contact details of business contacts made during the course of employment are the confidential information of the Company. On termination of employment employees must provide a copy of all such information, delete all such information from their personal social networking accounts and destroy any further copies of such information that they may have.

 Social media should never be used in a way that breaches any Company’s policies. If an internet post would breach any Company policy in another forum, it will also breach them in an online forum. For example, employees are prohibited from using social media to: 

• breach this Policy;
• breach the Company’s obligations with respect to the rules of relevant regulatory bodies;
• breach any obligations contained in those policies relating to confidentiality;
• breach the Company’s Disciplinary Policy or procedures;
• harass or bully other employees in any way;
• unlawfully discriminate against other staff or third parties;
• breach the Company’s Data Protection Policy (for example, never disclose personal information about a colleague online); or
• breach any other laws or regulatory requirements.

 Employees should never provide references for other individuals on social or professional networking sites, as such references, positive and negative, can be attributed to the organisation and create legal liability for both the author of the reference and/or the Company.

 Employees who breach any of the above policies may be subject to disciplinary action up to and including summary termination of employment.

 Bring your own device to work

 We recognise that many of our staff have personal mobile devices (such as tablets, smart phones and handheld computers), which they could use for business purposes, and that there can be benefits for both us and staff, including increased flexibility in our working practices, in permitting such use. However, the use of personal mobile devices for business purposes gives rise to increased risk in terms of the security of our IT resources and communications systems, the protection of confidential and proprietary information and reputation, and compliance with legal obligations.

 No one is required to use their personal mobile device for business purposes. It is a matter entirely for each person’s discretion. However, employees should bear in mind that a breach of this policy may lead to us revoking your access to our systems, whether through a device or otherwise. It may also result in disciplinary action up to and including dismissal. Disciplinary action may be taken whether the breach is committed during or outside office hours and whether or not use of the device takes place at your normal place of work. You are required to co-operate with any investigation into the suspected breach, which may involve providing us with access to the device and any relevant passwords and login details.

 You must comply with all of the Company’s policies when using your device to connect to our systems, including in particular this Electronic Mail and the Internet Usage Policy.

 In particular, you must:

• at all times, use your best efforts to physically secure the device against loss, theft or use by persons who we have not authorised to use the device. You must secure the device whether or not it is in use and whether or not it is being carried by you. This includes, but is not limited to, passwords, encryption, and physical control of the device;
• install any anti-virus or anti-malware software at our request before connecting to our systems and consent to our efforts to manage the device and secure its data, including providing us with any necessary passwords;
• comply with our device configuration requirements;
• protect the device with a pin number or password, and keep that pin number or password secure at all times.  If the confidentiality of a pin number or password is compromised, you must change it immediately. The use of pin numbers and passwords should not create an expectation of privacy by you in the device.
• prohibit use of the device by anyone not authorised by us, including your family, friends and business associates;
• not download or transfer any Company data to the device, for example via e-mail attachments, unless specifically authorised to do so. Staff must immediately erase any such information that is inadvertently downloaded to the device;
• not backup the device locally or to cloud-based storage or services where that might result in the backup or storage of Company data. Any such backups inadvertently created must be deleted immediately;
• not use a device to capture images, video, or audio, whether native to the device or through third-party applications, within the workplace;
• where we have permitted you to store Company data on the device, ensure that the Company data is encrypted using appropriate encryption technologies approved by us.

 We reserve the right, without further notice or permission, to inspect your device and access data and applications on it, and remotely review, copy, disclose, wipe or otherwise use some or all of the Company data on it for legitimate business purposes, which include (without limitation) enabling us to:

• inspect the device for use of unauthorised applications or software;
• inspect any Company data stored on the device or on backup or cloud-based storage applications and prevent misuse of the device and protect Company data;
• investigate or resolve any security incident or unauthorised use of our systems;
• conduct any relevant compliance obligations (including in relation to concerns regarding confidentiality, data protection or privacy); and
• ensure compliance with our rules, standards of conduct and policies in force from time to time (including this policy).

This policy is for information only and does not form part of the terms and conditions of your employment.