You’re a busy, stressed HR manager and your day is taking a definite turn for the worse. Your MD is not happy. He’s just seen some embarrassing photos of the recent office party on Facebook and been told about some rather lewd comments made about certain colleagues on an employee’s blog. You’ve already had to speak to a few people for spending too much time at work shopping online but here’s something else you need to deal with. Internet misuse doesn’t just occur at Christmas however. An employee might comment on their blog about how bored they are at work and that the organisation they work for is rubbish. Another might mention that the sales director is travelling around Europe developing new business leads. The first scenario could well bring the company’s reputation into disrepute whilst in the second, the employee could be disclosing confidential information

Any time spent at work on social networking sites, blogs and online shopping clearly affects productivity but that’s not all. Many legal liabilities can arise out of computer misuse including harassment, defamation, copyright infringement as well as the transmission of confidential information and trade secrets. Most employees however, are probably quite unaware of these potential consequences. But how much of a problem is computer misuse in reality or has the media coverage been a bit excessive? Not at all. It is estimated by the Department for Trade and Industry that 97% of UK companies use the internet and a survey carried out in 2007, by the journal Employment Review, found that 76% of organisations had to take action because of employees sending inappropriate emails. Another survey revealed that almost 40% of employees who have personal blogs have placed information about their employer, workplace or colleagues which could be potentially damaging to their work environment. There has been extensive litigation arising out of inappropriate computer use and it is not a problem limited to particular sector: three council workers lost their jobs for spending too long on ebay, five college employees were sacked after sending rude emails, one police force disciplined 140 officers for circulating an offensive email. Even government departments are not immune with more than 160 Foreign Office staff disciplined for internet or IT abuse at work.

What is needed, in any organisation, irrespective of its size, are effective measures to limit the risk of computer misuse. An essential step is putting in place an Acceptable Use policy and ensuring the disciplinary procedure covers email and internet misuse. Where the computer misuse occurs at work then the position is relatively straightforward (subject to the issue of monitoring and surveillance which is considered below) and the appropriate disciplinary action can be taken. But what about entries on Facebook or blogs written at home? A contract of employment will usually, expressly provide that the employee has to behave appropriately at all times and must not do anything to bring the organisation into disrepute or to disclose trade secrets. Consequently, a blog written at home, could still have ramifications for the individual if it contained information which brought the employer into disrepute.

Monitoring of email and internet use is potentially a legal minefield. The starting point is to bear in mind the extent to which employees have a right of privacy at work and to fully understand the legal framework that covers workplace monitoring and surveillance. Article 8 of the European Convention on Human Rights provides for a right to private life and this is enshrined in the Human Rights Act 1998. If an Acceptable Use policy provides for reasonable monitoring of emails and internet use this would take away the reasonable expectation of privacy and subject to complying with certain statutory conditions, organisations would be permitted to monitor for a specific purpose if the monitoring is proportionate to the objective it seeks to achieve. Data protection is another thorny issue and recent breaches have been dominating newspaper headlines in the past few months. It is worth looking at the Information Commissioners' website www.ico.gov.uk. and specifically the Employment Practices Data Protection Code: Part 3  Monitoring at Work which provides very practical guidance on how to comply with the Data Protection Act 1998.

An outright ban on using the internet at work is not realistic for many organisations and it is more appropriate to manage email and internet use by putting in place an Acceptable Use policy. This should:

• set out what behaviour is acceptable and unacceptable by giving examples;
• set out the nature of internet sites which should not be visited for example, pornographic sites;
• prohibit taking part in message rooms or submitting content which is likely to cause offence or embarrassment to the employer;
• prohibit downloading software without the consent of the IT department;
• provide that inappropriate use will be dealt with as a disciplinary matter;
• provide that email and internet use can be monitored to investigate allegations of misuse;  
• be flexible enough to cover technological developments as it is likely many email policies do not cover social networking sites or blogs.