FirstAssist offers advice on tackling email and Internet misuse

Research carried out last year by the Chartered Institute of Personnel and Development (CIPD) revealed that 64% of organisations had experienced problems in the previous two years with staff misuse of the Internet or email. Although many have introduced policies to govern their use, the issue continues to be a thorny one. Employment law specialist, FirstAssist, is offering businesses key advice on creating and applying a policy to meet the challenge.

Pauline Pembry, Employment Law Services, FirstAssist, comments, ìBusinesses are understandably sensitive about computer security, email and Internet abuse. Some of the problems arise when trying to judge the appropriate level of response to a breach of the companyís Internet or email policy. However it can be all too easy to see every breach as potentially gross misconduct. Deciding what is and what isnít gross misconduct is the real challenge for employers. In this respect, there are some basic elements that can form the basis of an effective Internet and email policy.î

Password privacy

Unauthorised use of passwords and reading emails that are clearly marked ëpersonalí are generally regarded as disciplinary offences at the minimum. In a recent case, the Employment Appeal Tribunal (stressing the importance of preserving the integrity of a computer system) held that it is ënormally reasonable to regard as gross misconduct an employeeís deliberate use of an unauthorised password in order to gain access to information which they are not entitled to see.í

The trouble with ìbloggingî

Inappropriate use of ìbloggingî is also considered serious enough to warrant disciplinary action. A ìblogî (short for web log) is a personal online diary that can be accessed by anyone. There have been a few publicised cases of employees being dismissed because of material contained in their blog. For instance, making derogatory comments about employers or bringing the company into disrepute.

Many employers may not even be aware of blogging, let alone make reference to it in their policy. However, concerns about the potential content of a blog can still be addressed. It may help to liken the situation to the publication of the same material in the press, highlighting that the company could be brought into disrepute if they are in any way linked to the material.

When is it misuse?

Personal use of email and the Internet is a major focus for employers because they donít want these activities to interfere with individual work responsibilities. However, what is acceptable can vary a lot from one company to another. Whatever the policy, itís important for it to be clearly communicated to all employees. This is particularly important for new and also temporary staff who are often overlooked and should be required to sign that they have read and understood the policy.

The actual time spent on personal email traffic can also present a problem if it becomes excessive. Limiting personal email time to breaks or at either end of the working day may be a solution; with the loss of that privilege being a possible disciplinary sanction for those who donít comply. Dismissal is only likely to be appropriate following warnings or if the level of personal use is extreme and amounts to a fundamental breach of the rules and contract.

Just a joke

Inappropriate use of the Internet may also be an issue. Again the seriousness of the offence will depend on a number of factors ñ it does not necessarily have to be gross misconduct. Factors to consider may include the nature of sites being accessed, whether material has been downloaded and how much work time (if any) was involved.

Companies nowadays use a variety of means to prevent undesirable emails getting into their systems. However that doesnít mean that there is total control over the mail that arrives in an individualís inbox. Employees are generally required to delete immediately anything inappropriate, eg. sexually explicit or offensive material. The mailing of jokes is a widespread practice; employees may forward them without much thought, but if the content is inappropriate they risk disciplinary action which could include dismissal if the offence is regarded as gross misconduct.

Pembry concludes, ìIt is essential that companies have a policy on email and Internet use, as well as ensuring staff compliance. Employers are liable for issues such as their employeesí defamatory remarks, breach of copyright or software license. Remember too that email messages can give rise to legal claims against the company, and are disclosable in any legal action, including defamation, breach of confidentiality or contract and employment tribunal claims. Once a policy has been created ensure all staff are aware of the issues and understand the rules ñ the first step to protecting the company and its employees.î

The offences that are commonly regarded as gross misconduct are:

sending of inappropriate messages, for instance any that might cause offence or harassment on grounds of sex, race, disability, age or religion, deliberate accessing of offensive, obscene or indecent material from the Internet, such as pornography, racist or sexist material, violent images, incitement to criminal behaviour etc

downloading material from the Internet in breach of licensing or copyright restrictions

The seriousness of other typical computer, Internet or email offences can vary from employer to employer.

CASE STUDY

The employee, a computer sales technician, had six months service with his employers at the date of the initial investigation. At a clientís site whilst he was working with his manager demonstrating software programmes, his manager commented on some music emanating from his laptop. The employer stated that he was downloading music from an Internet website and said that he had a software programme which enabled him to bypass security measures on the website and download copyrighted material for free.

Upon returning to headquarters the manager reported the matter to the companyís HR department. He was concerned that:-

1. The employee was downloading copyright material from a Clientís site.

2. If the website owners were able to trace the breach of security, it would lead back to the Clientís premises.

3. The downloading of material was contrary to the companyís Internet use Policy.

4. His laptop might contain further unauthorised downloaded material or items of a pornographic or offensive nature.

The employer called FirstAssist because it was concerned about how it should respond to the evidence supplied by the manager. The employee was to attend a performance review in three daysí time and the company was concerned whether it should wait until then to seize the laptop.

FirstAssist advised prompt action was required to preserve evidence and to react quickly to show how serious the company considered the breach of the companyís Internet policy.

The head of the HR department visited the employee at home to retrieve the laptop and inform him that he was suspended on full pay pending an investigation.

FirstAssist advised the employer to interview potential witnesses, regarding the unlawful downloading of copyright material. The employee work colleagues confirmed that he spoke openly of being able to copy encrypted DVDs. Luckily the employer had its own team of software experts who were able to examine the laptop. The investigation showed that he had unlawfully downloaded numerous polyphonic ring tones. Additionally there were hundreds of mobile phone games and other mobile phone applications downloaded. The laptop also contained software to enable him to copy and unencrypt DVDs. The investigation also indicated that he had visited a number of sexually explicit websites contrary to the employerís Internet policy.

The final report provided by FirstAssist to the employer concluded the following breaches of the employerís Internet policy and disciplinary process which stated that such matters would be construed as gross misconduct. These included:-

1. The unauthorised downloading, printing or other use of copyright information.

2. Non-work related audio and video files such as mp3s, etc being stored on the laptop because it breaches copyright.

3. Any material which would be considered as non-business like, sexually explicit or offensive should be deleted at once.

4. Deliberately accessing internet sites containing pornographic, offensive or obscene material and the mailing of jokes containing sexually explicit or offensive material internally or externally.

5. Deliberately accessing any website whatsoever, which is not business related during office hours.

In the light of the above the employer convened a disciplinary hearing following the procedure set down in Employment Act 2002 and Dispute Resolution Regulations 2004. At the hearing the employee admitted he had breached the employerís Internet policy and was dismissed for gross misconduct.