Policy needed to curb e-mail abuse

Posted on May 16, 2003 
Filed Under Anita, New Zealand Herald

By Anita Matthews

The Employers and Manufacturers Association (Northern) Inc urged companies to be proactive and spell out a policy on Internet surfing and e-mail use to prevent unauthorised or careless use by employees.

Its advisory services manager Peter Tritt said a comprehensive policy would protect employers from vicarious liability as well as educate users about legal risks that they might inadvertently take.

“Having supplied a computer for work, employers have the right to make sure it is being used for that purpose. This means you can access e-mails on the computer and monitor time spent and websites visited. Most employees forget that using the Internet and e-mail at work is at the employer’s resource and therefore, not a private affair,” he said after panel discussion organised by software security firm Clearswift (Asia/Pacific) Pty Limited in Auckland in May.

Tritt cited a US statistics that revealed employees are increasingly using the Internet for non-work related activity such as visiting sex sites, playing computer games, gambling and exchanging gossip and jokes while on the job.

“A salaried employee earning $40,000 a year can cost his or her employer $5,000 a year by just playing around the Internet an hour a day,” he said, adding it amounted in lost productivity.

A survey by Kensington Swan reported in the New Zealand Herald in May disclosed that 22 per cent of companies polled did not have a written policy for employee behaviour in relation to the Internet and e-mail. It also found that 58 per cent employers do not have any filtering software in place to block inappropriate Internet content.

Tritt said that although anti-spamming programs provide some protection, nothing is failsafe. “Most important is having policies which cover everything, including what to do with unwanted spam,” he reiterated.

He also recommended regular review of the policy to stay current with fast changing technology trends. “Reviews should always be an ongoing thing that takes into account any changes. If change is fast, them the review process should be timed accordingly,” he added.

Clearswift Asia/Pacific managing director Chy Chuawiwat agreed, adding that employers need to establish, educate and enforce the policy clearly with guidelines to ensure its effectiveness. “Ten per cent of organisations that have policies in place do not enforce it,” he added.

Liable for mail?

Meanwhile, Tritt shrugged off the suggestion that employers can be held liable for unsolicited porn e-mail as a “fanciful claim” and unlikely to succeed. “It is yet another extreme example of a grievance culture which has it that employers should be held to account for anything and everything that may happen to someone simply because they work for them,” he said, adding that the average payout on personal grievances for unjustified dismissal was $9,706.

Associate professor of law at University of Otago Dr Paul Roth concurred. “If an employee has been sexually harassed by email, the employer is only liable if s/he has failed to take whatever steps are practicable to prevent a repetition of the harassment. If the harassment is beyond their control, it would seem that they are unable to do anything about it,” he said, adding that the employer is only responsible for sexual harassment if it is someone representing the employer or a customer.

“If it comes from a stranger, I don’t think the employer will be liable. I think this claim is somewhat far-fetched. A good employer might take such steps, but I can’t see how an employer would reasonably be liable for not blocking. Often the nature of the message is clear from the subject line and could be easily deleted by the employee without opening the message. That’s what I do, and I’ve never missed one,” he argued.

He said that employers should use filtering software to weed junk mail out as much as possible.”If it becomes a real problem, we could try to attack it at source, where there are some legal mechanisms for doing so.”

Roth believes that the urgency for legislation however will increase in the future in tandem with the increase in telecommuting and those who work from home. “It will be very difficult to distinguish workplace and private life. We are all working harder, we take work home with us or we work 12 hours at the office.”

He noted that countries like Hong Kong and United Kingdom are drafting a code of practice governing processing of individual data, monitoring and retention of email communication. It is also being considered in the European Union.

“I think New Zealand should too. But I highly doubt that it will anytime soon. The culture here is different. Kiwis don’t like to be told what to do anyway,” he said, adding that the code can be based on guidelines as to best practice, issued by the International Labour Organistion in 1997.


Features of a good policy:-

  • Limit e-mail and Internet access for personal use.
  • Define confidentiality issues, trade secrets and access to organisational information.
  • State when to attach disclaimers to e-mail
  • Incorporate good housekeeping practice including keyboard lock and password security.
  • Include appropriate etiquette and use of language
  • Prohibit inappropriate messages that might cause offence.
  • Prohibit deliberate access to offensive and obscene material from the Internet.
  • Be aware of copyright and licensing restrictions that might apply to downloaded and forwarded material from the Internet or e-mail.
  • Identify type of monitoring that will be carried out.
  • Describe consequences owing to breach of policy.
  • Published in Trinetizen Media, May 16, 2003.


    Comments are closed.