RISKVUE ARCHIVE | FEATURE STORIES
Sample Electronic Communication Policy
Abbott Resource Group Electronic Communication Policy
||To maximize the benefits to Abbott Resource Group and its employees of electronic communications, while protecting Abbott Resource Group and its employees from liability and/or performance challenges caused by the improper or unauthorized use of the systems made available to facilitate the business of the company.
||As a productivity enhancement tool, the Abbott Resource Group Family of Companies (including all subsidiaries) provides and encourages the business use of electronic communications (notably the Internet, voice mail, electronic mail, and fax). Electronic communications systems, owned by Abbott Resource Group, and all messages generated on or handled by these electronic communications systems, including back-up copies, are considered to be the property of Abbott Resource Group. Any attempt to violate, circumvent and/or ignore these policies could result in corrective action, up to and including termination.
||Abbott Resource Group’s electronic communications systems must be used solely to facilitate the business of the company. Users are forbidden from using Abbott Resource Group electronic communication systems for private business activities, personal, or amusement/entertainment purposes. Employees are reminded that the use of corporate resources, including electronic communications, should never create either the appearance or the reality of inappropriate use. Inappropriate use may result in loss of access privileges and disciplinary action, up to and including termination.
||Employees are strictly prohibited from using Company computers, e-mail systems, and Internet access accounts for personal reasons or for any improper purpose. Some specific examples of prohibited uses include, but are not limited to:
- Transmitting, retrieving, downloading, or storing messages or images that are offensive, derogatory, off-color, sexual in content, or otherwise inappropriate in a business environment.
- Making threatening or harassing statements to another employee, or to a vendor, customer, or other outside party.
- Transmitting, retrieving, downloading, or storing messages or images relating to race, religion, color, sex, national origin, citizenship status, age, handicap, disability, sexual orientation, or any other status protected under federal, state and local laws.
- Communicating confidential Company information to individuals inside or outside the Company or to other organizations, without specific authorization from management to do so.
- Sending or receiving confidential or copyrighted materials without prior authorization.
- Soliciting personal business opportunities, or personal advertising.
- Gambling, monitoring sports scores, or playing electronic games.
||Where electronic communication systems provide the ability to identify the activities of different users, these facilities must be implemented. For example, electronic mail systems must employ personal user-I]Ds and associated passwords to isolate the communications of different users. Fax machines that do not have separate mailboxes for different recipients need not support user separation.
||Regardless of the circumstances, individual passwords must never be shared or revealed to anyone else besides the authorized user. To do so exposes the authorized user to responsibility for actions the other part), takes with the password. Violation of this could result in corrective action towards the authorized user and the person receiving the password, up to and including termination. If users need to share computer resident data, they should utilize message forwarding facilities, public directories on local area network servers, and other authorized information-sharing mechanisms. To prevent unauthorized parties from obtaining access to electronic communications, users must choose passwords which are difficult to guess (for example, not a dictionary word, not a personal detail, and not a reflection of work activities).
||Misrepresenting, obscuring, suppressing, or replacing a user’s identity on an electronic communications system is forbidden. The user name, electronic mail address, organizational affiliation, and related information included with electronic messages or postings must reflect the actual originator of the messages or postings. Violation of this can result in disciplinary action to the offending employee(s), up to and including termination.
|No Expectation of Privacy
||Employees should expect that all information created, transmitted, downloaded, received or stored in company computers may be accessed by the company at any time, without prior notice. Employees should not assume that they have an expectation of privacy or confidentiality in such messages or information (whether or not such messages or information is password protected), or that deleted messages are necessarily removed from the system.
|No Default Protection
||Employees are reminded that Abbott Resource Group electronic communication systems are not encrypted by default. If sensitive information must be sent by electronic communication systems, encryption or similar technologies to protect the data must be employed. Users should have no expectations of privacy using Abbott Resource Group equipment. Unlike written communications, e-mail does not usually have an “envelope.” Unless the e-mail message is encrypted, you are sending a postcard, not a letter.
|Regular Message Monitoring
||Contents of electronic communications may be monitored and the usage of electronic communications systems will be monitored to support operational, maintenance, auditing, security, and investigative activities. The company reserves the right to disclose any electronic messages to law enforcement officials without prior notice to any employees who may have sent or received such messages. Users should structure their electronic communications in recognition of the fact that Abbott Resource Group will, from time to time, examine the content of electronic communications. Employees are reminded that all messages are company records. Therefore, Abbott Resource Group reserves the right to access and disclose all messages sent over its electronic messaging systems. The Information Technology Department and Department Supervisors may review the electronic communications of the employees they supervise to determine whether there have been any breaches of security, violations of company policy or unauthorized actions on the part of the employee.
||Consistent with generally accepted business practice, Abbott Resource Group collects statistical data about electronic communications. As an example, call detail reporting information collected by telephone switching systems indicates the numbers dialed, the duration of calls, the time of day when calls are placed, etc. Using such information, Information Technology personnel monitor the use of electronic communications to ensure the ongoing availability and reliability of these systems. If during the collection and review of such information they find questionable, inappropriate or illegal use of electronic communications, they will report their findings to the Chief Information Officer.
|Contents of Messages
||Workers must not use profanity, obscenities, or derogatory remarks in electronic messages discussing employees, customers, competitors, or others. Such remarks—even when made in jest—may create legal problems such as trade libel, defamation of character, or harassment/discrimination claims. Special caution is warranted because backup and archival copies of electronic mail may actually be more permanent and more readily accessed than traditional paper communications. Therefore, transmission of obscene or harassing messages to any other individual is strictly prohibited.
||Recognizing that some information is intended for specific individuals and may not be appropriate for general distribution, electronic communications users should exercise caution when forwarding messages. Abbott Resource Group’s sensitive information must not be forwarded to any party outside Abbott Resource Group without the prior approval of a local Department Manager. Blanket forwarding of messages to parties outside Abbott Resource Group is prohibited unless the prior permission of the Department Manager and the Chief Information Officer has been obtained.
|Handling Information About Security
||Users must promptly report all information security alerts, warnings, suspected vulnerabilities, and the like to the Chief Information Officer. Users are prohibited from utilizing Abbott Resource Group systems to forward such information to other users, whether the other users are internal or external to Abbott Resource Group.
||No media advertisement, Internet home page, electronic bulletin board posting, electronic mail message, voice mail message, or any other public representation about Abbott Resource Group may be issued unless it has first been approved by Marketing management, and/or Customer Service Department Management and in-house legal counsel prior to usage.
||If an electronic mail message contains information relevant to the completion of a business transaction, contains potentially important reference information, or has value as evidence of a Abbott Resource Group management decision, it should be retained for future reference. Most electronic mail messages will not fall into these categories, and accordingly can be erased after receipt. Electronic mail systems are not intended for the archival storage of important information. Important stored electronic mail messages can be periodically expunged by systems administrators, mistakenly erased by users, and other-wise lost when system problems occur.
||All official Abbott Resource Group electronic mail messages, including those containing a formal management approval, authorization, delegation, or handing over of responsibility, or similar transaction, must be archived/copied to individual user archive files within the Outlook e-mail facility
|Purging Electronic Messages
||Messages no longer needed for business purposes must be periodically purged by users from their electronic message storage areas (including Outlook’s out boxes, in-boxes, and file folders) . It is recommended that after ninety (90) days electronic messages stored on Outlook’s e-mail systems be deleted by the individual users. After seven (7) days e-mail which has been sent to “Trash” will automatically be purged. Not only will this increase scarce storage space, it will also simplify records management and related activities. For Voice Mail, messages are saved for 30 days then purged. Undeliverable messages are automatically deleted.
|Harassing or Offensive Materials
||Abbott Resource Group computer and communications systems are not intended to be used for, and must not be used for the exercise of the workers’ right to free speech. Sexually explicit words and images, ethnic slurs, racial epithets, religious or political statements or anything else that may be construed as harassment or disparagement of others based on their race, national origin, sex, sexual orientation, age, religious beliefs, or political beliefs may not be displayed or transmitted. Unwanted telephone calls, electronic mail, and internal mail are strictly prohibited and is cause for disciplinary action including termination. Users are encouraged to respond directly to the originator of offensive electronic mail messages, telephone calls, and/or other communications. If the originator does not promptly stop sending offensive messages, Users must report the communications to their manager and the Human Resources Department. Abbott Resource Group retains the right to remove from its information systems any material it views as offensive or potentially illegal.
|Establishing Electronic Business Systems
||Although Abbott Resource Group seeks to aggressively implement Electronic Data Interchange (EDI) and other electronic business systems with third parties, all contracts must be formed by paper documents prior to purchasing or selling via electronic systems. EDI, electronic mail, and similar binding business messages must therefore be released against blanket orders, such as a blanket purchase order. All electronic commerce systems must be approved by the Marketing managers, CIO and in-house legal counsel prior to usage.
|Paper Confirmation for Contracts
||All contracts formed through electronic offer and acceptance messages (fax, EDI, electronic mail, etc.) must be formalized and confirmed via paper documents within two weeks of acceptance. Employees must not employ scanned versions of hand-rendered signatures to give the impression that an electronic mail message or other electronic communications were signed by the sender.
riskVue | The webzine for risk management professionals
Browse This Month's Articles
Useful Web Tools
Issue-by-Issue Article Index
Industry Event Calendar
Risk Manager’s Guide to All 50 States
Get riskVue's free monthly e-mail
Download our White Paper, "How To Choose and Use a Risk Management Consultant"
Learn more about riskVue
Call for Authors
Get riskVue Banners