Professional Documents
Culture Documents
Formulating A Company Policy On Access To and Use and Disclos
Formulating A Company Policy On Access To and Use and Disclos
Introduction
Background
could have satisfied its needs by less intrusive (or less demanding)
means, and the degree to which close questions are thought
appropriately to be called in one direction or another or to be
resolved by special procedures. The basic criteria for evaluating any
given policy are, at a general level, quite general and
straightforward.
Does the policy comply with law and with duties to third parties?
Does the policy unnecessarily compromise the interests of the
employee, the employer or third parties?
Is the policy workable as a practical matter and likely to be
enforced?
Does the policy deal appropriately with all different forms of
communications and record keeping within the office?
Has the policy been announced in advance and agreed to by all
concerned?
III. Policy Options
If a company does choose to articulate an express policy on the
privacy of company electronic mail, then it may want specific elements
of such a policy to address particular issues. These include:
A. What are the permissible uses to which the company electronic mail
system mad be put, and by whom?
1. May the company electronic mail system be used incidentally
for personal messages?
2. If so, must employees take special steps to protect such
messages against inadvertent inspection by others?
B. Will the company monitor the contents or transactional records of
electronic mail as a matter of course, for any particular purposes?
1. If so, will the company refrain from further inspection of
messages it determines are of a personal and private nature?
2. Will the nature of any routine monitoring be disclosed to
employees?
3. Will the company limit the use to which it may put information
that is available only from electronic monitoring?
C. What grounds will be required to be shown, if any, to justify
obtaining access to the contents of electronic mail without the
consent of a sender or recipient?
1. Must the employee seeking access establish a valid business
purpose for such access?
2. Will the company weigh the importance of the business purpose
against the strength of any reasonable expectation of privacy?
3. Will the company consider the extent to which the information
could be obtained by alternative, less intrusive means?