If you have computers connected to the internet and your employees use them, you need to implement a computer use policy, no matter how small your business or how many employees you have.
The term “computer use” includes the activities your employees and others (independent contractors, for example) take part in while using your computer software, hardware, and networks for company business and personal purposes.
A computer use policy is different from a company’s social media policy, which covers employee use of personal devices for texting, social media, sending photos, or other related activities.
Important Federal Computer Crime Laws
Before you create a computer use policy, you’ll need to know the major computer and internet laws that affect your business and employees.
The Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act (CFAA), originally enacted in 1986, is a cybersecurity law that protects government computers, bank computers, and computers connected to the internet. The law shields these computers from trespassing, threats, damage, and espionage carried out through computer intrusions, denial of service attacks, viruses, and worms. For businesses specifically, some of the most significant cybercrimes the CFAA addresses are:
- Computer trespassing (hacking, for example) that exposes stored information.
- Committing fraud involving unauthorized access to a computer (this includes “approaching, trespassing within, communicating with, storing data in, retrieving data from, or otherwise intercepting and changing computer resources without consent”).
- Threatening to damage a computer.
- Trafficking in passwords.
The Electronic Communications Privacy Act
The Electronic Communications Privacy Act of 1986 (ECPA) generally protects a person’s private conversations through email, phone conversations, and data stored electronically. But the federal law states that communication is not protected if at least one of the people gives consent (an employee can be the one person).
Some state laws (like California’s, for example) prohibit the recording of conversations unless all parties consent.
Other Federal Computer Crime Laws
Several other federal laws may affect your business if employees are using your company computer for illegal purposes.
- Federal wiretap laws proscribe using mail or wire communications (including email) for fraudulent or deceptive purposes.
- Copyright laws prohibit illegally using copyrighted material on the internet.
- Federal child pornography laws prohibit use of computers for crimes connected to pornography.
State Computer Crime Laws
All U.S. states have their own computer crime laws, which address actions that destroy or interfere with normal operation of a computer system. The National Conference of State Legislatures (NCSL) provides a resource that breaks down the specific types of computer crime laws enacted in each state.
What to Include in a Computer Use Policy
In order to implement an effective computer use policy for your business, there are several important steps to take and guidelines to consider.
- Begin by including a detailed list of all the devices, software, connections, and other electronic equipment and networks that are covered under the policy for both business and personal use.
- Make employees aware of their responsibility for any content—business and personal—stored on company computers or sent to others. For example, employees should be aware of the possibility that anything they communicate on company computers may be subject to discovery (collection of information or evidence) in litigation.
- Explain to employees that they must follow company rules for downloading software or files from the internet, and changing or deleting any company-standard programs (like virus protection) is prohibited.
- Include a copyright statement, explaining that anything employees copy from the internet for work purposes—such as images, text, and graphics—may be subject to copyright law restrictions against use. You might also want to give them a summary of what constitutes fair use of copyrighted works.
- Explain to employees that there is no right to privacy in regards to any information or files stored on your company’s computer systems, voicemail, email, or other technical resources. Then, state that your company reserves the right to monitor, register, or regulate email and other electronic communications on the company’s computers and networks.
- This policy statement is also a good place to discuss passwords, both company-provided and personal, and restrictions on sharing or changing them.
- You may want to establish specific rules for email use, including limiting or prohibiting personal emails on your company’s computers. These rules, in turn, might prevent harassment, distribution of pornography, intimidation, and masking (misidentifying email sender).
- Include penalties for violations of your company’s policies and the types of misuse that can be prosecuted under your internal policies, as well as federal or state regulations. See this list of possible violations from the University of California, Berkeley.
- Be sure to require employees to read and sign your computer use policy at time of hire or orientation. Include a consent form to allow your company to monitor and gain access to computer files, internet devices, and phone conversations on equipment owned by your business.
If you’re considering installing employee monitoring technology to track web usage, be aware that there are not only ethical issues that may arise, but legal ones, too, as laws like the ECPA regulate this type of activity.
The CFAA also prohibits intentionally accessing a computer without authorization, but it doesn’t define what “authorization” means. Clearly define what constitutes unauthorized use (like harassment, intimidation, and wasting computer resources) in your company’s policies and make sure you comply with federal and state laws.
Sample Computer and Internet Policies
If you’re looking for additional templates or resources to help you craft a policy, there are a variety of options, including the following: a downloadable computer, email, and internet usage policy template from the Society for Human Resource Management, an expanded policy from the Association for Corporate Growth that considers all company property including computers, and a sample computer usage policy provided by the Association of Corporate Counsels.
Get Help From an Attorney
The policy suggestions and sample policies are only guidelines, and aren’t intended to apply to every situation. Every business situation is different and the laws on computer use and privacy are constantly evolving. To navigate the complexities and make sure your policies are clear, reasonable, and lawful, get help from an experienced labor law attorney.