Acceptable Use Policy – Common Myths

When talking to clients and fellow business owners we have found that there are a number of myths which seem to surround the area of employee use of the Internet and email and the consequent monitoring by employers. For example:

Personal use of IT systems is a must

Many employers seem to be under the impression that they have to allow employees to have personal use of work Internet and email systems. This is not in fact the case, although with the increasing flexibility demanded of employees in terms of their working hours, most employers accept that it is reasonable to allow at least limited personal use.

It’s a breach of my human rights!

Employees who find themselves in hot water as a result of misuse of the corporate IT systems may well argue that the employer has in some way breached their human rights by conducting monitoring. This is generally an argument that does not find much favour with courts or tribunals. In the first instance, direct claims for breach of the Human Rights Act can only be made by employees of public bodies such as NHS Trusts or Local Authorities. Private sector employees can only bring a claim for breach of the Human Rights Act if the employee can add this to another form of claim such as unfair dismissal or breach of contract; there is no free standing right for private sector employees to bring Human Rights Act claims.

We all need social networking

Access to social networking sites presents a dilemma for employers. Most employers do not allow access to these sites and there is certainly no law that insists that employees should have such access. Some organisations take the view that these types of sites actually assist employees in making social connections which can aid the business, but employers have to consider whether the benefits that might arise from such use are outweighed by the damage that might be done.
Employees must also be aware that their online profile may come back to haunt them, with a survey conducted by Microsoft in December 2009 suggesting that approximately 40% of UK recruiters had rejected candidates following searches against their online footprint.

All blogging is evil

The increase in blogging and micro-blogging is often a concern for employers, particularly those organisations with a public profile. However, just because a negative comment is made by an employee in their blog, this is not necessarily grounds for immediate dismissal by the employer. The question is whether the comments made by the employee amount to misconduct under the employer’s disciplinary procedure, for example, conduct which brings the employer into disrepute, and also the scale of the misconduct. There appears to be a recent trend of customer service operatives using blogs or social networking sites to be very critical of both their employers and also the customers that they serve. This can be highly embarrassing for the employer, but the organisation should not act in haste, but rather investigate the matter thoroughly before coming to a considered decision.

How to Maximise Compliance and Minimise Risk


  1. Conduct a thorough risk assessment, identifying the particular areas of concern to the specific organisation.
  2. Tailor any Acceptable Use Policy(AUP) to the specific risks identified by the assessment
  3. Distribute the AUP and educate employees as to why the particular AUP is being implemented, stressing the importance of the policy and also its role in protecting the employees and giving them appropriate guidance on how to utilise corporate IT systems.
  4. Ensure that any technical solution is also tailored to support the AUP that you have put in place.
  5. Enforce the AUP consistently – there is no point in having the policy if it is never used or is implemented in an inconsistent or unfair fashion.
  6. Review the AUP regularly to ensure that it remains relevant to the threats faced by the business.

If you require assistance in creating a bespoke Acceptable Use Policy for your organisation contact us now.



Leave a Reply