• forIndividuals
  • forBusiness
  • forCommunity
search
About usFact sheetsPrimary legislationWhat's new?
DictionaryTeachingContact usSite mapLinks
click to go home


Our Fact Sheets provide a detailed account of 29 areas of law as they apply to the Internet

Fact Sheets



IIA releases draft Cybercrime Code of Practice in July 2003

Workplace

Electronic communications policy


1. Privacy guidelines

The Australian Privacy Commissioner has published Guidelines on Workplace Email, Web Browsing and Privacy (Guidelines). The guidelines do not have the force of law, but they complement new privacy laws which commence in December 2001.

The Guidelines are to assist businesses to develop an email and internet policy (Electronic Communications Policy) in accordance with the legislation. The Electronic Communications Policy should be communicated to staff and should make clear what activities are permitted and what is forbidden.

2. General requirements of a workplace Electronic Communications Policy

The Policy should:

(a) be made available to staff, and management should ensure it is known and understood by staff. Ideally the policy is linked from a screen the user sees when they log onto the network;

(b) be explicit as to what activities are permitted and forbidden;

(c) clearly set out what information is logged and who has rights to access the logs and content of staff email and browsing activities;

(d) refer to computer security to the extent that improper use of email may pose a threat to system security, to privacy and to the legal liability of the organisation;

(e) outline in plain English how the organisation will monitor staff compliance with company rules on acceptable use of email and web browsing; and

(f) be reviewed regularly in accordance with the development of the Internet and information technology.

The policy should be reissued whenever significant change is made.

3. Contents of an Electronic Communications Policy

To minimise the liability of an employee and employer arising from information communicated electronically over the internet, the Policy should generally require an employee to:

(a) not make any statement that would be unlawful, in bad taste or embarrassing to another employee if made public;

(b) check and correct spelling, accuracy and address details before sending communication;

(c) not use or deal with illegal, offensive or defamatory material, including creating, downloading, transmitting, copying or saving illegal, offensive or defamatory material (eg child pornography is illegal material);

(d) not use any language that is obscene, defamatory, derogatory or racially, sexually or otherwise offensive or illegal; and

(e) not copy, download or distribute software, images, video, sound or text from the internet unless authorised by a licence (if any) attaching to that material.

4. Security of electronic communication resources policy

The Electronic Communications Policy should also cover the following security issues:

(a) Email account

Employees should not leave their email accounts unattended, email passwords should be changed regularly and kept private and secure.

Employees should not use email to communicate with clients except in relation to routine matters (such as confirming meeting dates or times) unless the client has specifically requested or approved the use of email.

If confidential information is sent by email, it should be labelled prominently at the beginning of the document as "CONFIDENTIAL" and if appropriate, "DO NOT FORWARD".

(b) Virus

Employees should be aware software, email attachments and files (utilising macros) can contain viruses that may infect and damage workplace computing systems and network.

Employees should scan and clean for viruses all email attachments and files downloaded from the internet or copied from disc on to your computer or the office network.

Many so-called "virus warning" emails have been jokes or hoaxes. It is best to treat virus warnings as serious until contrary evidence is provided from a trusted source.

Generally a virus is contained in a program attached to the email. The virus will not execute until the program attachment is clicked on.

It is best not to click on an email attachment unless received from a trusted source and has been first virus checked. In relation to new viruses, exercise common sense and do not open the attachment if:

(i) the suffix (eg Hello.vsd) looks unfamiliar to you or is an executable suffix, for example .exe;

(ii) the email and attachment are expressed as being to your advantage or benefit or otherwise appealing to your curiousity; or

(iii) you are not completely confident it has come from a trusted source even if addressed that way. For example, the email is expressed or set out differently to usual emails from that trusted source.

4. Dismissal for breach of the electronic communications policy

An employer may dismiss an employee for misuse of workplace internet or email(1) resources provided the employer:

(a) clearly demonstrates the use was an unauthorised use as defined by the electronic communications policy (otherwise the employer could be said to have impliedly authorised the usage);

(b) investigates the employee in accordance with any workplace disciplinary policy (if existing) and workplace relations law; and

(d) gives the employee the opportunity to respond to the allegations.


Other relevant Articles on this site:
Cyberspace crime

Other relevant Fact Sheets:
Confidential Information
Copyright
Cyberspace Crime
Defamation
Keeping Electronic Records
Online Content Regulation
Privacy
Workplace Net Control

End Notes
1. Australian Municipal, Administrative, Clerical & Services Union v Ansett Australia Ltd [2000] FCA 441 (7 April 2000)

"The only real mistake is the one from which we learn nothing", John Powell
forIndividuals/