Bravo, Scott. My opinion, better expressed. Your exact scenario has come back to bite my org, yet they do not change.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 1:03 PM To: Tim Heagarty Cc: [EMAIL PROTECTED] Subject: RE: e-mail policies Caveat: I'm neither a guru nor a lawyer, nor do I appear on a reality TV show purporting to be either. I'm in this thread late, so I am commenting on more than the text of this message. I hope that is alright. Someone posted that the first thing to do is do determine the local legal requirements. I differ, that is needed.but not first. The first thing that you need to do is to determine what it is you are trying to accomplish, and to make sure that all the concerned parties agree on that. When 12-15 hour days are common, it is IMO unrealistic (and unfair) to expect that employees will not conduct any personal business electronically using employer owned resources while at work. Unrealistic because many salaried employees work hours such that necessary personal business cannot easily be completed during off hours. This applies to telephone systems too. While the employer may have configured the switch to not allow long distance calls without an access code, many numbers for personal business., are toll free or local. Does anyone contend that their company effectively prevents personal calls to toll free numbers? Unfair because many employees are working extra hours without extra compensation even though the nature of their job may reasonably expect that they are entitled to it. So if the employee is allowing the employer to use some of his or her "property" in the form of uncompensated time, isn't it fair for the employer to allow reasonable use of company property in order to mitigate the effects of working those extra hours? I think the selective enforcement could bite the employer in the nether regions in the event of a wrongful dismissal suit. It seems to me that if the email "abuse" is cited as a primary cause for dismissal and the former employee can show by direct evidence or by testimony of other employees that others violated the same policy to the same degree and went unpunished, the employer may have a big problem. Executives might get away with this, but it could cost the company an expensive settlement. Our email policy does state that electronic systems and all information on those systems is company property and subject to official examination if certain prior authorizations are obtained. It further defines certain types of conduct and materials regarding those systems to be forbidden, with penalties up to and including dismissal (sexual harassment, for example) It does not otherwise prohibit or regulate personal use of company email. Employees can use PGP and other tools to obfuscate content in any event. No policy or set of policies can ever completely lock down employee (or employer) behavior. It's completely impractical. At some point, trust must take over. The art is to choose that point wisely. -Scott Miller "Tim Heagarty" <[EMAIL PROTECTED] To: <[EMAIL PROTECTED]> > cc: Subject: RE: e-mail policies 02/25/2003 03:35 PM Isn't all discipline selective? Upper levels of management don't come under the same scrutiny and rules that the lower levels are required to live under. The VPs won't be fired for chatting with their kids at college using IM though they would drop one of their underlings in a heartbeat for the same thing. I understand what you are saying but does your HR and Legal agree with the "occasional use" stance? My client's HR and Legal folks understood that the people were going to use the systems personally but they required the "absolutely no personal use" clauses just so they did have a tool available for selective use. Be sure that you somehow define "occasional use", as it will be difficult to terminate for just cause if you have not. It is easy to define "never" and show violation. The employee probably has other things stacked against them at that point anyway but your AUP won't be one of the supports for the company's case, which is just why they want an AUP in the first place. Tim Heagarty MCSE, MCP+I "There are only 10 kinds of people in the world, those that understand binary, and those that don't." Work: (928) 636-0489 Cell: (928) 533-9690 -----Original Message----- From: Moeckel, Sharon [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 12:40 PM To: Tim Heagarty; [EMAIL PROTECTED] Subject: RE: e-mail policies My company's current policy is the same. I am writing one that would allow occasional use. Otherwise, they do not enforce it until they want to get rid of someone - and IMHO that is selective discipline. -----Original Message----- From: Tim Heagarty [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 8:47 PM To: [EMAIL PROTECTED] Subject: RE: e-mail policies The email policies that I have written don't have any leeway for personal communications. Any and all messages contained within the system are the property of the company and may be read by an administrator in the normal course of their duties. Absolutely no email of a personal nature should ever be transmitted using the corporate email system. Now, we all know that personal email is going to be transmitted, and by some employees that's all that will EVER get transmitted. But, the statement is out there, the employee had to sign it and if they ignore it and put their personal information through our system, and they will, then the decision is theirs and not from the company. Tim Heagarty MCSE, MCP+I "There are only 10 kinds of people in the world, those that understand binary, and those that don't." Work: (928) 636-0489 Cell: (928) 533-9690 -----Original Message----- From: pablo gietz [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: e-mail policies Dear gurus We are defining policies for the use of corporate e-mail, I have doubts about privacy of messages sent by employees. Since the e-mail system is intended for business use, we need to prevent sensitive information disclosure. If we respect the privacy , how can discover infidelity employee? What is your opinion or the standard in this cases? What is the companies approach? Thanks a lot. -- Pablo A. C. Gietz Jefe de Seguridad Informática Nuevo Banco de Entre Ríos S.A. Te.: 0343 - 4201351