SmartAdvice: Businesses Wise To Set Acceptable-Use Internet Policies

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers two questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to [email protected]

Question A: What issues should be addressed by an "acceptable use" policy about playing music and video on company-owned PCs?

Our advice: At many companies, the use of company-owned PCs for personal matters is discouraged or outright prohibited. Courts have established that personal E-mail sent through company-owned PCs is subject to company review. In addition, many firms block access to various Internet sites, be they pornographic, music, online auctions, chat rooms, etc., citing employee use of these sites on company time as resulting in lost productivity, or possibly leading to sexual harassment charges against the company.

Related Links SANS InfoSec Acceptable Use Policy BECTA IT Acceptable Use Policy Monitoring Employees' Use of Company Computers and the Internet The Threat of Lifestyle Computing in the Enterprise Individual Rights vs. Corporate Controls for PCs Understanding and Managing Illicit Image Abuse in the Workplace

For those firms that permit music and video playing on company PCs, there are several guidelines that should be established to prevent abuse of this privilege. Music downloads, if permitted, should be restricted to approved Web sites, such as Napster or iTunes, where the music content is known to be virus free and in compliance with the copyright-holder's intellectual-property rights. Downloading of music should be restricted to times before or after business hours. If over-the-network system backups regularly occur at set times, downloading of anything through the network should be restricted during these times so as not to create network bandwidth contention. In addition, all musical content that is sexually explicit in nature should be prohibited, following the same rationale as prohibition of pornographic material. One never knows when exposure to sexually explicit lyrics in a workplace could lead to a sexual harassment complaint. If employees wish to listen to music, they should be required to use headphones and at a volume that doesn't prevent them from answering their telephones or hearing someone speaking to them. Employees should be instructed to save such files only on their local hard disks, not on company network drives. Also, antivirus protection should be in place for scanning all types of downloaded files, regardless of the location where the files are eventually stored.

The viewing of streaming video should be subject to even stricter guidelines. Obviously, video that is pornographic or contains content that is intimidating, hostile, or offensive on the basis of sex, race, color, creed, national origin, religion, sexual orientation, etc. should be prohibited. Also, downloading copyrighted material, such as motion pictures or music videos, should be banned. Any site that offers streaming-video content should be approved ahead of time by the IT department before employee access is granted. In addition, a general time-duration rule should be established. It could be only to permit a three-minute video download without prior approval from, say, the director of network operations. Again, this is to prevent network bandwidth issues. Also, the same rules governing when to download (time and day) and where to download the content to, as outlined above for music files, should apply.

It should be made clear in the employee policy manual that music and video downloads, if they're permitted, are a privilege and not a right. Employees also should be told that they will be monitored for compliance. Finally, the policy should make it clear that violating the guidelines for music or video downloading could result in actions ranging from suspension of Internet access privileges to dismissal from the company.

-- Stephen Rood

1 of 2