Electronic Communications Risks
For many companies, a large portion of business is conducted using emails, instant messaging, cell phones and other electronic communications. Whilst the ability of such tools to deliver efficiency is unmatched, risks attached to the use of electronic communications must be managed. Potential risks include:
.
| TOPIC | EXAMPLES |
|
Employees abusing electronic communications for personal use; |
Employees surfing the net for unreasonable time periods, lack of productivity at the workplace due to employees use of applications such as skype and facebook for personal use; |
| Employees transmitting, viewing
or storing offensive material such as racist, sexist or otherwise objectionable material; |
A company being vicariously liable when an employee circulates an offensive racist email; |
|
Misconceptions amongst employees about allowed use and information security risks; |
Employees are of the understanding that they may back up their computers at home;Employees are unaware that they may not download unauthorised software or music onto their computers; |
| Unauthorised disclosure of
confidential information and trade secrets; |
Employees disclose confidential or trade secrets to a competitor;Employees fail to use encryption and a laptop containing trade secrets and confidential information is stolen. |
| Unauthorised distribution of
intellectual property; |
Employees share intellectual property with third parties without attaching the copyright notice and the company is unable to claim the intellectual property therein. |
| Breach of client’s privacy; | Employees take a file with a client’s private or personal information to a restaurant while out on lunch and it is left behind. |
| Sending of unsolicited
commercial communications using company electronic communications tools; |
Employees run another company selling cosmetics from work and send out “spam” to the company’s clients. |
.
Electronic Communications Policy
An Electronics Communications Policy may be drafted and implemented at a company to address the risks identified above. The Policy should sets out guidelines on allowed and disallowed use by employees of a company’s electronic communications resources. The Policy must also include sanctions or penalties for violation of the policy.
.
In order to achieve maximum benefits and impact from an Electronic Communications Policy an appropriate audit of electronic communications utilised by the company must be undertaken.
The legal audit proposed above will determine the appropriate provisions for the Electronic Communications Policy to be drafted and implementated at the company. The following, however, is an indication of potential provisions that may be contained in such Policy:
.
- Whether personal use is permitted of electronic communications systems, and to what extent;
- Ownership of electronic communications sent and received on behalf of the company;
- Permission to intercept communications of employees;
- The employees privacy at the workplace;
- Information security safeguards to be followed such as passwords, encryption, locking computers;
- Specification on what uses are disallowed such as viewing or distributing sexually explicit, pornographic, racist, sexist communications, gambling; and
- Whether employees are permitted to download third party software.
.
Email pria@chettylaw.co.za for more information about managing electronic communications at your organisation.