Pin Me

To Surf or Not to Surf: Policies To Control Employee Internet Usage

written by: N Nayab•edited by: Jean Scheid•updated: 6/23/2011

Workplace policies make explicit and reinforce the expected behavior and procedures to follow at work, and the implications of non-compliance. Internet policies in the workplace clarify the common issue of employees using company Internet for personal purpose, and codify best practices on net usage.

  • slide 1 of 5


    Internet Policies in the Workplace The proliferation of the Internet and the extensive use of websites and emails for business purposes makes the Internet an indispensable tool for just about any office. The new business order requires businesses to connect with their customers through emails and website for many functions such as processing queries, complaints, and feedback, and even Internet sales. Internet marketing has also grown leaps and bounds in recent years as a cost effective and highly efficient way of marketing. Of late, company presence in social media applications such as Facebook and Twitter is a very valuable tool to connect with any customer base.

    Even when the Internet does not find requirements in direct work applications, it provides a treasure house of knowledge that vastly guides the employee to improve work performance. Employees may surf the Internet to learn a new computer program, acquire competence in soft skills such as leadership and communication, download resources such as forms and templates, participate in quality forums that engage in lively discussions to share professional knowledge and latest news, and more. The proper application of such acquired knowledge enhances performance greatly.

  • slide 2 of 5

    The Perils of Unrestricted Internet Use

    Side by side with benefits, the Internet allows wide possibilities for the employee to escape from work without leaving the desk. The employee can browse any site or indulge in any activity not even remotely connected to work. Such unrestrained browsing may result in many bad consequences.

    • Bad browsing habits such as sharing personal information and accessing untrustworthy sites makes the entire system vulnerable to preying hackers out to penetrate the system and steal sensitive data or infect malware.
    • Unauthorized files downloaded from the Internet, or unsolicited email attachments may contain deadly viruses or Trojan worms.
    • Employees participating in social media and other forums may knowingly or unknowingly pass on sensitive information, trade secrets, or disclose unauthorized information.
    • The company may face lawsuits owing to employees using the company email system to abuse, threaten, harass, or stalk others. Employers may also find themselves liable when employees use the company Internet facilities to infringe on copyrights or trademarks.
  • slide 3 of 5

    Ingredients of an Internet Usage Policy

    The only effective means to check misuse of the Internet in the workplace is having an effective company Internet usage policy that specifies dos and don’ts, and implement the same using effective network monitoring mechanisms and firewalls to restrict access to potentially damaging sites.

    A good policy restricts the employee to use company owned equipment and property for personal purposes, and asserts employer rights to control and monitor employees Internet usage, and list out possible disciplinary action for employees making inappropriate or improper use of company time.

    Effective Internet policies in the workplace cover:

    • List of actions that constitute permissible uses of the Internet and email, another list of specifically prohibited activities, and clear guidelines to identify as permissible or non-permissible any action not falling within these categories
    • Policy for sending and receiving email.
    • Nature of network monitoring in place, and type of logs maintained. Make explicit the use of email systems and Internet facilities is not confidential or private.
    • Nature of network security procedures and protocols in place, employees obligations to confirm to such protocols, and penalties for violating or circumventing such protocols.
    • Browsing guidelines such as clearing cache on exit, not downloading any unauthorized files, not disclosing any company information or personal passwords over social network media, prohibition of accessing certain known harmful sites, and more.
    • Circumstances in which employers may intercept, read, and act on emails directed or sent by a particular employee.
    • Specific actions such as abusing others over email and others that would construct as misconduct.

    One important clarification required in the policy is employees accessing the web for personal use. Most employers permit a limited use of company Internet for personal purpose, provided such use does not hamper productivity, or compromise company network and data security.

    The policy may require a disclaimer attached to each email sent by employees stating the views of the sender may not represent those of the company, as a safeguard against the company becoming liable for employee’s actions.

    Make certain that the policy applies consistency across the board, and considering the fast paced nature of changes in the cyber world, update it frequently.

  • slide 4 of 5

    Legal Framework

    The 1986 Electronic Communications Privacy Act affords certain protections to electronic communications but does not shield employees when they use the Internet or email at work for personal purposes. Employers may also face legal liability for employees’ inappropriate use of their Internet facilities.

    The law does not consider employers monitoring employee’s Internet usage an infringement on their privacy. In the landmark Smyth v. The Pillsbury Company case, the Plaintiff Michael A. Smyth had sued The Pillsbury Company for wrongful dismissal. The company had dismissed him for making threats to kill some of his coworkers using the company email system. Although the company had earlier issued a notice they would not intercept employee emails and use it to discipline employees, the court decreed that the company’s interest in preventing inappropriate and unprofessional behavior outweighed Smyths privacy interest in the emails.

    Another landmark case, the United States v. Simon’s came to a similar conclusion, upholding the employers’ right to monitor employees’ Internet activity logs and computer hard drives. The US Supreme court has since then clarified that while employees had a reasonable right of privacy of their desk and file cabinets, an office’s practices or procedures could make exceptions to such privacy.

    Blanket prohibitions on personal use may actually violate The National Labor Relations Act that gives the employees the right to organize and to engage in protected concerted activities, among other activities while at work. The National Labor Relations Board decided in the E. I. DuPont de Nemours & Co. case that an employer may prohibit employees to use business email systems to discuss personal topics, but may not forbid them from discussing about joining a union.

  • slide 5 of 5


    1. McCoy-Pinderhughes, Paula. "Internet Usage Policies: Rules are Required for Workplace Web Activities." Retrieved June 19, 2011
    2. Muhi,. Charles J. "Workplace e-mail and Internet use: employees and employers beware." Retrieved June 19, 2011.

    Image Credit: Meiklejohn