By Bryan K. Wheelock, Principal
A computer and technology policy is an important part of protecting and managing intellectual property. A business should consider establishing a policy that addresses the following points:
Use of Company Technology
The technology provided by the company, including computer systems, communications networks, company-related work records and other electronically stored information in general should only be used for the business of the company. Whatever the purpose, employees should be prohibited from transmitting, retrieving, or storing any communications or other content of a defamatory, discriminatory, harassing or pornographic nature. No messages with derogatory or inflammatory remarks about an individual’s race, age, disability, religion, national origin, physical attributes or sexual preference may be transmitted. Harassment of any kind should be prohibited.
Restricted Access to Computer Systems and Data
The Federal Computer Fraud and Abuse Act (18 U.S.C. §1030) provides protection against the improper accessing of computer systems and data, but the key to its protection is that the access is unauthorized. Because an employee is generally authorized to access the company’s computer system, the protections of the CFAA are frequently held not to apply to the actions of employees. By carefully defining what employees are authorized to do with the company’s computer systems and data, and what an employee is not authorized to do, the company may be able to extend the protections of the CFAA to activities of disloyal employees. Many states have laws that parallel the CFAA, for example Missouri’s Computer Tampering Statute Mo.Rev.Stat. §537.525.
Employees downloading, installing, and running software can jeopardize the company’s computer system, and their installing and running unlicensed software can create substantial copyright liability. Civil damage awards of up to $150,000, plus attorneys’ fees and costs, are possible as well as criminal penalties including substantial fines and imprisonment. Employees should be restricted from downloading software and plug-ins without permission from IT, and employees should be prohibited from installing unlicensed software on company computers. Employees should further be prohibited from using unlicensed software on their personal computer to perform work for the Company.
Copyrighted materials belonging to third parties should not be transmitted or stored on the company’s network without permission of the copyright holder. Employees should be encouraged to share links rather than actual copies. Employees should be educated about the limits of fair use an incorporating copyrighted materials into company work product.
The company should consider whether it wants employees posting anything about the company (good or bad). Even well-intended posts can interfere with the coherent message that the company is trying to project. At a minimum, the company should instruct employees about the message that the company is trying to project on social medial.
The company should also consider whether it wants employees to identify themselves as employees of the company when participating in social media. Views expressed by employees could be attributed to the company by the mere fact of their employment.
Using Company email and email Addresses
The company should consider whether it wants employees using company email, and in particular a company email address, in conducting personal business. Having the company’s email address associated with online postings could result in the employee’s personal opinions being attributed to the company. Email is also a tool for stealing electronic files. The company should monitor employee emails, and advise employees that they are doing so.
Employees should be regularly reminded that company emails are business records that may be discoverable, and their content should be prepared accordingly.
No outside media
Not only are flash drives and similar devices a tool for stealing electronic files, but they are a vector for computer viruses and other malware. However, they are beneficial and convenient and a complete prohibition could interfere with the proper conduct of the business.