Sample Contracts and Documents
J. Carlton Collins
In the event that an employee uses company computer and communication systems to copy copyrighted material, access pornography, copy money, send fraudulent communications, etc. your company will be better protected from liability if you have an Acceptable Use Policy Agreement in place. While there is no single “correct” policy statement, the example document below reflects the concepts covered in several good policy contracts. As always, this is only an example - you should seek advice of counsel before implementing your own version.
The acceptable use policy defines the acceptable use of computer equipment, software, communications, and equipment as provided by your company. Everyone in the company should be expected to follow the written policy without exception. The policy should be provided in writing to all employees, and signed copies of this agreement should be kept on file.
So, what defines an Acceptable Use Policy? To provide guidance as to what to place in your policy statement, let’s define a few unauthorized uses for a computer account.
The list above defines each of the specific areas of concern a company usually encounters. The following takes these concerns and places them in an appropriate text for a policy statement. Again, you should review your policies carefully, have them reviewed by legal counsel for wording and enforceability appropriate to your geographic area.
Example Company encourages the sharing of information, comprehensive access to local and national facilities to create and disseminate information, and free expression of ideas. General access facilities and infrastructure are provided to further these purposes. There is an obligation on the part of those using these facilities and services to respect the intellectual and access rights of others--locally, nationally and internationally.
Computing resources and facilities of Example Company are the property of the company and shall be used for legitimate activity related to the performance of the duties and responsibilities of the users only, administrative, public service, or approved contract purposes. Supervisors may, at their discretion, allow personal use by the employee of these resources that does not interfere with the institution or with the employee’s ability to carry out company business. Individuals who disregard elements of this policy will be subject to appropriate disciplinary and/or legal action by Sample Company. Use of company computing facilities for personal or commercial use is not authorized. Use of company computing facilities for educational purposes must be consistent with other training educational programs. The use of company computing facilities for higher education degree seeking or certification programs may only be done with the specific written approval of the appropriate supervisor.
Individuals and non-company organizations using the company’s facilities to gain access to non-company facilities must be cognizant of and observe the acceptable use policies of the company at all times.
Failure to observe these policies will result in immediate disconnection or loss of use privileges, as well as possible disciplinary action or termination at the discretion of the offending party's supervisor or department head based on the nature and severity of the offense.
Company Policies
1. Users will not violate copyright laws and their fair use provisions through inappropriate reproduction and/or distribution of music (MP3, etc.), movies, computer software, copyrighted text, images, etc.
2. Users shall not use company computers or network facilities to gain unauthorized access to any computer systems. Using programs intended to gain access to unauthorized systems for any reason or purpose is strictly prohibited.
3. Users shall not connect unauthorized equipment to the company’s network, to include hubs, routers, printers or other equipment connected to the company’s network directly or via remote attachment.
4. Users shall not make unauthorized attempts to circumvent data protection schemes or uncover security loopholes. This includes creating and/or running programs that are designed to identify security loopholes and/or decrypt intentionally secure data.
5. Users will not associate unapproved domain name sites with a company owned IP address.
6. Users will not knowingly or carelessly perform an act that will interfere with the normal operation of computers, terminals, peripherals, or networks.
7. Users will not knowingly or carelessly run or install on any computer system or network, or give to another user, a program intended to damage or to place excessive load on a computer system or network. This includes, but is not limited to, programs known as computer viruses, Trojan Horses, and worms.
8. Users will refrain from activity that wastes or overloads computing resources. This includes printing too many copies of a document or using excessive bandwidth on the network.
9. Users will not violate terms of applicable software licensing agreements or copyright laws.
10. Users will not use company resources for commercial activity, such as creating products or services for sale.
11. Users will not use electronic mail to harass or threaten others, or to send materials that might be deemed inappropriate, derogatory, prejudicial, or offensive. This includes sending repeated, unwanted e-mail to another user.
12. Users will not use electronic mail on company-owned, or company-sponsored, or company-provided hardware or services to transmit any information, text, or images that would be deemed offensive, inappropriate, derogatory, prejudicial, or offensive.
13. Users will not initiate, propagate or perpetuate electronic chain letters.
14. Users will not send inappropriate mass mailings not directly associated with, or in the performance of, the routine course of duties or assignments. This includes multiple mailings to newsgroups, mailing lists, or individuals, e.g. "spamming," "flooding," or "bombing."
15. Users will not forge the identity of a user or machine in an electronic communication.
16. Users will not transmit or reproduce materials that are slanderous or defamatory in nature, or that otherwise violate existing laws, regulations, policies, or which are considered to generally be inappropriate in a work place.
17. Users will not display images or text that could be considered obscene, lewd, or sexually explicit or harassing in a public computer facility or location that can be in view of others.
18. Users will not attempt to monitor or tamper with another user's electronic communications, or reading, copying, changing, or deleting another user's files or software without the explicit agreement of the owner.
19. Unauthorized viewing or use of another person’s computer files, programs, or data is prohibited. All users should also be aware that all programs and all files are deemed to be the property of the company, unless the individual has a written agreement signed by an appropriate representative or officer of the company. Federal or state law may require disclosure of individual computer files which are deemed public records under the state public records statute and that state and federal law may prohibit the disclosure of certain records as well.
20. Entry into a system, including the network system, by individuals not specifically authorized (by group or personally), or attempts to circumvent the protective mechanisms of any system, are prohibited. Deliberate attempts to degrade system performance or capability, or attempts to damage systems, software or intellectual property of others are prohibited.
21. The electronic mail system shall not be used for "broadcasting" of unsolicited mail or for sending chain letters, and the communication system shall not be used for sending of material that reasonably would be considered obscene, offensive, or threatening by the recipient or another viewer of the material.
22. The company reserves the right to monitor and record the usage of all facilities and equipment, and all software which is the property of the company by ownership, lease, rent, sponsorship or subsidy, if it has reason to believe that activities are taking place that are contrary to this policy or state or federal law or regulation, and as necessary to evaluate and maintain system efficiency. The company has the right to use information gained in this way in disciplinary or criminal proceedings.
23. The Federal Copyright Act nearly always protects commercial software. Use of company facilities or equipment for the purpose of copying computer software that does not contain specific permission to copy (some licenses do allow the making of one copy for backup) is prohibited. The unauthorized publishing of copyrighted material on a company server is prohibited, and users are responsible for the consequences of such unauthorized use.
24. An individual’s access to computer resources may be suspended immediately upon the discovery of a violation of this policy.
This policy contains the company's complete acceptable use policy and replaces any pre-existing policy issued before Month Day, Year. For questions about this policy, contact Name and Contact Information here.
Failure to comply with any of the above policies may result in termination of your Example Company network services, disciplinary action, and/or criminal prosecution. The company reserves the right to terminate any company network connection without notice if it is determined that any of the above policies are being violated.
Sample E-mail/Internet User Agreement
Employee Agreement:
I have received a copy of Example Company's Corporate Policy Guideline on e-mail/Internet acceptable use, policy #_______, dated, _________. I recognize and understand that the company's e-mail/Internet systems are to be used for conducting the company's business only. I understand that use of this equipment for private purposes is strictly prohibited.
As part of the Example organization and use of Example's gateway to the Internet and e-mail system, I understand that this e-mail/Internet corporate guideline applies to me. I have read the aforementioned document and agree to follow all policies and procedures that are set forth therein. I further agree to abide by the standards set in the document for the duration of my employment with Example Company. I am aware that violations of this corporate guideline on e-mail/Internet acceptable use may subject me to disciplinary action, up to and including discharge from employment.
I further understand that my communications on the Internet and e-mail reflect Example Company, worldwide to our competitors, consumers, customers and suppliers. Furthermore, I understand that this document can be amended at any time.
_______________________________________
Employee Signature Date
______________________
Employee Printed Name
_____________________
Manager Signature
You should communicate this policy in several ways, including:
1. On-line message that appears when the user logs onto e-mail/Internet.
2. Short policy statement regarding e-mail/Internet acceptable use in the employee handbook.
3. Orientation and hiring statement notifying new employees of e-mail/Internet policies.
4. Training Sessions on computer and Internet use and e-mail policies. An employee who is told that monitoring will occur may be apprehensive about using the company's e-mail and Internet systems. Training sessions where policies are explained in detail can go a long way in allaying fears.
Sample Privacy
Statement
Example Company understands the importance of protecting the privacy of our customers and others who visit our Web site. We consider any personal information you may supply to us to be personal and confidential, and we are committed to using this information solely for the purpose of providing you with superior service and convenient access to the right products and services.
We take our commitment to safeguarding customer information seriously, which is why we have adopted the following principles:
1. Example Company makes every effort to collect, retain, and use customer information only where we believe it is useful (and as allowed by law) in administering Example Company business and to provide products, services, and other opportunities to our customers.
2. Example Company limits employee access to personally identifiable information to those with a business reason for knowing such information. Example Company stresses the importance of confidentiality and customer privacy in the education of its employees. Example Company also takes appropriate disciplinary measures to enforce employee privacy responsibilities.
3. Example Company does not disclose our customers’ personal or account information to unaffiliated third parties, except for the transferring of information to reputable credit reporting agencies; or when the information is provided to help complete a customer initiated transaction; the customer requested the release of the information; or the disclosure is required or allowed by law.
4. Example Company maintains appropriate security standards and procedures regarding unauthorized access to customer information.
5. If Example Company provides personally identifiable information to a third party, we insist that the third party adhere to similar privacy principles that provide for keeping such information confidential.
Company Acceptable Internet Use Policy
If a user violates any of the acceptable use provisions outlined in this document, his/her account will be terminated and future access will be denied. Some violations may also constitute a criminal offense and may result in legal action. Any user violating these provisions, applicable state and federal laws, is subject to loss of access privileges and any other Company disciplinary options.
1) Acceptable Use
Must be in support of education and research consistent with company policy, and employees job description
Must be consistent with the rules appropriate to any network being used/accessed
Unauthorized use of copyrighted material is prohibited
Publishing, downloading or transmitting threatening or obscene material is prohibited
Distribution of material protected by trade secret is prohibited
Use for commercial activities is not acceptable
Product advertisement or political lobbying is prohibited
2) Privileges
Access to the Internet is not a right, but a privilege
Unacceptable usage will result in cancellation of account, and possible disciplinary proceedings
3) Netiquette
· Be polite
· Do not use vulgar or obscene language
· Use caution when revealing your address or phone number (or those of others)
· Electronic mail is not guaranteed to be private
· Do not intentionally disrupt the network or other users
· Abide by generally accepted rules of network etiquette
4) Security
· If you identify a security problem, notify a system administrator immediately
· Do not show or identify a security problem to others
· Do not reveal your account password or allow another person to use your account
· Do not use another individual's account
· Attempts to log on as another user will result in cancellation of privileges
· Any user identified as a security risk or having a history of problems with other computer systems may be denied access
· User must notify the system administrator of any change in account information
· User may be occasionally required to update registration, password and account information in order to continue Internet access
· Company has access to all mail and user access requests, and will monitor messages as necessary to assure efficient performance and appropriate use.
5) Vandalism/Harassment
· Vandalism and/or harassment will result in the cancellation of the offending user's account
· Vandalism is defined as any malicious attempt to harm or destroy data of another user, the Internet or other networks. This includes, but is not limited to, creating and/or uploading computer viruses
· Harassment is defined as the persistent annoyance of another user or the interference in another user's work. This includes, but is not limited to, the sending of unwanted mail
6) Penalties
· Any user violating these provisions, applicable state and federal laws or posted company rules is subject to loss of network privileges and any other Company disciplinary options, including criminal prosecution
· All terms and conditions as stated in this document are applicable to all users of the network. This policy is intended to be illustrative of the range of acceptable and unacceptable uses of the Internet facilities and is not necessarily exhaustive.
I understand and will abide by the Company Acceptable Internet Use Policy. I further understand that any violation of this Acceptable Internet Use Policy is unethical and may constitute a criminal offense. Should I commit any violation, my access privileges may be revoked, disciplinary action and/or appropriate legal action may be taken.
User Signature:__________________________________ Date:________________