Author's Note.  I wrote this column a number of years ago for a county bar publication.  I don't even remember which one.  The Internet has changed since then, but in reponse to a recent question on the Wisconsin State Bar Practice411 Listserv, I thought I would share it.  While this article was written quite a while back, most of it is just as applicable today.

A PRACTICAL INTERNET USE POLICY FOR LAW FIRMS

Almost all businesses, including law firms, now use the Internet as an integral part of the their business. For law firms, the growing number of online resources has meant increased reliance on and use of the Internet by staff. Indeed, we have probably reached the point where individual desktop Internet access has become a law office necessity. A policy regulating use of the Internet has also become a necessity.

What is it that a law firm should try to accomplish in an Internet use policy? At one time, the simplistic response to this question would be that a law firm should forbid employees from using the firm’s Internet access and e-mail for any personal use. However, even if it was desirable, such a rigid standard is probably not attainable. A more practical approach is to develop a policy that recognizes and allows a certain amount of personal use while, at the same time, stressing that the primary purpose of the firm’s Internet access is business activity.

The primary goal of an Internet use policy should be to protect the firm. This amounts to identifying the main ways that an employee might get the firm into trouble while using the Internet. It also means prohibiting inappropriate use, whether that use is personal or business related. A secondary goal should be to place reasonable restrictions on allowable personal use of the Internet.

In order to accomplish the first goal, employees need to understand that their actions online can be attributed to the firm. They should be made aware that each and every e-mail sent from the firm identifies the firm as the source. Furthermore, they should understand that e-mails are generally irretrievable. Once sent, e-mails cannot be rethought, revised or unsent. Finally, employees must be made aware that others, both inside and outside of the firm, have the ability to monitor their Internet use.

Restricting inappropriate use is probably the easiest part of developing an Internet use policy. Uses that should be prohibited outright include adult websites and materials, gambling, use related to another business and downloading of any file that installs itself on the user’s computer. This last restriction is often overlooked but is necessary to protect the firm’s network from unwanted software. Such files are not only a source of viruses but may also be incompatible with the firm’s network and cause a variety of problems.

Placing reasonable restrictions on personal use is a matter of establishing guidelines as to what constitutes “excessive” personal use. A dose of common sense is necessary. Checking one’s stocks once per day or buying a book online over the lunch hour is probably not unreasonable whereas monitoring an online auction all day probably is. The excessive personal use level is probably reached when an employee’s productivity begins to fall off. As this point varies from employee to employee, it is necessary to have a standard that can be applied on a case-by-case basis.

A final, but very important, aspect of an Internet use policy is to inform employees that the firm’s Internet access, as well as the individual computers used to access the Internet, are the property of the firm. For this reason, employees should have no expectation of privacy with regard to anything they do on the Internet while at the office. Furthermore, employees should be made aware that the firm has the right and the technological ability to monitor current and past Internet activity in order to enforce the policy.

LAW FIRM INTERNET USE POLICY

1. Internet Services

This policy statement sets forth the Firm’s policies with regard to acceptable use of Firm provided Internet access.

2. Business Use

The Firm provides Internet access first and foremost as a resource for Firm related business. Firm related uses of the Internet included, but are not limited to, client matters, business development and marketing, professional development, research and office administration.

3. Personal Use

The Firm recognizes that limited use of the Firm’s Internet access for personal use may be necessary and, subject to the terms of this policy, limited personal use is allowed. Firm-related uses have priority at all times.

4. Permitted Uses

a. Downloading. Downloading of text, image and other non-executable files is permitted. When possible, users should determine the size of any file to be downloaded and download larger during non-peak hours.

b. Interactive Sites. Accessing interactive sites or sites that require registration is permitted. Registering for business-related sites shall be done using a Firm e-mail address. Registering for non-business sites using a Firm e-mail address is prohibited. Participation in online games or other strictly personal interactive sites is prohibited.

5. Prohibited Uses

a. Adult Sites. Accessing any adult-related site or newsgroup is prohibited. Users may not download or otherwise cause adult materials to be associated with the Firm.

b. Gambling. Accessing any gambling site or file-sharing newsgroup is prohibited.

c. Executable Files. Downloading of executable programs, program modules, or executable attachments is prohibited without prior permission of the Firm’s IT Department.

d. Copyrighted Materials. Downloading, copying and distributing of copyrighted materials is prohibited.

e. Business Activity. Conducting non-Firm related business activity is prohibited.

f. Hacking. Use of the Firm’s Internet access to gain unauthorized access to any computer, network, database or Internet location is prohibited.

g. Excessive Personal Use. Excessive use of the Firm’s Internet access for personal use is prohibited. What constitutes excessive personal use is at the sole discretion of the Firm.

6. Confidentiality

Internet use is, by its very nature, non-confidential. Users should understand that they are an employee and representative of the Firm while online. Website operators and other third parties may have the ability to monitor traffic on various websites and the source of that traffic. Users should recognize that the Firm’s domain name directly identifies their online presence with the Firm and implies that the online presence is with the consent or at the direction of the Firm.

Users should also recognize that e-mails sent with an e-mail address and signature, imply that such e-mails are sent with the consent or at the direction of the Firm.

7. Privacy

No user of the Firm’s Internet access has (or should expect to have) any expectation of privacy.

All users of the Firm’s Internet access are put on notice that the firm can and does routinely monitor Internet usage including, but not limited to, which sites, newsgroups and other Internet locations. The Firm can and does monitor patterns of Internet usage.

In order to enforce this policy and to comply with applicable laws, the firm reserves the right to intercept, view, access and delete any and all Internet communication transmitted, inbound or outbound, over the Firm’s Internet access system. Subject to its ethical obligations to maintain attorney-client confidences, the firm further reserves the right to disclose to others the contents of any Internet communication including, but not limited to, disclosures to law enforcement or legal authorities who may by warrant or subpoena, seek review or disclosure of such communications.

8. Penalties

Violations of this policy are subject to disciplinary proceedings against the employee that may include, in addition to those outlined in the Firm’s Employee Handbook, the loss of all Internet use privileges for that employee.