A friend works in sales for a wireless communications company and reports that business is good. He says many small businesses continue to invest in new technology. These investments include granting employees access to company cell phones, Blackberries, laptops, remote access, internet, company blogs and social networking sites.
These new technologies can transform business operations and increase productivity. That’s all gravy.
If you’re not careful, however, your electronic workplace can become a real turkey by creating unintended employment-related liabilities. In these economic times, few companies have flex in the budget to cover legal claims arising from an employee’s misuse of company technology. Here are a few tips to manage the risk.
Update your computer use policies
Every company should include a computer use policy in its employee handbook. The policy should describe permitted uses of company technology as well as prohibited activities. Without a policy, the company will find it difficult to monitor employee use and take action against a bad actor. The company may also find itself liable for that employee’s bad acts. If you have a policy today, update it to comply with the rulings of the U.S. Court of Appeals (9th Circuit) in the case of Quon v. Arch Wireless.
Manage your electronic records
Each company should implement a written records management program. Recent changes to the Federal Rules of Civil Procedure highlight the need. A proper program will include a written document retention and destruction policy together with appropriate employee training. The program should also institute a document freeze (i.e. “litigation hold”) on relevant records if litigation is commenced or threatened. The costs of electronic discovery in litigation are substantial if your company does not have these policies in place. Further, absence of a good records management program may result in court sanctions in litigation.
Audit your software compliance
The software you use comes with restrictions. There are restrictions on who may use it, how many may use it and where it may be used. In a difficult economy, software vendors actively audit customer misuse of software and charge significant fees to settle license violations. Your company should audit its usage of software and “true-up for 2009. If you believe there is a likelihood of significant non-compliance, contact legal counsel for assistance in conducting the audit.
Maintain data security
Forty-four states now require companies to notify individuals if the company has lost their personal information. Massachusetts requires a company to maintain a written security policy if the company stores personal information of any Massachusetts residents. Nevada requires companies to encrypt personal information. Given the patchwork of emerging data security laws, companies must have proper network security programs in place. If you don’t have the internal skills for this, consider outsourcing your network security to a reputable vendor.
These recommendations may have been optional several years ago. Today, they are good business and important elements of effective risk management. There is much to be thankful for when employees use new technology for proper purposes to effectively grow the business. And in a well-managed workplace, it’s all gravy.