Skip to Main Content
Get started

How to introduce an internet and email policy

Last updated: 10 May 2022

If your business uses computers and does not have an internet and email policy you are in a vulnerable position. This article explains exactly why you need a policy, how to create a policy document specifically for your company, how to monitor it once it is in place and what to do about breaches. You can easily download free internet and email policy documents and adapt them to your needs. It will not take long to do, and once all employees have read, signed and understood it, your business will be far better protected.


Why is it important to have internet and email policies?

It is important because you do not want communications resources wasted or productivity to suffer as employees surf the internet planning their next holiday! It is also vital to protect your business from potentially damaging material delivered via the internet or email. If you do not have policies how can employees know if they are abusing them or not? Furthermore, unless you explicitly state what is not acceptable, you could risk an unfair dismissal claim if you dismiss staff who access unsuitable material. It is often a question of striking the right balance between allowing staff access to the internet outside working hours and the controlling and policing you create. But you are in control and access to the internet should be seen as a privilege and not a right.

Trivial abuses of the system may include transferring large file attachments, or wasting work time surfing, on personal emails or online chat. More serious risks include downloading files that contain viruses, obtaining copyrighted material such as music or films, transmitting valuable or sensitive business information with encryption, distributing or relaying offensive or abusive material via email or generating junk email or spam via mass mailings. Accepting files from people in online chat rooms which could bypass firewalls or email filters is another serious abuse. Serious misconduct may lead to disciplinary or even legal proceeding e.g. accessing or downloading pornography or other offensive material, libelling or defaming colleagues, or external business contacts, via email and using the Internet to commit fraud or other illegal acts.

If you have internet and email usage policies you can avoid, or at least drastically reduce these risks. Staff will then know exactly what they can or cannot do, and the consequences of breaching the rules.


How can I create an internet usage policy for my business?

Firstly decide whether to allow staff access to the internet in their own time. This is often seen as a goodwill gesture. If you are to allow access you need an internet acceptable use policy (IAUP).

The policy should set out the terms and conditions for staff accessing the Internet at work. It should contain:

  • a definition of personal use – e.g. anything not directly related to work

  • guidance on how much access time is acceptable and when access is allowed

  • a warning to abide by any copyright and licensing restrictions on Internet sourced material

  • instructions on what to do before downloading material – e.g. checking the size of the file and its source

  • warnings on the danger of importing viruses through downloaded files and programmes

  • what personal use is not permitted – e.g. accessing pornographic or indecent websites, or using chat rooms in which offensive language is common

  • any sanctions or disciplinary actions that may be taken if employees do not follow the guidelines

  • warning staff that their access may be monitored. The warning in your policy could state that any websites visited are traceable back to specific individuals – even if deleted, and that the frequency and length of time individuals spend viewing websites will be logged

  • a very easy way to sort out your internet and email policy is to download a sample guide from BusinessLink. Add your company name, where appropriate, and make any changes you want to the pro-forma and print a copy. Check you are happy with the end result, get all staff to sign and date it, keep a copy in everyone’s file and you are sorted. Ideally display notices reminding employees of the rules. Simply type in BusinessLink sample email and internet policies. Contact:


How can I create an email usage policy for my business?

Staff need guidance on what is acceptable and what is not. A clear policy will help staff use email effectively and productively. The policy should outline:

  • what should not be circulated on the company email system, including any offensive, indecent or obscene material, or anything likely to cause offence on grounds of sex, sexual orientation, race, disability, age, religion or belief

  • what is inappropriate, discriminatory or libellous

  • rules for sending confidential business information via email – e.g. using encryption software to prevent unauthorised persons accessing it

  • what you consider to be appropriate email etiquette. This includes terms of address and sign-off and being professional at all times

  • how attachments should be handled, such as checking for viruses – maybe set a maximum file size for attachments

  • how much personal email is acceptable

  • how the laws governing data protection, e-commerce and email marketing affect your business

  • guidance on saving, filing and photocopying emails for company records


How can I monitor internet and email usage?

You must inform employees if you intend to monitor their web and email use. There are legal restrictions and it is a complex areas covered by the Data Protection Act, the Human Rights Act and the Regulation of Investigatory Powers Act.

In general you can monitor email and internet traffic, installing software which logs websites visited and emails sent and received together with addresses (but not their contents).

You can inspect the content of individual emails without a worker’s consent for a number of specific business purposes. These include recording transactions or other important business communications, making sure employees are complying with the law and your internal policies, preventing abuse of your telecoms systems and checking emails when staff are on leave.

If you want to monitor communications for other purposes, or are not sure whether you have the right to read an email, you must get permission to do so – from both the sender and recipient. The law in this area can be complex, so tread very carefully.


How should I deal with internet and email policy breaches?

How you deal with employees who break your policy rules can affect working relationships for a long time. You should be flexible, depending on the scale of the offence. Be clear about the sort of penalties or sanctions you wish to impose.

Your internet and email usage policies could include warnings that facilities may be withdrawn at any time due to suspected misuse. Warnings can also state that users might be personally liable to prosecution and open to claims for damages if their actions are found to be in breach of the law.

Employees using the business’ IT systems to store or pass on child pornography, or any other material that could cause offence or injury, can face serious disciplinary action and possible dismissal – whether or not they are prosecuted or convicted.

Popular articles