Electronic Policy Checklist, Part One

Choose an area of interest:

Member Sign Up
Member Log On
Edit Member Profile
Newsletters
Editorial Inquiries
Privacy Policy
Reader Profile
About Us
Contact Us
Advertise

Newsline
Columnists & Columns
Newsletters

Resources/Tools
Associations, Societies & Firms
Federal and State Link Library
Newsletters & Journals
CPA Exam Study Guides
Glossary of Terms

Search Jobs
Post Resume
Career Resources
Post Jobs/Search Resumes
Professional Designations
Internships
Colleges & Universities

Login to Professional Education Center
Login to FMN Online
Login to CPA Report Online
Login to FMN Self-Study PEC
Login to CPA Report Self-Study PEC
FMN Video Subscriber Center
CPA Report Video Subscriber Center
Accounting & Finance CPE Programs
Corporate Training
Ethics & Compliance
Association Reseller Program
e-Learning Consulting
Engineering Education Programs

Professional Education Center

Choose an area of interest:

Electronic Policy Checklist, Part One
Shaping Employee Policy

April 17, 2000 (SmartPros) Recent upheavals in financial products, technology and distribution channels have unbalanced the way financial services firms do business. The Gramm-Leach-Bliley Financial Services Modernization Act has opened new doors for both competition and alliances among insurers, agents, bankers, financial planners, stock brokerages and mutual funds.

Electronic commerce (both business-to-customer and business-to-business) drives the delivery of information and services in the New Economy. Both financial services professionals and enterprises are scrambling to adjust to operating in new virtual partnerships.

As individual financial professionals increasingly adopt the tools of electronic commerce they will require continuous education in their shared corporate responsibility to avoid dangers in the electronic environment. At the same time, fast-growing companies must shape effective communications policies to prevent loss, and to avoid work duplication, spamming harassment and other invasions of privacy.

We will begin with two employee scenarios from which to explore the complex issues financial services companies face when shaping electronic communications policy:

Emily Employee is in Chicago on a marathon training junket for Our Company, Inc. Between flight delays and extended presentations, she has not been home in four days and she has already put in over 50 hours this trip. Her only opportunity to get back to her mother about imminent wedding plans comes when it is 4 a.m. where Mom is. Emily hesitates to use the company laptop and remote access to send her news and plans. Will someone see her personal messages? Will she be sent a warning or be put on a surveillance list?

Armed with data for her boss on the success of her project, she decides to go ahead and email Mom, with copies to her bridesmaid at Their Co., Inc. in St. Louis, and to her two sisters at their homes. Emily adds an executable. (An executable is a file that ends in ".exe." When opened, it causes the operating system to run the program to which it is attached. Sent as an email attachment, executables can introduce viruses.) Emily's is a little animation of a bride and groom, which she received when she announced her engagement.
Walter Worker is two states from the corporate headquarters of Tellyco, Inc., in a recently acquired rural telephone central office. There are only eight employees. During his night shift, he has plenty of tests to run and telecom switches to attend. But, after 2 a.m., he has difficulty staying awake. He surfs the Internet to revive his mind. He figures there is no harm done if he downloads a few funny hunting stories and a luscious photo or two from his favorite "adult" site. He emails these to Carl Coworker, whom he has known since high school.

By its nature the Internet is an open communications environment where Americans expect to be able to speak freely. But expectations of free speech and right to privacy often are at odds with the business purpose of the employer. Firms lose money and incur damages from practices like Walter's and Emily's, however innocent or harmless their intent. Both Emily and Walter (and even Carl, unintentionally) have put their companies at risk.

The business world has witnessed many electronic privacy and security infringements of late. Some liabilities and damages have been inflicted with malice, but many arise from ignorance or negligence. Firms are compelled to promote employee awareness of their responsibility to support and protect the enterprise in the open communications world of the Internet. Continuously updated written electronic policies will reduce risk and liability. They also serve to educate employees about the unintentional consequences of seemingly innocent habits.

Five Employee Communications Policy Checkpoints
The following checklist may be used as a starting point to establish electronic communication policies in a growing firm or in a new virtual partnership.

1. Information Security And Confidentiality Agreement
New hires usually are expected to sign an agreement. Managers must secure consultants' signatures. Suggested elements:

Equipment is restricted to work-related usage
All information and programs are the property of the firm
Access to data is limited to authorized users
Security processes and technology must not be by-passed
Password usage is limited to those assigned them
If requested, employees must supply their password to their supervisor
Workstations should not be left unattended during a signed-on session
Employees are responsible that data they transfer or download are virus-free
The company reserves the right to review and intercept both business and personal messages sent or received on its system
Company-specific trade secrets, products, processes, or other information not generally known in the industry may not be revealed

Remedies, breaches, and arbitration matters must be addressed by the company legal department. Some employment laws vary by state.

2. Internet Policy

Internet access is provided specifically for business purposes, i.e., education and work-related research
Observe copyright laws when using material from the Internet
Customer and client lists and data on individuals may not be copied or used in any manner not consistent with the business purpose of the firm

3. Email Policies
Email administrators often send a welcoming message to new employees. Typically it includes:

Contact information for the administrator
A description of mailbox limits, message and attachment size limits, time length for backup and storage of sent and deleted items, and a reference to the electronic communications policy.
A caution against sending all-employee email. In firms with more than a dozen people, the practice can spread viruses and overload servers.
A brief introduction to the company intranet, including links to the front page and to the corporate community page, where birthdays and other news from employees may be posted.

Email Management Notes:

The administrator may set up auto-alerts to send employees who are approaching storage limits
The community page usually is monitored (with a light hand) to prevent abuses
It is helpful for network administrators to have a virus alert plan (with template announcements prepared) that includes posting both an internal news story and an all-employee email.
Email announcements to large numbers of employees may be sent from a Communications Department mailbox. Non-emergency notices to all employees may be posted to the front page of the company intranet. Besides new initiatives, Human Resources deadlines, and other company news, virus alerts and disaster recovery notices may be posted to the front page of the company browser.
User ID and Password: For consistency, email administrators create a pattern for selecting letters from the user's name

4. Electronic Policies
The electronic communications policy prohibits:

Sending content that might be considered discriminatory or harassing, obscene, pornographic, indecent, or offensive.
Using email to buy or sell goods intended for personal use
Sending "chain letters" through email (joke-a-day, inspiring stories, pleas for help or money, and poems). It is estimated that 2% of executables contain viruses.
Using email to bet or gamble

Other communication policies may be linked from the Communications Department site. They might include the external financial disclosure policy; directions about press releases and quotes to trade journals and financial reporters; shareholder relations directives; company presentation templates and style sheets; community relations guidelines; approved company fact sheets; and the crisis communications plan.

5. Work Process
The intranet is the backbone of knowledge management and work process. Where inter-departmental operations or e-business work must be performed, basic document formats and project management guidelines should be set.

Practical Applications
Walter Worker loosely represents a real person and situation. One of his emails to Carl Coworker was accidentally forwarded to several members of a task force on which Carl served. He was reprimanded. Walter was dismissed when the network security administrator two states away installed a new tracking system and discovered over 1000 hits to off-limits sites from his workstation.

Today Carl Coworker sends far fewer social emails, but he has begun to do some personal consulting research and proposal writing in between his TellyCo work.

Emily Employee, who is a composite of two high-tech project managers, is still out there. She sends daily stock investment information to her investment group members from work. She frequently mails downloaded prayers, poems or executables among friends, beseeching them to pass the good word along. Her email is backed up and disorganized, in part because she has lost track of which are work-related, and which are pleasantries and networking among co-workers and friends.

Executive management will always struggle for balance when enforcing policies. Hard-working employees must sometimes use the tools at hand for personal communication. Those with good intentions will learn to moderate their activity to reduce risk. To pre-empt those with destructive intent or selfish habits, companies must announce their policies, warn that there is surveillance, and that there are consequences for breaches.

Part Two covers:

Technology policies that support security and privacy in the electronic communication environment.
Management issues in creating and promulgating policies.

Originally published April 17, 2001

		Related Stories

		Arm Your Firm Against Viruses Does Your Boss Track Your Internet Use? Eliminate Spam From Your Workplace


		Related Courses

Would you recommend this article?

5 (yes, highly)
4
3
2
1 (no, not at all)

Comments: