When FAST Corporate Services, part of the Federation Against Software Theft, surveyed 50 companies recently, it found that 45 per cent of them do not require their temporary staff to sign up to IT policies and procedures.
Failing to do this simple personnel procedure could end up costing those companies dearly.
Another piece of research, conducted by the Chartered Institute of Personnel & Development (CIPD) in June 2004, revealed that 64 per cent of organisations had experienced problems in the past two years with staff misuse of the Internet or email.
In a large number of cases this was merely sending excessive numbers of non-work emails, but occasionally they involved more serious matters such as downloading pornographic material or even using work facilities to commit criminal offences.
Geoff Webster, chief executive officer of FAST, warns that companies could face legal action, under the principle of vicarious liability, if members of staff are found to be engaged in activities such as downloading materials subject to copyright or spreading defamatory remarks.
For serious offences directors could face jail sentences of up to 10 years under the principle of vicarious liability. Webster believes that in a best-case scenario companies will have to make expensive out-of-court settlements.
Webster said: “In order to protect the company and its directors, every employee that has access to company PCs should be made to sign a document outlining policies and procedures like anybody else – it is as simple as that.”
Keith Lewington, a partner at law firm Shoosmiths, however, said it is not that simple. “Companies can get a member of staff to sign these documents, but if the offence is committed while in the course of fulfilling duties for the company then the company will still be liable.”
Stephen Worthington, senior barrister at 12 Kings Bench Walk, agrees: “Companies should not make staff sign these documents believing they are transferring liability; they should make them sign them first in the hope that staff members will take notice of them, and second so they are able to take disciplinary action against any members of staff who ignore those policies and procedures.”
For many companies these reasons are sufficiently compelling that they require permanent staff to sign these documents. The research from FAST shows that just as many HR departments neglect to brief temps on basic company procedures such as health and safety, they are also failing to take this simple precaution on IT procedure.
Ben Willmott, employee relations adviser at the CIPD, said it is essential for companies to treat permanent and temp staff consistently.
“Many temp agencies have their own policies on this, and so companies should look at these before drawing up their own,” he said. “Generally speaking they should spell out what is acceptable use, describe the penalties for unacceptable use, make it clear what the company does to monitor use, and explain why the company is taking this approach,” Willmott said.
For more information, go to: www.cipd.co.uk/subjects/hrpract/general/webepolicy.htm