E-mail and internet usage

Aims of the policy

The principal aim of the policy is to ensure that employees are aware of the employer’s rules governing the use of e-mail and the internet at work.

Who is it for?

The policy is usually aimed at employees, although it can be extended to cover contractors, agency workers and other individuals who have access to its e-mail and internet systems to ensure they are also aware of their rights and obligations when using the system.

Essential elements

The policy should:


  1. Inform employees of when, how and for what purposes they are allowed to use the employer’s e-mail system. For example, are employees only allowed to use it for business purposes or is reasonable personal use also allowed? If the e-mail system is stated to be for business purposes only, then employers should ensure that this happens in practice. If they do not do this, and subsequently seek to dismiss an employee for personal use of the system, any such dismissal is likely to be unfair.
    If rumours of a Treasury proposal to treat personal use of e-mail/internet access as a taxable benefit are to be believed, this will become increasingly important. See comments below regarding restrictions on monitoring.
  2. Make it clear that sending offensive, defamatory, discriminatory or otherwise inappropriate e-mails will not be tolerated. The policy should make it clear that such behaviour would amount to misconduct and may result in dismissal.
  3. Ensure that employees are aware of the problems that may arise if they misuse the e-mail system. They should be informed that the laws governing disclosure, defamation, breach of copyright, licensing restrictions etc apply as much to e-mails as to other written communications.
  4. Ensure that employees are aware of the extent to which e-mails should be in a certain format, for example, with a disclaimer statement and with certain employer information included.
  5. Remind staff that the e-mail is not a substitute for conversation and that it may create disclosable documents in any litigation.


  1. Ensure employees are aware of who can use the internet and when, how and for what purposes. The policy should make it clear whether employees are allowed to use the internet for personal and business use or just for business use.
  2. Set out any restrictions on accessing particular sites – the policy may provide, for example, that employees should only download files to their PCs if they have virus-checking software installed. While the internet gives employees access to a vast amount of information they need to be aware of the risks involved in downloading and using such information.
    Make it clear that downloading or forwarding offensive, obscene or indecent material from the internet is forbidden and that a breach of the policy will result in disciplinary action, potentially including dismissal.
  3. Set out any restrictions on the time that can be spent using the internet. For example, if employees are only allowed to use the internet for personal use during lunch hours or before or after work this should be made clear.


Ensure that employees are aware of the extent to which their employer will be monitoring their use of the internet and e-mail system. An employer must properly consider the impact of the Data Protection Act 1998 and the Regulation of Investigatory Powers Act 2002 before undertaking any form of monitoring. The Information Commissioner recommends that employers carry out an impact assessment to help them establish whether their internet and e-mail monitoring complies with the Data Protection Act 1998.


  1. Set out clearly any rules governing the use and disclosure of passwords, accessing the system from home etc. Employees should be told that they are responsible for the security of their computer and that they should not allow it to be used by an unauthorised person.
  2. Ensure that employees are aware of the problems that may arise if they misuse the e-mail or internet system.

An employer should cross-reference this policy with other relevant policies such as the equal opportunities policy, the disciplinary and grievance policy, and any data protection policy to ensure that a consistent approach is taken throughout.

An employer should consider whether the policy will be contractual or non-contractual. An e-mail and internet policy will normally be non-contractual, as this increases the amount of flexibility the employer has to make changes to it in line with law or good practice.

Key legislation

Data Protection Act 1998

Regulation of Investigatory Powers Act 2000

Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

Human Rights Act 1998

Useful links

The Information Commissioner’s Office

This guide is for general guidance only and should not be relied upon without advice on your specific circumstances.

Comments are closed.