In many ways the proliferation of technology has changed the landscape of the workplace. One of the most dramatic is in the rise of employees' use of e-mail, voice mail and the Internet. Not so long ago, access to the Internet within many organisations was limited to a few people in the IT or marketing groups. Today, with a PC on every desk and the rise of Web 2.0 – blogging, social networks, video etc many employees find themselves with access to the Internet and email but with little understanding of the potential problems of using this facility in an inappropriate way.
Employers are responsible for their employees' activities when using the Internet. If software used in an organisation is obtained illegally, the employer is liable even if it was obtained without his or her knowledge or permission. In a similar way, information on a company's website or in its email systems can give rise to legal action against the company, whether or not such emails were sent outside of the company. Employers are responsible if employees send email messages which are defamatory or which breach confidentiality or contract. Any such messages will be disclosable for the purposes of legal action. There are many examples of such situations. A case in point is the circulation of damaging and untrue emails on Norwich Union’s internal mail systems about a competitor. Following an investigation, they had to pay £450,000 in damages and costs to their competitor.
To reduce liability, employers must be able to prove that they have a policy in place to prevent unauthorised and illegal actions, that employees have been made aware of the policy and that appropriate steps are taken to enforce this policy.
The purpose of implementing an acceptable use policy is to ensure that employees understand the way in which such resources should be used in the workplace. Such a policy also enables both employer and employee to get maximum value from email and the Internet in conducting the organisations business, alerts them to the risks to the organisation if such technology is misused and details the consequences of such a transgression.
All this would seem to be quite straight forward and it makes sense to ensure that email systems are not abused to protect the organisation. So it seems quite incredible that a Government that introduced so much legislation around Data Protection, Regulation of Investigatory Powers (RIPA) and Privacy and Electronic Communications Regulations (PECR) should leave itself open by allowing its systems to be used for send defamatory material. It does not matter one bit that the emails were not sent into the public domain. The fact that they were created at all and then sent in electronic form means that the crime had been committed.
Unfortunately, the Prime Minister cannot just shrug this off as the act of a rogue individual. Gordon Brown may not have been aware of the precise content of the e-mails sent by Damian McBride, his own and probably closest special advisor but, IMHO, he was more than aware of Mr McBride’s modus operandi and must have known about, and approved of McBride's "style".
No 10 is responsible for the emails that were sent and it remains to be seen if indeed proper acceptable usage policies were in place.
Any feedback and comments are always welcome!!