UK workplaces skimp on AUPs, but what about personal responsibility?

New research from Chronicle Solutions shows that many UK companies aren’t doing enough to protect themselves and their employees from ‘abnormal Internet practises’ in the workplace.

Key findings found:

30% of respondents said that they had no Acceptable Use Policy (AUP) at work
Of those who did, 94% hadn’t read it recently.
42% said they hadn’t read it in the last year, and 33% couldn’t recall when they’d last seen it.
Blogging was not listed as an Internet activity covered or banned by the AUP amongst anyone surveyed.

David Lacey, Internet Security Consultant, said,

“These findings are a matter of serious concern. Corporate reputations can be damaged by errant bloggers, fraud can be perpetrated via email, proprietary information can be leaked or sold for profit, private employee data can be shared, sexual harassment can be perpetrated, all on workplace PCs. Instant messaging and Web mail in particular are two of the most persistent vectors of information leakage, yet even those look to be absent from most AUPs.”

I’m not at all surprised. Even large companies with a ‘switched on’ IT department often don’t seem to keep up-to-date with the latest technologies and what impact they have on the workplace.

Having said that, I wonder what happened to an employee’s personal responsibility, duty to their employer, and adhering to the spirit of the law?

Should a company’s Acceptable Use Policy or Internet Access Policy explicitly ban or limit blogging?

At the last company I worked for, no mention was made of blogging in the AUP, but there was plenty of mention of:

Food Blogger Takes on the Ultimate Burger Challenge: 100 Meat Patties

not abusing company resources,
not sharing privileged or sensitive information,
and not excessively accessing the Internet for non-work purposes during the working day.

Surely the spirit of that implies that personal blogging should not be occurring at work, or should be limited to personal breaks.

If a company doesn’t have a basic AUP for Internet use, there’s a problem, but I don’t think they should have to spell out every single Internet activity that’s deemed (un)acceptable.

As an employee, you have a responsibility to give the best of your time, energy, and resources to your employer for the hours and times that you are contracted to work for them.

If some of those involved in recent high-profile sackings had paid a little more attention to the spirit of their employer’s AUPs, they may well have avoided the chop.

Andy Merrett

Andy Merrett is a London-based full-time blogger writing for several Shiny Media technology blogs and various other projects. Find him on Facebook and Twitter.

View Comments (3)

David Lacey says:

April 21, 2007 at 4:33 am

We have even further problems ahead as the traditional boundary between business and personal lifestyles continues to dissolve. Acceptable-use policies aim to be specific to ensure they be enforced in industral relations tribunals. This will be hard to sustain in a world of proliferating communications channels. On top of this we now have questions about how to extend these policies into virtual worlds such as Second Life. See my recent blog posting on the future of AUPs for more on these issues.
http://www.computerweekly.com/blogs/david_lacey/2007/04/the-future-of-acceptable-use-p-1.html