Recap and IM Action Plan

Recap and IM Action Plan

  1. Use your written policies and employee training program to advise employees that instant messages, e-mail, and other paper and electronic business records belong to the organization. IM user IDs and e-mail passwords also are company property.

  2. Require employees to sign and date policies, acknowledging that instant message, e-mail, and other paper and electronic business records are the organization’s property.

  3. Use IM and e-mail policies and education programs to explain that the theft of proprietary or confidential information may result in termination and could be punishable in criminal or civil court.

  4. Use your written IM policy to establish the fact that employees have no reasonable expectation of privacy when it comes to IM.

  5. Advise employees to guard their own privacy (and the privacy of their family and friends) when using IM and e-mail.

Part Three: Establishing an Instant Messaging Policy

Chapter List

Chapter 9: Use Written Rules and Policies to Enforce Your Strategic Instant Messaging Management Plan

Chapter 9: Use Written Rules and Policies to Enforce Your Strategic Instant Messaging Management Plan


Regardless of which approach you take to IM management— banning it entirely, installing one authorized enterprise system, or using gateway technology to support your employees’ personal IM tools—you must establish written rules and policies to enforce your strategic IM management plan.

When it comes to employees’ IM use, there simply is no way to guarantee a completely risk-free workplace. You can, however, limit liability by developing and implementing comprehensive rules and policies that address personal use, content, monitoring, compliance, retention, deletion, and other key issues.

Instant messaging policies may not be required by law, but they certainly can help keep your organization out of legal trouble. To date, employers have spent millions of dollars defending and settling lawsuits related to improper e-mail and Internet use. Instant messaging is certain to make an already litigious business environment even more litigious.

While the laws and regulations governing IM, e-mail, and Internet use continue to evolve, one fact remains clear. Organizations can help insulate themselves from some workplace claims by developing and implementing comprehensive rules and policies governing IM and all other forms of electronic communication.

Let Employees Know How Much Personal IM Use Is Allowed

IM Rule # 19: Use instant messaging policy to provide clear guidelines for employees’ personal use.

Employee use of IM for personal communications raises two significant concerns:

  1. Abusive or otherwise inappropriate language can trigger litigation.

    Scenario: When writing a personal instant message to a buddy, an employee might be tempted to disregard your organization’s IM content and language rules and send a message that contains an off-color joke, racy language, or otherwise inappropriate or offensive content.

    If that personal message were to trigger litigation (a sexual harassment or hostile work environment claim, for example), the organization likely would be held responsible for the violation, not the individual employee. The burden of legal fees and settlement costs, lost productivity, and damaged reputation would be shouldered by the organization, not the employee who wrote the message.

  2. Personal information may be retained, unwittingly, along with business records. The result: Employees are embarrassed, and the organization possibly damaged when a personal instant message is found with business records.

    Scenario: In a personal instant message to a spouse, an employee discusses private or sensitive information about a child’s behavioral problems, the couple’s pending bankruptcy, or a family member’s arrest for driving under the influence of alcohol— confidential information intended for the reader’s eyes only.

    That sort of highly confidential, sensitive information could come back to haunt the sender, the recipient, and the organization were it to be intercepted on the public Internet, or subpoenaed as evidence in a lawsuit or regulatory investigation.