Many organizations employ computer usage guidelines, but it is easy to develop a gap between policy and reality. Support pros are likely to discover user transgressions in the course of their work. Do your techs know the role they should play in enforcing policy?
Every workplace these days should have a portion of their computer usage policy addressing digital media and copyrighted material. Bare minimum, by publishing appropriate guidelines your company protects itself against liability and informs employees of the expected behavior. So, if you don’t have a usage policy in place, you should get one!
Wait! Don’t go off to write that policy just yet. One thing I think that IT pros should think about while writing their policies is how those rules will be enforced. In too many offices, there is a stated policy that does not jibe with reality. Consider how far your organization wants—or needs—to go in enforcing the rules, and make those measures explicit.
My experience with usage policies, especially as they relate to digital media and copyright infringement, is that they are paper tigers. Organizations will make a big show of disallowing things in their policy documents, but many will never actively look for infractions. That is because looking would mean actually having to do something about violations that are certainly present.
I empathize with this situation. As an IT manager, I’ve had to write usage guidelines and policy documents, and as a help desk pro, I’ve found things that probably shouldn’t be on office computers: commercial DVD rips, MP3s of copyrighted songs, dirty pictures. The support techs in the office see exactly what is going on with the computers on the network. They will be the first people to see the evidence of any misuse of your company’s property. When they do see misuse, their expected role in the enforcement process should be crystal clear. If you are going to go to the trouble of writing usage policies, make them explicit for your users and your techs. Don’t put your support staff in the awkward position of deciding whether someone’s ripped CD should be considered a “fair use” of copyrighted material. Your policies should leave no doubt for your techs or your employees what the response will be to any situations covered by the policy.
I think most IT policies are written in hopes that they never have to be tested. I know I used to think that as long as I didn’t see anything wrong there wasn’t a problem. That never lasts. Sooner or later somebody will always see something wrong. Good policy documents will provide guidance for everyone involved on how the problem will be resolved.
I am not a lawyer, and nothing I say should be taken as legal advice. If you are also not a lawyer, you might want to talk about your usage policies with appropriate legal counsel.