Unless above-normal security is required, Bill Detwiler has always been a fan of "reasonable" personal use clauses in acceptable computer/internet/network use policies. And, if your organization doesn't already have such a clause, it should.
Unless above-normal security is required, I've always been a fan of "reasonable" personal use clauses in acceptable computer/internet/network use policies. And, if your organization doesn't already have such a clause, it should.
Work environments are constantly changing, and we're entering a time when the line between personal and work time is blurred. The days of working a straight 8-hour shift and coming home to forget about the "office" are gone, or soon will be. Work will permeate our lives, but so will our personal activities. (I would argue that for a vast majority of individuals--teachers, doctors, small business owners, etc.--this stereotypical work environment never really existed, but I digress.)
Organizations are already adapting their environments to suit the millennials, or Generation Y, who are entering the workforce. In his 7-part series, Managing Millennials: A BNET Survival Guide, Andrew Tilin explains how this generation is accustomed to working away from a desk or office and using flexible schedules. Millennials will have no qualms about answering work e-mail outside of traditional business hours, but they will expect their employer to reciprocate by allowing them to update their Facebook page while in the office. Organizations who fail to adapt their policies will have a harder time recruiting and keeping the best and brightest employees.
Personal communication through the corporate computer network should be allowed, but carefully managed. IT departments must work closely with HR and management to establish, disseminate, and enforce practical policies.
For example, an acceptable use policy might contain language similar to the following:
ABC Company's systems must generally be used only for business activities. Incidental personal use is permissible so long as:
(a) It does not consume more than a trivial amount of resources.
(b) It does not interfere with staff productivity.
(c) It does not preempt any business activity.
Use of ABC Company's systems for malicious or illegal purposes or commercial activities outside the business objectives of ABC Company is strictly prohibited.
In the end, each organization should develop common-sense policies that fit their needs. And, I wouldn't expect a small architectural firm to have the exact same acceptable use policy as a large hospital chain. To complicate matters, multinational organizations must often create policies that are appropriate for each country in which they operate. Yet, there's almost always a way to work a personal use clause into any policy.
For more help creating policies for management, training, personnel, support, privacy, Internet/e-mail usage, security, or inventory, download our IT Professional's Guide to Policies and Procedures.