Have You Reviewed Your Policies Lately?


We've heard it so much in the corporate world, it almost goes without saying: The first step in protecting company information and reputation is thorough communications, e-mail and Web use policies.


First, employees were to use work e-mail and surf the Web on company computers for work purposes only. As more and more employees began working off site, that had to be addressed, as did blogging, both personal or corporate. Then, smartphones and other mobile devices, as well as the wide availability of high-speed Internet access, enabled work any time, from anywhere. Policies had to be revised to address information coming into and going out of the company network on thumb drives and laptops and such.


Tuesday, I had an opportunity to speak with Chris Schaeper, a partner in Thompson & Knight's Houston office, and he stressed that new technology brings new risks that such policies can't ignore. And since new tech emerges every few years, acceptable Web use policies have to be fluid and easily adjustable.


For instance, social media platforms like Facebook and Twitter introduce completely new twists on protecting company information and reputations. Schaper explains:

It's not something the company can control. Not even the employee may be able to control it. They may post something they shouldn't and then they want to go take it down. Even if they do, someone else may have already used it and now it's off into the whole universe.


But more than the nature of the new technology, the problem lies with the employee mindset, Schaeper says. When employees are in their corporate environments, they are more conscious of the fact that what they are writing or saying is covered by company policies. When they are posting to Facebook or other similar sites, whether they are a CEO or a part-time intern, they may not think about the fact that what they say could be covered by company policy.


The trick according to Schaeper, is not only to revise your policies, but then implement them and explain to employees exactly how, where and to what they apply. He says:

It's explaining to people that the policies apply to any type of communication... [W]hen they're taken out of the corporate setting, such as on a social networking site, they're not always thinking the same way. We've got to remind them that no, these principles still apply.