Help In Developing Internet, E-Mail And Social Media Use Policies

/, Managing Your Practice/Help In Developing Internet, E-Mail And Social Media Use Policies

Help In Developing Internet, E-Mail And Social Media Use Policies

Let’s start with a reminder. The people who use your firm’s computers, which includes portable devices such as smart phones or computer tablets, represent a significant risk not only from things like their falling prey to a phishing scam but also intentional misuse. One effective risk management tool that can help address this concern is a well-written online activity policy that is coupled with education and enforcement.

The establishment of rules regarding personal use that address such issues as personal browsing on the Internet, the use of peer-to-peer file sharing networks, personal email accounts, file downloads, and use of social media are of particular importance. Detail ownership and privacy ramifications so that everyone in the firm is aware that they should have no expectation of privacy while using the firm network or any firm provided portable device. You might also consider developing sexual harassment and discrimination policies so that everyone is aware that these rules are in play while online. Underscore the necessity of maintaining a high level of professionalism perhaps by defining inappropriate behaviors via content rules.

Said policies should be set forth in writing and coupled with signed acknowledgement by everyone who will have access to the computer system to include all attorneys at the firm. The policy should include a statement along the lines of failure to comply with the policy will result in discipline that could include termination.

There are a number of resources available that can assist you in developing an online activity policy. The SANS Security Policy Project posts a number of policy templates online that address a variety of important security concerns, many of which you may not have even thought about. These resource materials are available to the public without cost. Topics addressed include an Acceptable Use Policy, a Dial-in Access Policy, an E-mail Policy, a Password Protection Policy, a Remote Access Policy, and a Wireless Communication Policy among many others. The SANS (SysAdmin, Audit, Network, Security) Institute is a cooperative research and education organization established in 1989. Over the years, the institute’s programs have reached over 165,000 security professionals worldwide.

A second resource worth reviewing is an article written by Michael Downey, an attorney with Hinshaw & Culbertson LLP, entitled “Law Firm Online Activity Policy.”

Finally, for a long list of social media policies that a variety of businesses already have in place you can check out this one for Compliance Building’s Social Media Policies or Social Media Governance’s Social Media Policy Database. I strongly recommend taking a look at all of these excellent resources before taking on the task of developing your own policies. While no online activity policy can ensure a 100% risk free environment, a well-drafted and enforced one can certainly go a long way.


Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 400 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.