Skip to main content
mdi-home Sign in mdi-email My Business logo mdi-home Workplace mdi-email {{getFirstName()}} ({{companyName}}) mdi-briefcase-check-outline My Documents mdi-file-sign Template Library mdi-store Company Profile {{getFirstName()}} ({{companyName}}) mdi-account-outline Profile mdi-briefcase-check-outline Documents mdi-logout Sign out Sign in

Internet, Email and Computer Use Policy

Version 1.0 Updated 19 Mar 2018
Policy Manage

This Internet, Email and Computer Use Policy can be used by all employers. However part of the policy is specific to NSW only (see further comments below).


This commentary will help create the document, but it is not a replacement for specific advice taking into account the business’ circumstances.

A range of issues arise as a result of the increased use of the internet, email, and computers as a tool for business. A comprehensive policy dealing with internet, email, and computer use provides guidelines to employees and contractors on acceptable use and helps employers to be compliant with privacy or workplace surveillance laws that might apply.

This Policy sets out in detail the businesses’ approach to the use of internet, email, and computer facilities in the workplace, and acceptable conduct on external blogs and sites.

This Policy also allows subscribers to include provisions relating to monitoring (surveillance) of the use of the businesses’ internet, email, and computer facilities.

Please review each aspect of the Policy to ensure it properly represents the businesses’ intended approach.


The Policy applies to all users of the businesses’ IT systems ('users').

Provision of facilities

The Policy provides that internet, email, and computers are to be used for legitimate business purposes and ‘reasonable personal use’.

The Policy also incorporates use of a personal home computer or personal electronic devices such as iPads, Tablets, Blackberrys, Palm Pilots, PDAs, other handheld electronic devices, smart phones and similar products that are used to access the businesses’ IT systems, such as email.

Guidelines for use

This section provides an outline to users regarding the businesses’ expectations in relation to internet, email, and computer use, including protection and use of password and login information.

Businesses which allow employee’s access to their computer may want to require employees use passwords and report lost devices such as iPads or Blackberries if confidential or sensitive information is available on the personal device. This will assist to avoid breaches of confidentiality, unauthorised disclosure of confidential information and use of personal information.

This section also sets out the conduct expected of a user in the event that a user receives an email message which is in breach of the Policy — for example, an email with a pornographic picture attachment.

Prohibited conduct

The Policy is explicit in relation to the activities which are forbidden.

Blocking email or internet access

This section is included to ensure the policy complies with the requirements of the Workplace Surveillance Act 2005 (NSW) in relation to notifying employees if the employee intends to block employees' email or internet access (there are additional obligations in the NSW Act which are covered below). Although the NSW Act only applies in NSW, the business may wish to have a policy which applies nationally. This section should only be deleted if the business does not have operations in NSW.

The Policy reflects an employer’s right under the NSW Act to block an email or an internet website if the content of the email or the website is considered to be offensive, illegal, or defamatory.

Access and Storage

The Policy clearly sets out what information is logged and who in the business has rights to access the logs and content of employee email and browsing activity. It also sets out in what circumstances IT staff can legitimately access employee emails and browsing logs.


This clause provides that monitoring of user access is covered by this policy. The clause also clearly states that all use (including personal) of company equipment is monitored and that employees should not expect privacy.

Caution: Employers located outside New South Wales should check for any relevant legislative requirements for workplace surveillance in the State or Territory in which they operate. It may be necessary for these employers to amend the Policy so it complies with the requirements under any other relevant legislation. We advise that any proposed amendments are reiewed by a lawyer.

Breach of the Policy

This clause describes the businesses’ entitlement to take a range of disciplinary actions (including immediate termination of employment) in the event that a user breaches the Policy. Obviously, termination of employment is subject to a number of laws and specific legal advice should be obtained prior to any termination.

The clause also indicates that if an independent contractor to the business has breached the Policy, they may have their contract with the business terminated. Ensure that your contractual arrangements with independent contractors permit termination of the contract in circumstances where there has been a breach of the businesses’ policies. Again, the business should obtain legal advice prior to terminating an independent contractor arrangement on this (or any other) basis.
Blogging facility

This clause outlines employees’ obligations to the business when contributing to blogs and websites.

Implementing the Policy

Once the Policy has been finalised, it should be properly implemented to ensure it operates effectively, and to maximise the ability of the business to enforce the Policy. This includes distributing the Policy, conducting initial training sessions to educate users, continuing to inform users about the policy (for example, by use of automatically generated on-screen reminders which 'pop-up' periodically on a user's computer screen), and enforcing the Policy consistently and fairly. New employees should be informed about the Policy and trained in its requirements, preferably prior to commencing employment.

Surveillance of systems

Employers should be aware that the NSW Act prescribes that certain notification requirements must be met before any surveillance of computer systems can be conducted by an employer. A brief description of those requirements is outlined below. Legal advice should be sought in the event of any uncertainty.

Covert and overt surveillance

The NSW Act regulates both covert and overt surveillance. An employer can only implement covert surveillance in the workplace if a court grants the employer a covert surveillance authority.

The Policy only deals with overt workplace surveillance. Legal advice should be obtained prior to the business conducting any proposed covert surveillance.

Notification requirements

  • The NSW Act requires an employer to comply with the following notice requirements before commencing overt workplace surveillance:
  • The affected employee(s) must be notified in writing at least 14 days before the surveillance commences. However, the employee(s) may agree to a lesser period of notice.
  • The notice must indicate:

    • the kind of surveillance to be carried out (ie computer);
    • how the surveillance will be carried out;
    • when the surveillance will start;
    • whether the surveillance will be continuous or intermittent; and
    • whether the surveillance will be for a specified limited period or ongoing.


If an employer has already commenced surveillance of employees at work, or is due to commence surveillance less than 14 days after a new employee is due to commence work, the employer need only provide the new employee with the requisite written notice, before the employee starts work with the employer.

There are additional requirements for computer surveillance under the NSW Act. Computer surveillance of employee(s) must not be carried out unless:

  • the surveillance is carried out in accordance with a policy of the employer on computer surveillance of employees at work; and
  • users have been notified in advance of that policy, in such a way that it is reasonable to assume that they are aware of and understand the Policy.
mdi-file-find-outline Preview sample mdi-plus-circle-outline Create Document