Trying to keep online users in line Every law firm that implements the latest communication technology faces the problem of developing a policy for using it by DANA H. SHULTZ

Recent network upgrades have brought full Internet access to your firm. Clients receive work product via e-mail. Everyone is surfing the Web. Discussions — erudite and otherwise — take place in newsgroups and on list servers.

But you worry whether these on-line activities really are beneficial. A misaddressed list server message reveals that an employee is seeking a job elsewhere. According to rumors, some personnel are spending several hours per week looking at pornographic Web sites. Your secretary is thrilled to use e-mail to communicate with the kids while they are away at school.

You are not alone. Every firm that implements the latest communication technology faces these types of problems. So sooner or later, the firm needs to publish an online use policy.

Policy decisions

While the specific policy decisions vary from firm to firm, here are some of the most frequently addressed issues:

Restricting use to that which furthers the firm’s business purposes.

This is paramount. While the typical firm might not mind minimal personal use, there is understandable fear that such use will expand.

Accordingly, in my experience, firms usually take a hard line with respect to computer use, in general, and use of online services, in particular.

An example: "Firm personnel may use the firm’s computer and data communication resources solely for the furtherance of the firm’s business activities. You should not use these resources for personal matters or for any activities that are adverse to the firm or our clients."

Maintaining the confidentiality of client information.

Legally and ethically, firms and their personnel are obligated to maintain the confidentiality of information provided by and pertaining to clients.

Because the Internet is not an inherently secure transmission medium, users need to take special precautions with respect to client-related information.

Typical steps include encrypting or password-protecting files before they are transmitted. Some firms include an "intended recipient" message, akin to the legend on a fax cover sheet, requesting that the firm be notified when misdirected e-mail is received.

Each matter will have its own confidentiality considerations. The attorney should discuss these with the client to ensure that the appropriate type of security is implemented.

Illegal activities

Prohibiting illegal activities.

During much of its history, the Internet has fostered an anything-goes, Wild West attitude.

While obscenity, harassment and snooping represent only a small portion of Internet activity, they continue to flourish.

All businesses, including law firms, need to make it clear that proscriptions against illegal activity continue to apply even when users are online.

Advising personnel that online activities may be limited or monitored.

Firms have a legitimate interest in making sure their computer systems are used properly.

Software filters to preclude access to inappropriate Web sites are becoming more widely used. Information on which personnel have used which services is readily available to network administrators.

The firm’s policy should state that use is monitored and that there is no expectation of privacy regarding on-line activities.

The foregoing is just a brief overview. There are many topics to be addressed; making the decisions and wording the policies for each topic will be time-consuming.

But you will be better off doing the difficult work up-front rather than waiting for problems to become overwhelming.

Dana H. Shultz is an Oakland-based lawyer, certified management consultant and speaker specializing in office technology and online marketing. He may be reached by e-mail at dhshultz@ds-a.com and on the World Wide Web at http://seamless.com/ds/.