What Is An Acceptable Use Policy?

An Acceptable Use Policy (AUP) (also known as a Fair Use Policy) is a set of rules applied by the owner, creator or administrator of a network, website, or service that restricts the ways in which the network, website, or service may be used and sets guidelines as to how it should be used.  Similar to a Terms of Use Agreement, AUPs are legal documents that help protect organizations from users taking potential legal actions against them.

Who uses AUPs & Why are they necessary?

Entities that typically utilize AUPs include schools/universities, corporations/businesses, internet service providers, and website owners.  It is commonplace for organizations such as these to require that users sign an AUP prior to being granted access to the network.  With the internet growing in complexity, it is essential to have users sign an AUP so that they are explicitly aware of what they are and are not allowed to do while connected to an organization’s network.

AUP’s can: help to prevent cyber security threats, ensure that users are avoiding illegal activity and help users focus on productivity.

What is covered in an AUP?

Included in a standard AUP are clauses specifying the purpose and scope of the policy, the user’s rights and responsibilities, acceptable uses, prohibited uses, and privacy standards. This will help ensure users are only using internet access for appropriate tasks.  Having a good AUP in place will help bolster your organization’s reputation and productivity all while shielding you from lawsuits brought by users (i.e. an unfair dismissal lawsuit from firing an employee for misuse of the company internet can be avoided with a clearly written AUP). 

Stipulations you may find in an AUP:

• Avoid violating the law while using the service
• Do not attempt to hack the security of the network or users on the network
• Do not attempt to send spam or junk mail
• Do not attempt to crash a website’s server with spam or mass emails
• Report any suspicious behavior you may see on the network

What are the 6 key elements of an AUP?

1. Preamble: Explains why the policy is needed, its goals and the process of developing the policy. 
2. Definition section: Defines key words used in the AUP. Terms such as Internet, computer network, education purpose, and other possibly ambiguous terms need to be defined clearly.
3. Policy statement: Should state what services are covered by the AUP and under what circumstances they may be used. 
4. Acceptable use section: Should clearly outline what is considered acceptable use and provide examples 
5. Unacceptable use section: Should clearly outline what is considered unacceptable use and provide examples
6. Violations/ sanctions section: Should outline how to report violations and whom they should contact regarding  questions about policy application

What to Consider When Creating an AUP

Acceptable Internet Use

Internet use policies can help ensure your employees are staying on task during working hours. The level of access employees have should be determined by their role and job scope. For example, creative teams and marketing teams may need greater access to certain social media websites to look for trends. Some websites that companies tend to restrict are : 

• Social media
• Streaming
• Shopping
• News
• Personal email/communications
• Pornography
• Gambling
• Illegal activity

Cybersecurity

One of the biggest aspects of AUP’s is cybersecurity. It is imperative to clarify at risk behaviors that employees should avoid when using your network. Data breaches cost your business time and money. Common security policies include:

• Keep all passwords private, and change them frequently
• Do not use public Wi-Fi on company devices
• Never open email attachments or links that you are not expecting. When something appears suspicious, contact the IT department
• Sign up for two-factor authentication
• Social media is only allowed for business purposes

Private Information

Confidential information needs to be sent to one another securely. Your AUP should outline how team members can safely send, view, and store company data. Your AUP should also detail how team members should handle any data breaches that may occur.  How should they report an incident, who to report it to, and any other important protocols. 

Guest Users

Most businesses have a separate guest network that is just for guests to use. This network should have less access ensuring guests can not access internal files or internal information. You should also have guest users sign an AUP prior to use. 

Who determines the content of an AUP?

Content of AUP’s are assembled through the collaboration of owners, creators, administrators, human resource executives and lawyers. You may also want to consider getting feedback from both managers and employees at every level. They can assist with items that may have been forgotten or even have better ideas for the AUP. There could also be cases where something in the proposed AUP prevents a team member from doing their job. Transparency and collaboration throughout your business is key. Before introducing your AUP to employees, you’ll want to review it with human resources and your lawyer to prevent  breaking employment or state/federal laws.

If you are an organization in need of an AUP, contact Traverse Legal today so that one of our skilled Attorneys can assist you in drafting an AUP that fits your particular needs.

*Article updated May 2022