There was a time when you had to plead with some of your staff to venture forth into cyberspace. These days, though, your concern is probably not getting them on the Internet -- it's about what they do once they get there. While without question the Computer Age has been a boon for business, it has also spawned novel legal and management issues.

Employers worry about productivity problems like employees spending valuable work time downloading the Starr Report, or checking the latest sports scores and watching the wild gyrations of the stock market. But the bigger dangers are legal ones: You can be held accountable for your employees' actions online.

Despite that fact, employers often don't want to play cybercop. In fact, 70 percent of organizations polled in 1997 had no written policy addressing Internet use, and about half had no policy for e-mail use, according to a survey by the Society for Human Resource Management in Alexandria, Va. A surprising finding, given that 22 percent of respondents also had received employee complaints about inappropriate e-mail, including unsuitable jokes, pictures, chain letters and cartoons. Employers may be wising up, though. In a 1998 survey by SurfWatch, a Los Altos, Calif.-based Net-filtering software company, 50 percent of Fortune 1000 chief information officers and MIS managers said they have an Internet-use policy. But resistance remains.

One company owner that is passing - at least for now - on an online policy is Kimm Ebersole, president of Medisys, a Wayne, Pa., company that provides supplemental staffing to hospitals and HMOs. "There's no need for a formal policy. We're a small office. I'm here, as are other supervisors. I trust my employees," says Ebersole, who also co-owns Medisys QI, a healthcare consulting company. "Between the two companies, we have around 40 in-house staff, but the majority of them are out in the field. I can see everyone's screens. As we get larger, I'll consider a policy, but I don't see the need for one now."

Michael Overly, an attorney specializing in multimedia and online law with Foley & Lardner in Los Angeles, firmly disagrees with the hands-off approach some companies are taking toward online behavior monitoring. "If you have more than one employee, you have to have a policy," Overly warns.

How Employers Can Get Into Trouble

It's a matter of sound management. Employers have found out just how haunting e-mail can be. One of the big problems is that e-mail tends to stick around forever. Often, e-mail that is supposedly erased or deleted isn't necessarily gone -- which poses problems. Damaging information is retrievable. In fact, employee e-mail has increasingly been used in sexual harassment and other litigation. You only have to comb the press reports over the last couple of years to find accounts of high profile employers' nightmares. Salomon Smith Barney had to fire two executives for electronically transmitting pornography. Citicorp and Morgan Stanley also found themselves in legal jeopardy over racist jokes that originated on the Internet and were circulated through the companies' internal e-mail systems. R.R. Donnelley & Sons encountered difficulty over discriminatory e-mail. Oil giant Chevron was sued by a group of female employees when offensive messages -- such as "25 reasons beer is better than women" -- were transmitted on its internal e-mail system. With no formal, written policies to protect itself, Chevron had to ante up $2.2 million in damages.

Then there are copyright issues. Employees should be careful about reproducing documents retrieved from the Internet. Incorporating copyrighted material into e-mail without authorization is a violation of the federal Copyright Act. Secondly, the e-mail itself is subject to a copyright. Copyrighting or forwarding a message may constitute infringement, says Overly. And just about everything is protected by copyright: text, sound, pictures, software programs, cartoons, jokes and movies stored in electronic form. Because the Internet is not heavily regulated, however, copyright infringement is common. How, you might ask, would anyone know where material came from, whether the material is in the public domain, or who owns the rights to it? Even if a Web site operator claims that your company has permission to copy something, urge employees to get it in writing.

"Copyright infringement is a strict liability offense. Even if you have the best of intentions and believe that the author of a particular work has specifically granted permission to copy the work, you may still be held liable for copyright infringement if it turns out that the alleged author is not the true copyright owner," adds Overly. And while lots of legitimate freebie software is downloadable, grabbing pirated software is a computer crime.

Be wary, too, of chat rooms. If your employees get carried away in these seemingly harmless areas of the Net, you could be held liable if they remark, when answering a customer query for example, that a competitor has a bad reputation or is linked to a scam. "If an employee solicits children in a chat room, that could also come back to hurt your company," points out Joni Daniels, principal of Daniels & Associates, a management development and training company located in the Philadelphia metropolitan area.

Yet another concern is confidentiality. Many a disgruntled employee has forwarded trade secrets and other critical "inside information," via the Internet.

Employers Grapple With Implementing Policies

Figuring out what kind of policies are appropriate is a delicate issue for some employers. "Most firms are still grappling with the details of what their policies should be. The issue is causing a lot of animosity and unease among employers and employees. It's a matter of trust, too," says Joe Cox, a professor of management at Baylor University in Waco, Texas.

As liberal as Gary Baker is, he's had to put an e-policy in place. Baker, president of 18-employee Online Technologies, an Ann Arbor, Mich., firm that specializes in developing and hosting business Web sites, advises clients to put into writing policies about employee Net use. He took his own advice.

"It was a tough decision because our people are Net enthusiasts. We're on the Net all day," Baker says. However, Online Technologies states in its employee manual that during work hours, personal e-mail should be kept to a minimum and that the company has the right to monitor e-mail. Secondly, any material that could be offensive to co-workers should never be accessed and never appear on an employee's computer screen.

"We don't go overboard, though. We could very easily patrol our people. After work, anyone can play Quake, a well-known interactive game that techies love," he says.

And Baker admits that despite lax enforcement, the policy still works. "We've never monitored anyone, and we've never had any problems."

Similarly, even though only 25 to 30 of Howard Harris' 135 employees have access to the Net, he has a policy of sorts. "We restrict Internet access to people like account executives and database marketing managers," says Harris, president of the Eagle Printing Company in Denver. In 1998, Harris also installed a firewall that restricts access to sites that feature gambling and pornography, for example. "The firewall acts as a barrier between us and the Net, filtering incoming and outgoing material. It's a protective business measure."

Protect Your Company

First off, if you're considering instituting an online monitoring policy, get over your guilt about having to don your sheriff's badge. Because the Net is much like the "Wild, Wild West," a little policing is perfectly in order. And don't fret about your employees' reactions; your primary goal, after all, is to protect your company's assets and resources.

You can begin by informing your staff that you reserve the right to monitor e-mail and Internet use. In his book "How to Develop an Employee Handbook" (AMACON), Joseph W.R. Lawson, II, advises employers to be specific in stating their policies: "No e-mail that constitutes intimidating, hostile or offensive material on the basis of sex, race, color, religion, national origin, sexual orientation or disability should be created, sent or received." Remind your employees that the Internet and e-mail aren't open forums. Often, people loosen up a bit too much and talk in a way they never would in a written memo. Remind them that rules of business etiquette apply to the Net. Also make it clear that the company's resources are for business purposes only.

Letting your employees know what you're up to is crucial and could keep you out of court. Put your policy in writing, distribute it, and ask employees to sign a consent decree once they've seen it. "Consent may provide a defense to a violation claim. The core issue is whether there is the expectation of privacy. When an employer has communicated to employees what they can expect and then monitoring takes place, you'll have a defense," says Stephen L. Sheinfeld, chair of the labor and employment department at the New York-based law firm of Whitman Breed Abbott & Morgan.

However, adds Overly, merely having employees sign the policy and placing a copy in the files is not enough. "The policy should be re-circulated periodically to employees and regularly revised to reflect changes in the law," he adds. Some businesses have employees sign their policies every quarter, and others have their policies automatically appear online, occasionally, as part of the log-on process to their computer networks. Consider, too, sponsoring seminars or training sessions for your employees to address proper usage of your company's computer and e-mail systems.

Next, know that the law is likely on your side. Though employees may claim that monitoring their online behavior is an invasion of their common-law right of privacy, that you violated the state privacy laws, the Fourth Amendment's protections against unreasonable searches and seizures, or even the Electronic Communications Privacy Act of 1986, Overly says, "Courts understand and acknowledge that employers have the right to review anything created and or stored on their system." However, "The courts suggest that companies have a responsibility to watch and control the content of material on corporate networks. They expect companies to be proactive in enforcing their policies," warns Victor Woodward, vice president of operations at Content Technologies a software company in Kirkland, Wash., which has been tracking court rulings on the subject.

Privacy is a thorny issue and state laws vary, however, so it's wise to brush up on your state's regulations.

These days, there's much sophisticated software on the market to help you monitor your employees in a number or ways. For example, Content Technologies' Minesweeper, which sells for $2,628 and up, can look at incoming and outgoing e-mail, open up messages and attachments, and verify that the contents are appropriate. If it's not, the message is quarantined, and an appointed individual in the organization notified. Another popular program is the Kansmen Corporation's LittleBrother that goes for $300 and up, which allows system administrators to analyze Internet and network usage, limit unproductive activity, and block Net sites not related to work. The program allows you to measure how network, Internet and intranet resources are used; identify who is using the Net, where they are going and how long they stay; identify who is downloading material not related to work, as well as who is playing network games or using chat rooms.

Enforce the Rules

A policy with no teeth won't protect you much. Exercise the rights reserved or claimed under the policy. Failure to do so could result in a waiver of your company's rights. Be careful, though, that you don't go too far in flexing your muscle. You don't want to exercise rights greater than those claimed under the policy, so be sure to stay within your policy's limits. Consider posting a list by department of all sites that employees have been visiting and "investigate reports of inordinate amounts of time being spent e-mailing or surfing the Net," advises Overly.

Remember that consistency counts. Enforcement rules should apply to everyone, and policies that aren't applied across the board may be viewed as discriminatory, says Lewis Maltby, director of the American Civil Liberties Union National Task Force on Civil Liberties in the Workplace in Princeton, N.J.

Finally, don't be afraid to take action. If you investigate an allegation of abuse and find someone is wasting time on the Internet or abusing the policy, a firm warning is in order. If someone is downloading hate mail or offensive jokes, there must be consequences. Only you can decide what will be tolerated and what will not. Ensure repeat offenders that they will be terminated. After all, you don't want to think about what you could have -- or should have -- done if you wind up in court as a result of employees abusing their online usage rights.

Copyright © 2000 by Virtual Advisor, Inc. All rights reserved.