ɫ

Book a demo

Email And Internet Usage Policy Template for England and Wales

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Email And Internet Usage Policy?

An email and internet usage policy sets out the rules governing employees' use of company communication systems in England and Wales. It must comply with UK GDPR, the Regulation of Investigatory Powers Act 2000, and the Employment Rights Act 1996, covering monitoring rights, permitted personal use, security obligations, and the disciplinary consequences of misuse.

Frequently Asked Questions

What must an email and internet usage policy cover for UK employers?

It should address permitted and prohibited uses of company email and internet, monitoring practices and their legal basis, data retention periods, security obligations such as password management and avoiding phishing links, social media use on company systems, and the disciplinary consequences of misuse.

Can an employer in England and Wales monitor employees' emails?

Employers may monitor work email accounts where they have a legitimate purpose, provide clear prior notice to employees (typically through this policy), and ensure the monitoring is proportionate. Under UK GDPR and RIPA, covert or disproportionate monitoring of employee communications is unlawful.

Does the policy need to mention the legal basis for monitoring under UK GDPR?

Yes. The policy should state the lawful basis for any monitoring (usually legitimate interests) and explain what data is collected, how long it is retained, and how employees can exercise their rights. The Information Commissioner's Office guidance on employee monitoring is the key reference for employers in England and Wales.

What personal use of company email and internet should the policy address?

Many employers permit limited personal use, provided it does not affect productivity, consume excessive network resources, or create legal risks. The policy should specify whether personal use is permitted, any restrictions (for example no personal shopping or streaming on the corporate network), and that personal use may be reviewed in an investigation.

How should the policy deal with social media use during working hours?

The policy should specify whether accessing personal social media accounts during working hours on company systems is permitted, what content employees may not post that could affect the employer's reputation, and whether employees should identify themselves as employees when commenting on topics related to the business.

What security obligations should employees agree to in the policy?

Employees should agree not to open suspicious attachments or click unverified links, to use strong passwords and not share them, to report suspected security incidents promptly, not to transfer company data to personal email or cloud storage, and to use only approved software and applications on company systems.

What are the disciplinary consequences for breaching an email and internet usage policy?

Depending on the severity of the breach, consequences can range from a verbal warning to dismissal. Gross misuse, such as accessing or sharing illegal material, constitutes gross misconduct and may justify summary dismissal. Any disciplinary process must follow the employer's procedures to avoid successful unfair dismissal claims under the Employment Rights Act 1996.

Must employees sign the policy?

Employees should sign an acknowledgement confirming they have read and understood the policy, and this signature should be retained. Alternatively, the policy can be incorporated by reference into the employment contract. Confirmation of understanding is important evidentially if a disciplinary matter arises and the employee claims they were unaware of the restrictions.

Reviewed by

Legal Engineer, GenieAI

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

Reviewed by

Legal Engineer, GenieAI

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

Jurisdiction

England and Wales

Reviewed by

&

Publisher

GenieAI

Category

Acceptable Use Policy

Sector

Business

Cost

Free to use

Last updated

About the Email And Internet Usage Policy

An Email and Internet Usage Policy is a critical workplace document that establishes clear boundaries and expectations for employee use of company digital resources. Under United States law, this policy serves as both a protective measure for employers and a transparency tool for employees, ensuring everyone understands their rights and responsibilities regarding electronic communications and internet access.

When do you need this document?

You need an Email and Internet Usage Policy whenever employees have access to company email systems, internet connections, or digital devices. This includes businesses with remote workers, contractors using company networks, and organizations handling sensitive client information. The policy becomes essential when implementing new technology systems, onboarding employees, or updating cybersecurity protocols. Many employers also require this policy to comply with industry regulations, protect intellectual property, and establish grounds for disciplinary action when digital resources are misused.

Key legal considerations

Your policy must carefully balance employer monitoring rights with employee privacy expectations under federal law. The Electronic Communications Privacy Act (ECPA) requires clear disclosure of any email or internet monitoring practices, while the Stored Communications Act protects certain electronic communications from unauthorized access. You should include specific language about acceptable personal use, password requirements, and social media guidelines. The policy must also address data retention, software installation restrictions, and procedures for reporting security incidents. Consider including clauses about remote work arrangements, bring-your-own-device policies, and consequences for policy violations to ensure comprehensive coverage.

Legal requirements in United States

Under United States federal law, your Email and Internet Usage Policy must comply with the Electronic Communications Privacy Act, which governs workplace electronic communications monitoring. The policy should clearly state that employees have no expectation of privacy when using company systems, provided this notice is conspicuous and acknowledged. The Computer Fraud and Abuse Act requires policies to define unauthorized access and establish clear boundaries for system use. You must also consider state-specific privacy laws, which may impose additional restrictions on employee monitoring. The Digital Millennium Copyright Act requires policies to address copyright infringement and provide procedures for handling violations. Additionally, industry-specific regulations may mandate particular security measures or data handling procedures that must be incorporated into your policy framework.

GOVERNING LAW

Applicable law

This Email And Internet Usage Policy is drafted to comply with England and Wales law. Key legislation includes:

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it