Internet abuse a €300m headache for small firms

5 Aug 2003

Email abuse is costing Irish firms €300m per annum and the majority of small Irish companies have no anti-abuse policy in place, leaving themselves wide open to productivity losses, bullying claims and sexual harassment, the Small Firms Association has warned.

The assistant director of the Small Firms Association (SFA), Patricia Callan, said that Irish employers need to wake up to the scope, extent and impact which email and internet abuse can have on their businesses.

Irish employers, she went on, seem impervious to the scale of internet abuse and also to the powerful medium that the internet has become. Owner-managers face a very significant “duty of care” to staff, customers and the general public in protecting them from unsolicited information or any advice that might emanate from their companies.

She pointed to recent SFA analysis which shows that 57pc of small businesses have no email and internet abuse policy in place, despite the fact that they will be held legally liable if their employees misuse their IT systems.

“While small businesses have actively embraced technology and have put e-mail and the internet on most desktops in order to achieve productivity gains, this empowerment brings with it a risk that many companies do not anticipate, particularly in lost output and increased cost,” Callan said.

She explained: “If employees with access, misuse email or the internet for only 10 minutes each day, then the cost to Irish business is over €300m a year, in pure productivity terms. But email and internet abuse, can leave an employer open to even greater costs, such as libel actions, inadvertent entry into binding contracts, breaches of copyright legislation and exposure to sexual harassment and bullying claims.”

“The most important thing for companies to realise is that they will be held to be vicariously liable for the actions of their employees, even if these actions take place without the company’s consent.”

Callan provided the example of a leading British insurance company that was forced to pay £450,000 sterling damages to a small financial house, which had gone out of business, due to a chain email originated by one of their employees on the company’s email system, which speculated that the business was unsound and which was sent throughout the City of London. “It is essential for companies to ensure that all emails emanating from their systems have an appropriately worded disclaimer in the footer, to limit the company’s liability to libel actions.

“Companies are easily exposed to claims of harassment, sexual harassment, and bullying in the workplace, originating in email and internet abuse. Harassment is defined as ‘any conduct, gestures or spoken words, including display or circulation of written words, pictures or other material, which is unwelcome to the recipient, and which may reasonably be regarded as offensive, humiliating or intimidating.’ Under the Employment Equality Act, 1998, remedies can be up to two years remuneration, whilst compensation in civil actions can be unlimited, so these issues should be taken very seriously by every business,” commented Callan.

“Employers must also be aware of the possibility of their employees breaching copyright laws when using information in electronic correspondence, or downloading material from the internet, in particular software piracy, which the Business Software Alliance estimates costs the Irish software industry €40m per annum, as one in every two software programs are pirated. Penalties under the copyright legislation include fines of up to €127,000 or imprisonment for five years or both.”

In conclusion, Callan said: “It is essential for all companies to put in place a comprehensive e-mail & internet abuse policy, which clearly sets out rules for personal use, prohibits access to offensive material, sets out safeguards to protect the company’s interests, raises awareness of the risks associated with abuse/carelessness, and establishes guidelines for efficient use. The policy should be fully implemented in the company, through communication, training, monitoring and a clear link to the disciplinary procedures.”

By John Kennedy