Managing email, internet and social media
IT policies for your business
Does your company have an information technology (IT) policy? If so, when did you last update it and do your
employees know it exists? This article looks at the pros and cons of your employees internet access and what you can
do to develop a policy around this.
Benefits and pitfalls
Do you provide your employees with portable devices such as iPhones, iPads, Blackberries or laptops? Do you allow
your employees to access your business network using their own portable devices? Does your IT policy adequately
address the security risks arising from your employees using portable devices?
We have all heard or read of horror stories about emails written in anger and sent in haste (occasionally these
end up plastered across the front page of the New Zealand Herald). Does your IT policy set out what is and what
isnt acceptable when sending internal and external communications (including emails, texts and communications
Social media sites such as Facebook, Twitter, YouTube, Pinterest and LinkedIn, amongst others, provide a myriad of
marketing and networking opportunities for some businesses. Various issues can arise, however, from employees
misuse of company email, internet and social media; these could include:
Loss of productivity
Increased internet connection costs
Reduction of internet speed due to high use/downloading which can affect business ef?ciency
Inadvertent or intentional disclosure of con?dential and/or commercially sensitive information
Damage to your business reputation as a result of negative comments made by employees in emails
or on social media sites, and
Allegations of bullying or harassment as a result of derogatory comments posted on social media sites
by one employee about another employee.
What does a good IT policy contain?
A good policy will:
State your business position on your employees personal use of work email, work devices such as computers
and smart phones, internet and social media sites stipulating what level of personal use (if any) is acceptable
Set out the types of behaviour which are deemed unacceptable, for instance, making intimidating or derogatory
comments about other employees or clients, or disclosing con?dential information
Address security risks, for example, the use and disclosure of passwords, and protection of con?dential information
Con?rm that your business owns any equipment/portable devices provided to employees and all information
contained on them
Advise whether your employees can access your business network via their own portable devices/home computers
and, if so, the limitations you wish to place around that
Set out the steps you take to monitor your employees business and personal use of work email, work devices such
as computers and smart phones, and their internet use. If you allow employees to access your network via personal
devices then you should stipulate the steps you can take to monitor their use of personal devices to do that
Specify the extent to which (if at all) its acceptable for employees to refer to your business or other employees
in blogs or on social media sites. Point out to employees that information posted on social media sites may not
If you require employees to maintain company blogs, or social media sites, set guidelines for the type of content
thats appropriate, and
State what steps may be taken if an employee breaches your IT policy.
The key to any good policy is that it should reflect the culture of your business, should be easy to understand and
accessible to all your employees.
The start of the year provides a good opportunity for all businesses to review, update or implement an enduring
and robust IT policy. A good policy can be proactively used to manage risk while maximising the bene?ts that email,
portable devices, the internet and social media can deliver to your business.
Anti-Money Laundering Deadline Looms
Five months remain to get organised
One of the key items on this years to do list for all affected businesses will be getting ready for the main provisions
of the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 that come into effect from
30 June 2013. Given the extent of whats required in order to comply, theres not a lot of time left. Those whove yet
to make much progress in getting ready would be well advised to plan for the incoming regime as soon as possible.
AML/CFT is an issue that New Zealand has paid some attention to over the years, but just not enough. Its big
business internationally. The International Monetary Fund and World Bank estimate that US$2 trillion to US$3 trillion
is laundered around the world each year. Regulators arent afraid to take action and impose substantial penalties for
failing to comply with AML/CFT laws. For example, global bank HSBC has been under investigation over allegedly
allowing clients to transfer potentially illicit funds from countries such as Mexico, Iran and Syria. Late last year the bank
agreed to pay US$1.92 billion in ?nes to US authorities as a result of those investigations and, as part of its settlement,
will be subject to independent monitoring and assessment against various measures directed at improving the banks
structure, controls and procedures.
New Zealands regime
International audits have revealed signi?cant de?ciencies in New Zealands AML/CFT regime. The Act is intended
to address a number of these de?ciencies. If we dont get it right, credit ratings and trade relationships with other
countries could be negatively affected, which will ultimately hurt us all directly or indirectly.
So, who does the Act apply to? The Act applies to reporting entities, a term which includes banks, life insurers,
?nance companies, building societies, credit unions, issuers of securities, trustee companies, futures dealers, brokers,
certain ?nancial advisers, casinos, money service businesses, those involved in ?nancial leasing, safe deposit businesses
the list goes on. There are a range of exclusions and exemptions for businesses that might otherwise be caught, such
as accommodation providers that provide guests with safety deposit boxes, accountants, real estate agents, pawn
brokers and lawyers.
Reporting entities will need:
A written risk assessment of the money laundering and ?nancing of terrorism that could be expected
in their business
An AML/CFT programme that includes procedures to detect, deter, manage and mitigate money laundering
and the ?nancing of terrorism
A compliance of?cer appointed to administer and maintain the AML/CFT programme
Customer due diligence processes based on their risk assessment including customer identi?cation and
veri?cation of identity, and
Suspicious transaction reporting, record-keeping, auditing and annual reporting systems and processes.
Guidelines have been issued
The regulatory bodies that are responsible for supervising the new regime (the Reserve Bank of New Zealand, the
Financial Markets Authority and the Department of Internal Affairs) have issued guidelines on various topics to assist
businesses to comply with the new regime. The topics covered so far include points of interpretation in determining
whether a business is a reporting entity and therefore caught by the Act, the required risk assessment and AML/CFT
programme, as well as the territorial scope of the Act (including the extent to which it applies to overseas entities).
For customers of reporting entities the impact of the Act will largely be felt through the customer due diligence that
will need to be done on them. This will generally involve customers having to provide more information which, in
some cases, will include needing to provide information on the source of funds and wealth. Trusts in particular will
come under close scrutiny, as they can be an easy way to hide the bene?cial ownership of funds.
For reporting entities that dont comply with the Act, the consequences can be signi?cant. The Act provides
for a range of sanctions for non-compliance, ranging from formal warnings to injunctions, substantial ?nes and
Further changes ahead for the Employment Relations Act 2000
Looking at the year ahead, were likely to see further reforms to the Employment Relations Act 2000, with the
proposed changes anticipated to come into effect in the second half of the year.
One area of the proposed reforms aims to further clarify Part 6A of the Act, which deals with vulnerable workers
whose work is affected by restructuring. The proposed changes include:
Exempting incoming employers with fewer than 20 employees from complying with Part 6A
Requiring outgoing employers to forward individual employee information to the incoming employer
Detailing a process to help outgoing and incoming employers to agree how to apportion accrued
service-related entitlements of employees, and
Adding additional penalties and compliance orders for non-compliance with Part 6A.
Amendments to the collective bargaining regime are also expected, including changes to:
Empower the Employment Relations Authority to declare the end of collective bargaining in certain circumstances
Allow employers to opt-out of multi-employer bargaining
Allow partial pay reductions in cases of partial strike action, and
Remove the requirement for non-union members to be employed under the terms and conditions of a collective
agreement (where one is in force which covers their work) for the ?rst 30 days of employment.
Other changes include amending the duty of good faith in section 4 to align it more closely with the privacy principles
in the Privacy Act 1983, and extending the right to request flexible working arrangements to all employees, from their
?rst day of employment.
More details on the proposed changes can be found at www.dol.govt.nz
Employees Facebook fallacy
Social networking forums have become the modus operandi of connecting, meeting and communicating for billions of
people worldwide. Employees, however, need to realise that what is said in a supposedly private setting online often
isnt as private as intended, as has been highlighted in the recent case of Taiapa v Te Runanga o Turanganui A Kiwa
After requesting one weeks leave without pay to attend a sporting championship and being granted only three
days by his employer, Mr Taiapa reported in sick claiming he had damaged his calf muscle and was un?t for
work. Regrettably for Mr Taiapa, a colleague saw him leaving town with his family and his employer became aware
of a photograph on Facebook showing Mr Taiapa smiling and giving the thumbs up with a large female sitting on
After an investigation and based on a number of factors, Mr Taiapa was dismissed for serious misconduct by
dishonestly taking sick leave. The Employment Relations Authority concluded it was open to a fair and reasonable
employer to view Mr Taiapas actions as dishonest and that they undermined the necessary trust and con?dence
required in the employment relationship.