Purpose of an Acceptable Use Policy
Name
Institution
Course
Date

Purpose of an Acceptable Use Policy Acceptable use policy is an official and legal document that binds the employees of Tata communications to understand that the information and data is the property of the organisations and there are a certain rules that should be abided by when using this information. It secures the rights of a company to enforce certain obligations over them to make sure that they do not indulge in unethical and unprofessional sharing of the information upon which they are working or can access. The acceptable use policy which is taken as an example for the purpose of this paper is of Tata communications, which is the telecommunication company in India. The policy aims to elucidate the guidelines and standards for the employees to make sure that the information privacy and security is not compromised by the employees and that they are well aware of how to use the information. Every new employee at the company is made to go through the acceptable use policy and sign it for future reference. This maintains the check over the usage and sharing pattern of the employees. Each and every point that is central or peripheral to the usage and sharing is mentioned clearly with enough examples and instances to remove any kind of confusion to the employees. Critique the AUP The AUP is very well written and communicated however, there are certain points that can be included to make sure that the policy is even more transparent and clear. There should be a clear indication of the penalties that entail the use of any external device or data storage device in the company’s network. The policy should elucidate the ethical and moral bindings apart from the legal bindings so that it motivates the employees to follow the rules. The policy should be easy to comprehend with minimal legal language to ensure that ignorance does not become the excuse for violation. The AUP should be based on ethical and professional standards rather than legal violations so that it is easier for the employee to abide by it and it does not become an obligation but a good practice. AUP should also include the sharing violations of abstract and tacit information and not just confine itself to the data and statistical information. This will ensure that any kind of information sharing breach can be considered as violation and penalised. Methods to mitigate their risk exposure, and minimize liability The methods which can be used to mitigate the risk and minimise liability are: 1. Making the AUP available in the public domain: Tata communications has displayed its AUP on its website which makes it apparently very easy to go access and thus does not allow the employee to make the excuse of inaccessibility. 2. AUP should be succinct and clear: Tata communications has used easy language and legal terms to ensure that it is understandable to every kind of employee like engineers or techies who normally are weak with verbose document. 3. AUP should be applicable to long term vision of the company: Tata communications has made sure that its AUP is in line with what the company stands for and thus it makes sure that the employees can associate it with the mission and vision. 4. AUP should not be a perfunctory document: Tata communications makes sure that AUP is well read and understood by the employee before they sign it and thus it is given along with the employment letter. Any violation is then treated as an intentional offense and cannot be excused because the employee considered it just a formality and were not aware of any particular clause. Methods for increasing the awareness of the AUP Methods that can be used to increase the awareness of AUP are: 1. It should be made part of the employment documents 2. It should be made available to the employees at their work stations 3. It should be made part of HR orientation program at the time of joining 4. It should be made compulsory for all the employees to read and understand at the time of joining. 5. Notice boards should display the offenders and penalties regularly so that it is widely discussed in the office. 6. Employees should be made part of amendments and issues concerning the AUP so that it can be updated and made more effective according to dynamic business environment.
Conclusion
AUP is an important tool for technology companies like TATA communication that deal with lot of data and information. This information if shared and leaked by an employee, can lead to a massive competitor attack and lead to loss of market share. Thus, every company should protect itself by binding its employees by a legal document that clearly mentions do’s and don’ts while they work with the company’s classified information. This will enable the company to safeguard its information and also eliminate the chances of trade secret sharing with the competitors. AUP should be widely available and should be made part of regular discussions at the company so that it is not considered as a formality.

References Acceptable use policy – Tata communications, retrieved from: http://www.tatacommunications.com/policies Electronic communications privacy act of 1986, (P.L. 99-508), The United States Department of Justice, last retrieved: 29th April 2013. http://www.justice.gov/jmd/ls/legislative_histories/pl99-508/pl99-508.html FOIA, Electronic Frontier Foundation, Legal guide for bloggers, last retrieved: 29th April 2013. https://www.eff.org/issues/bloggers/legal/journalists/foia Protecting Information Rights-Advancing Information Policy, Office of Australian Information Commissioner, last retrieved: 29th April 2013. http://www.privacy.gov.au/materials/types/guidelines/view/6849