Model Technology Usage Policy
This model policy is a supplement to LAWPRO Magazine: Cybercrime and law firms, published December 2013.
This Technology Usage Policy precedent discusses the appropriate use of computing and
1. Computer Security
- Users must not share their accounts or passwords with others, and are only authorized to
use their own accounts to access [Firm Name] systems. Authority levels to access various
systems and resources as assigned are tied to the user’s personal account.
- Users must shut down their computers at the end of each day, and are encouraged to log
out of key systems if they are going to be away from their desks for an extended period of
- Users are responsible for reporting any abnormal operation of their computers to
- Users are encouraged to report all spam messages to our email hosting service. Users
must not click on links/attachments received from untrusted/unverified sources.
- Users must not attempt to disable, circumvent or hack the security features built into the
various hardware and software systems at [Firm Name].
- Users are prohibited from installing hardware or software, either of business or personal
nature, without approval from [technology person].
- Users are prohibited from copying or sharing hardware, software, corporate data or
intellectual property, either internally or externally, without supervisor authorization.
- Users are prohibited from intentionally damaging hardware, software, or corporate data.
- Users must exercise due care in handling hardware and accessing corporate data.
- Users who have been assigned and/or have borrowed portable devices (e.g., laptops,
tablets, smartphones, USB drives, etc.) must review and observe the Portable Device
Security, Privacy and Usage Policy.
- Users exchanging data with outside parties must review and observe the Electronic
Document Handling Policy.
2. Use of Resources
- Users must request access to the [Firm Name] resources (e.g., databases, mailboxes, via
- [Firm Name]’s information technology is provided for [Firm Name] business purposes.
Staff are permitted to use systems for occasional personal use.
- Staff must not use [Firm Name] resources to conduct any non-work related business
- Staff are prohibited from using [Firm Name] resources for illegal or offensive purposes.
- Staff are prohibited from using [Firm Name]’s Internet services to access illegal or
- Staff are prohibited from using [Firm Name] data for any purpose other than for [Firm
Name] business. Access and use of [Firm Name] data for personal interest, external
business purposes, etc. is prohibited.
3. Social Media
- [Firm Name] permits open access to most social media channels. Casual professional and
personal use of social media is permitted.
- Download and installation of social media software or plug-ins is permitted with manager
- All communications using [Firm Name]’s systems must be polite and not harass or offend
- Phone and fax use, Internet use, email use, data access, login/logoff times, etc. may be monitored and logged. Logs may be reviewed periodically for security and audit purposes.
6. Consequences for Non-Compliance
- Breaches of [Firm Name]’s Technology Usage Policy will be addressed by the user’s supervisor
and firm management. Consequences for serious breaches of the policy may result in termination of employment.
7. Policy Revisions and Updates
- This policy will be reviewed at least annually. Any changes to the policy will be made known to staff. Any questions about the policy should be directed to the [designated staff person].