Computers and Data-Kenya - Most businesses today are computerised or at least rely heavily on computers to perform their day-to-day functions. Computers enable the establishment of information systems, access to Internet and storage of data amongst a myriad of other functions. It is unimaginable to think of conducting business in today's world without some level of computerisation. However how many businesses actually have a computer policy?

A computer policy is the constitution that governs how employees use the hardware and software in their line of work.

My experience has been that few businesses have computer policies.

Given that most businesses conduct their daily affairs through computers, it is important to have an enforceable computer policy.

This is compounded by the risks associated with computer use.

Issues such as security, intellectual property laws and labour laws are some of the main legal issues to include in a computer policy.

The main users of computers are the employees and naturally they pose the biggest threat to a businesses' security when it comes to computer usage.

This could arise either due to negligence and improper use or through disclosure of vital information to competitors.

It would be greatly damaging if information about your company finances or trade secrets fell into the wrong hands.

Like any other good policy, an effective computer policy must have goals and objectives which should be practically realisable.

A good computer policy should protect the firm against errant users.

Let's have a look at some of the clauses that must be included in your businesses computer policy.

Terms and definitions. A policy must have clear definitions of terms and persons for purposes of clarity.

A clear definition of roles and responsibilities must also be provided in the computer policy to avoid confusion.

For example the onus placed on the information technology professionals within the business will be higher than that of regular users.

The IT professionals are charged with managing the facility and therefore the scope of their duties under the policy must also be differentiated from regular users.

Security clauses. Security issues must be adequately covered in the policy.

This would include issues related to securing passwords and hacking of e-mails and systems.

The policy must clearly set out security breaches regarding the use of the facility. For example it would be a breach to access classified information through hacking.

The policy must also clearly set out protection of the firm's intellectual property as far as computer use is concerned.

This is especially applicable if a firm depends on its computer facilities to generate innovations.

Asset management. The computer policy must clearly describe all the assets it covers, in essence, all ICT equipment in the company including servers and cables that are not handled directly by users.

The policy must contain a few principles of asset management guiding the staff on how to properly use the computers so that their shelf life is increased.

Events of negligence must be set out under this clause and may include damaging and losing of any equipment. It is important to insure your computers against various risks.

A good computer policy must adhere to the law. The New Communication laws have really overhauled the ICT sector in Kenya and therefore it would be important to highlight some of the relevant provisions of these laws in the computer policy.

Enforcement clauses. A good policy must be enforceable. It's of no use to have a policy on paper that applies no repercussions for breaching obligations.

Some of the enforcement clauses that can be included are replacement of equipment in the event of damage, disciplinary action in the event of hacking, accessing classified information and disclosing information owned by the firm to competitors.

The disciplinary actions vary depending on the severity of the breach and range from reprimanding to summary dismissals.

Once the policy is effected, it is important to educate the staff on its provisions and include it as part of human resource programs.

It must be highlighted during orientation programs for new staff members.

Adherence to the computer policy should be one of the terms of the employment contract.

If it is being done for the first time, there should be adequate training for all staff members according to their various levels of access.

The policy should be reviewed from time to time to keep up with changes in the ICT sector.

Ms Mputhia is an Advocate of the High Court.

Cathy Mputhia

Business Daily/11/04/2011