When is it appropriate for an employee to use Facebook on their computer at work? Or other personal web resources, such as Twitter, personal email, etc.?
Employers can and should implement policies for appropriate use of computers in the workplace, which can and should provide a clear answer to this. But which of the following is the best policy?
(A) Whenever the employee wants?
(B) Whenever the employee has 'down time'?
(C) Whenever the employee is on an officially sanctioned break?
(D) Never, except as may be directly required for the performance of their job duties?
As a common practice, many employers tolerate such usage on the basis of "C" or even "B". But for a number of reasons, employers should stick with "D". It's easy for an employee to forget that the computer is not, in most cases, the employee's own property, but it is a tool belonging to the employer which is supplied to the employee to accomplish his or her work goals, so the employer is technically within its rights to insist that it only be used for work purposes, and in fact there are problems that can arise from not doing so.
One might ignore the legal issues which could hypothetically arise from too much informal generousity to employees - CRA attention to non-cash benefits or employee claims that a perk constituted a part of their compensation package - because these are likely to be quite trivial in this context, but it is harder to ignore the potential threat to IT security posed by too much casual computer use. The technical aspects aren't my expertise - talk to your IT professional about this - but while my understanding is that facebook and hotmail themselves are reasonably benign, they can easily link to websites which are more malicious. Careless use - or use by people who aren't web-savvy - of these resources can easily lead to computer viruses or other malware that could compromise your security and the privacy of your network.
Not only are your files proprietary, but as most computer networks have some client information on them, they aren't all yours to share. If your network is compromised and your clients' personal information is hacked, you may be liable in the event that you have not taken all reasonable precautions to prevent this. If it turns out that the security breach was a consequence of your receptionist, with your blessing, surfing facebook and inadvertently clicking a malicious link, then that's a problem for you. Not only are you potentially liable to third parties, but employee discipline in such a context would be inappropriate: If you have communicated to employees - expressly or impliedly - that it is acceptable to be surfing the net in such a manner on work computers, then you can hardly blame them for having done so.
Here's the other catch: Having a good policy isn't enough. You need to actually enforce the policy. If it comes to your attention that a certain employee or group of employees isn't adhering to the policy, then you need to implement a program of progressive discipline. It's all well and good to say "Our policy prohibits this", but if managers turn a blind eye to such conduct, the employer can be said to have "condoned" the conduct nonetheless.
This blog is not intended to and does not provide legal advice to
any person in respect of any particular legal issue, and does not
create a solicitor-client relationship with any readers, but rather
provides general legal information. If you have a legal issue or
possible legal issue, contact a lawyer.