HomePoliciesTechnology and Communications SystemsUS

Technology and Communications Systems: US

Tom O'Deaby Tom O'Dea
Company Property & Confidential InformationUSTechnology and Communications Systems

This Technology and Communications Systems policy sets clear expectations for how employees use your organization's devices, networks, email, and other tools, including when personal use is allowed, what monitoring may occur, and how to handle photos, recordings, and personal devices used for work. It's designed to support everyday security and productivity needs while also aligning with key US legal guardrails like the federal Wiretap Act and Stored Communications Act, the Computer Fraud and Abuse Act, and employees' protected rights under the National Labor Relations Act (including certain communications and recordings tied to working conditions). Some states also add their own rules, such as Illinois' Right to Privacy in the Workplace Act, so a well-drafted policy should be practical for employees, consistent across locations, and flexible enough to account for local requirements.

The History Behind Technology and Communications Systems Policies in US

Technology and Communications Systems policies come from the same impulse that drove early Company Property & Confidential Information rules: employers needed to define a line between personal space and business assets once work moved onto shared networks. Email, voicemail, and networked computers made it easy to copy, forward, and store huge volumes of information, and courts generally treated employer-provided systems as business tools that employers could manage and review under the right conditions. Congress also stepped in early with the federal Wiretap Act, which regulates interception of electronic communications and pushed employers toward notice, consent, and narrow monitoring practices instead of casual eavesdropping.

 

As the internet became a default work tool, lawmakers started treating misuse of systems as a security issue, not just a productivity issue. The Computer Fraud and Abuse Act became the main federal statute for unauthorized access to computers, and employers leaned on it when employees (or outsiders) accessed systems without permission or took data on their way out. Courts later narrowed some of the more aggressive CFAA theories, including in Van Buren v. United States (2021), which rejected the idea that simply violating an employer's computer-use rules automatically equals federal "unauthorized access". That decision did not make policies less useful; it made them more honest about what they can and cannot do.

 

Phones with cameras, always-on messaging, and remote work then forced employers to address recordings, monitoring, and bring-your-own-device realities in plain language. State privacy and eavesdropping laws raised the stakes, and Illinois added a particularly sharp example with its Right to Privacy in the Workplace Act, which limits how employers can demand access to an employee's personal online accounts. Labor law also influenced the modern version of these policies, because the NLRA protects certain employee communications about working conditions, including some activity that happens on employer systems. Employers ended up writing policies that protect systems and data while leaving room for legally protected speech and activity, even when that balance feels a little uncomfortable.

Which Law is the Technology and Communications Systems Policy Meant to Comply With?

If you create and distribute a Technology and Communications Systems Policy for your US-based employees, you should make sure it complies with federal wiretapping and electronic communications interception laws (18 U.S.C. Chapter 119), the Computer Fraud and Abuse Act (18 U.S.C. 1030), the National Labor Relations Act (NLRA), and any state or local laws such as Illinois's Right to Privacy in the Workplace Act (820 ILCS 55).

How to Write a US-Specific Technology and Communications Systems Policy

  • Start with "why" and introduce the concept, business-first use of workplace technology and communications systems with no expectation of privacy.
  • Define the covered systems and state that information created, stored, or sent using them belongs to your organization.
  • Explain that employee activity on these systems may be monitored.
  • Require employees to follow your security measures for all technology use, including remote work.
  • Allow limited personal use only when it stays reasonable and complies with your policies and the law.
  • Limit work use of personal devices and personal email to authorized situations and tie that use to your BYOD rules.
  • Cross-reference other conduct-related policies that apply to technology use, including anti-harassment, anti-bullying, and workplace conduct.
  • Set heightened expectations for handling confidential or sensitive information using technology systems.
  • Address social media and external communications by linking to your social media and publicity/media inquiry rules.
  • Require compliance with applicable laws and regulations when using technology and communications systems.
  • Restrict photos and audio/video recordings in work areas during work time unless authorized or legally protected.
  • Set BYOD security and data-protection requirements, including reporting device loss or unauthorized access.
  • Reserve the right to require specific device security controls before allowing access to company systems.
  • Clarify that employees generally cover personal device costs and that BYOD use is subject to monitoring and must not disrupt work.

When to Include this Policy in Your Employee Handbook

The law does not require you to publish a policy or issue a specific notice. That said, you still have to comply with the requirements that apply to you as an employer. 

 

Even when notice is not required, this is still the kind of policy most employers should put in their handbook or otherwise publish to employees. It answers a question employees will ask, sets expectations, and gives managers a consistent script. If you don't include it, you'll end up explaining it ad hoc, and that's when inconsistency, resentment, and accidental noncompliance shows up. 

Other Considerations

The law applies to US employers who have at least 1 employee in the US.

Exceptions

None.

Model Policy Template for a Technology and Communications Systems Policy

Technology and Communications Systems

Our technology and communication systems are essential to our work. They should be used primarily for business purposes, and you should have no expectation of privacy when using them, whether for business or limited personal reasons. Please use our systems in ways that support our goals and reflect our values.

We provide tools like computers, email, internet access, phones, and voicemail to help you do your job. Any information created, stored, or transmitted using these systems is considered {​{​Organization Name​}​} property, and your activity while using them may be monitored.

 

Keep the following in mind when using our technology and communications systems:

  • Follow all security measures we have in place related to technology, especially when working remotely.
  • Reasonable personal use is permitted if it doesn’t interfere with your work responsibilities, consume excessive bandwidth or storage, violate any company policies, or is protected by law.
  • Don’t use your personal device or email for work unless you've been authorized to do so and are complying with our BYOD guidelines (see below).
  • All {​{​Organization Name​}​} policies apply when using technology, including harassment and discrimination prevention, bullying, and workplace conduct.
  • Take extra caution when working with confidential or sensitive information.
  • Familiarize yourself with and adhere to our policies related to social media and publicity and media inquiries.
  • Follow the laws, rules, and regulations of any relevant jurisdiction.

 

Use good judgment, and remember that your actions may be monitored to ensure responsible and appropriate use.

Photos & Recordings

To protect privacy, sensitive information, and workplace safety, taking photos or recording audio or video in work areas during work time is not allowed unless authorized in advance or when recordings are part of your rights under the law, such as documenting workplace misconduct, unsafe working conditions, or other legally protected activity.

 

If you have questions about what’s allowed, ask your {​{​manager​}​} or {​{​the HR Team​}​} before recording.

Personal Devices (BYOD)

If you're authorized to use your personal device (like a laptop, tablet, or phone) for work purposes, you must follow all {​{​Organization Name​}​} policies regarding security, privacy, and data protection. This includes keeping company data secure and reporting any loss or unauthorized access immediately.

 

We may require specific security settings (such as password protection, encryption, or remote wipe capability) before permitting personal devices to access company systems. You’re responsible for the cost of your own device unless otherwise agreed to in writing. Use of personal devices for work is subject to monitoring and must not interfere with your job responsibilities.

 

If you're unsure whether you're authorized to use your personal device for work, check with your {​{​manager​}​} or {​{​the HR Team​}​}.

All US-Specific Policies & Topics

View All
Previous US Policy
Stock Options
Next US Policy
Timekeeping

Reminder

The information provided here does not, and is not intended to, constitute legal advice. Only your own attorney can determine whether this information, and your interpretation of it, applies to your particular situation. You should contact legal counsel for advice on any specific legal matter.