Private Club Newsletter In Policies We Trust: Protecting Your Club Through IT Policy

Thomas DeMayo, IT Manager

Technology. It saves time, keeps us focused on our business goals and ensures we remain competitive in the fast-paced world around us. It also can be misused if not implemented in a controlled manner. Strong, clear technology usage policies can help maintain the confidentiality, promote the integrity and ensure the stability of a clubs information and technology resources. When employees understand what the club expects of them, it can help minimize the clubs risk exposure.

Tom DeMayo IT Manager TDeMayo@odpkf.com 212.867.8000

As I work with clients, big and small, it is apparent that IT policies, and sometimes policies in general, are where many organizations need the most help. Though clubs may have basic policies regarding Internet or e-mail usage, oftentimes these are just basic stock policies downloaded directly from the Internet. In todays expanding technological landscape, its important that clubs take the time to both develop comprehensive IT policies and actually enforce them in order to truly protect a club from risk. As with any policy drafting process, when writing technology policy, clubs should consider certain key questions to ensure that the policy accomplishes its purpose: 1. 2. 3. 4. 5. Who is the audience? What is the club trying to convey, and what are the ramifications of noncompliance? Where can more information or assistance be accessed? When is the policy effective? Why are we implementing this policy?

These questions can help provide direction for your clubs actual policy wording. When crafting the language of your clubs policies, make sure that its clear. One of the biggest mistakes businesses make is that the policies are not definitive and, appear open to interpretation. Words like may and could should be eliminated whenever possible. Policies should delineate the clubs official position, instruct a user about user requirements, and convey that deliberate failure to conform to these policies will result in disciplinary action, up to and including, termination.

Contact: New York, NY (midtown) 212.286.2600 New York, NY (downtown) 212.867.8000 Harrison, NY 914.381.8900 Stamford, CT 203.323.2400 Paramus, NJ 201.712.9800 New Windsor, NY 845.220.2400 Wethersfield, CT 860.257.1870

In terms of specific policy tenets, IT policies should clearly state that employees have no right to privacy and can have no expectation of privacy when using club-owned equipment and/or networks. The club should reserve the right to monitor, review, restrict, store and distribute employee communications at any time, without notification. The more clearly a club conveys this reality to its employees, the better the business can protect itself from legal recourse should a disciplined or terminated employee file suit. Clubs should also consider implementing a log-on bannera box employees will need to click before they can access the clubs computers or networkto ensure employees reacknowledge the clubs right to monitor their technology usage and their lack of a right to privacy. Though policies should be focus on protecting your club, they also need to be unbiased and sensitive to the civil liberties of your employees. When crafting your clubs IT policies, do not be afraid to seek legal counsel. As technologies evolve, so do the associated legal complexities and challenges. Spending the money on legal consultation now will pale in comparison to the legal fees that could be spent as a result of poorly worded or planned policies. Once your club has developed strong IT policies, written policies should be distributed to, and discussed with, new employees as part of the orientation process. Acknowledgement of receipt and a statement of agreement and understanding should be signed by the employees and stored in their respective personnel file. All policies should include the right of the employer to amend the policy at any time, as well as the recognition of e-mail as an acceptable means for the employer to disseminate updates and new policies. Even once IT policies have been developed and distributed, the clubs job doesnt end there. One in ten organizations that Ive visited still used policies that were written more than ten years ago. Management needs to consider their IT policy as a living document. It will never be perfect, and there will always be room for improvement. Policies need to be reviewed and updated at least annually. At that time, organizations need to reflect on their policies and ask themselves the following questions: 1. 2. 3. 4. Is this policy still relevant? Is the wording of the policy reflective of our actual business practices? Have there been any employee issues during the year that may warrant the need for a new policy? Have new technologies been introduced that the organization needs to take a position on to protect its business?

Time spent now in developing clear, concise, definitive IT policies can avoid potential problems down the road. However, writing a policy, placing it in the employee handbook and forgetting about it is the biggest reason policies are not enforced, relevant, or all encompassing in the protection they provide. For more information on areas that your clubs IT policies should cover, as well as specific advice for each policy area, please see the accompanying article, How to Draft Your Clubs IT Policies. Tom DeMayo is Manager of Information & Technology Services at OConnor Davies Munns &Dobbins, LLP. He can be reached at tdemayo@odpkf.com.

About OConnor Davies: O'Connor Davies, LLP is a full service Certified Public Accounting and consulting firm that has a long history of serving clients both domestically and internationally and providing specialized professional services of the highest quality. With roots tracing to 1891, seven offices located in New York, New Jersey and Connecticut, and approximately 400 professionals including 70 partners, the Firm provides a complete range of accounting, auditing, tax and management advisory services. OConnor Davies is ranked as number 39 in Accounting Today's 2012 "Top 100 Firms" in the United States. The Firm is also within the 20 largest accounting firms in the New York Metropolitan area according to Crain's New York Business and the Westchester and Fairfield County Business Journals. OConnor Davies, LLP is a member firm of the PKF International Limited network of legally independent firms and does not accept any responsibility or liability for the actions or inactions on the part of any other individual member firm or firms. IRS CIRCULAR 230 DISCLOSURE: To comply with IRS regulations, we are required to inform you that unless expressly stated otherwise, any discussion of U.S. federal tax issues in this correspondence (including any attachments) is not intended or written to be used, and cannot be used, (i) to avoid any penalties imposed under the Internal Revenue Code, or (ii) to promote, market, or recommend to another party any transaction or matter addressed herein.