Users who download and store MP3 collections on company equipment and network not only hog bandwidth but also are exposing your network to security breaches and your company to copyright infringement liability.



IT managers are often charged with curbing or stopping this type of download abuse. One way to address the problem is to create a media use clause and add it to your company's Internet usage policy. In this article, we'll look at why such a clause is important and how to create one.

Why should you care?

IT managers should monitor how users use an organisation's Internet access because of concerns about:

• Bandwidth and storage issues
• Security threats
• Copyright infringement

Bandwidth and storage issues

MP3s, video files, and other large downloads can hog bandwidth and storage space. These downloaded files, if left unchecked, can slow the online access speeds across an entire organisation.

Two TechRepublic members offered their methods for dealing with MP3s. In both cases, these members hunt down and delete the MP3 files.

B. Waggoner said he takes action when "users clog either network bandwidth or network drives with MP3s...they affect the efficiency of every other user on the network...enjoy your MP3 collection until I find time to delete (it), because I will."

W. Sparling said a company policy prohibits the "downloading or storing of MP3s on our network...anywhere including your 'personal' directories. If you don't follow the policies and download files, they are gone."

Security threats

Online browsing and downloading can expose an organisation to viruses. Even using file-swapping services (and there are many new services besides the popular Morpheus and Napster) can invite viruses into an organisation.

Installing firewalls and other security applications is one way to address security. A second way is to educate users on the dangers inherent in e-mail attachments or other files.

Users, however, are not always easy to train. "The user community is notoriously difficult to educate," said Tom Turner, director of marketing for Okena, a provider of intrusion prevention security products.

"We always say that if e-mail users receive an application [that] says, 'Do not open. This is a virus,' 90 percent of them are still going to open it," he said.

Yet, according to a past TechRepublic survey, 59 percent of organisations allow all types of attachments. This survey demonstrates why it is important to train users how to protect systems from the viruses found in attachments or other online files.

Copyright infringement

Another consideration for IT managers is the possibility that downloaded files violate copyright laws. Many songs, photographs, videos, designs, and some text are protected.

If your users are downloading and storing copyright material on company equipment, they're guilty of copyright infringement.

"If you are taking something that's not been legally obtained, then the person who uses it, or the person who has it stored in their computer, is infringing the copyright," said David Radack, an intellectual property attorney with Eckert Seamanns Cherin & Mellott.

Yet, often the organisation, not the individual, will face charges for violating copyrights.

A manager should be armed with a policy that addresses MP3 and similar files. With an organisation-backed policy, the manager is free to delete, block, or monitor whatever he or she needs to in order to keep systems functioning for their intended use.

A policy cannot protect an organisation from litigation, but it can lessen the amount of damages awarded to a plaintiff in a case, Radack said. The amount of damages can be limited if you show that you were not a willful infringer.

Create a media usage clause

TechRepublic reviewed policies from over 50 organisations in North America. During the review, it became evident that many organisations address downloads and similar files in a larger policy about users' e-mail and Internet use.

Below are samples of media provisions that you can modify and place in an Internet or e-mail policy.

• "Staff must presuppose that all materials on the Internet are copyright and/or patented unless specific notices state otherwise. Downloading and storing copyright material on company equipment is prohibited."

• "Bandwidth both within the company and in connecting to the Internet is a shared, finite resource. Staff must make reasonable efforts to use this resource in ways that do not negatively affect other employees. Specific departments may set guidelines on bandwidth use and resource allocation."

• "Under no circumstance are staff allowed to overload networks with excessive data or waste computer time, connectivity access, disk space, or other company resources for personal use."

• "Electronic communication resources are limited. Employees should conserve these resources and must not deliberately perform actions that waste resources or monopolise them to the exclusion of other employees. This includes subscribing to list servers or Web sites not directly related to job responsibilities, spending extensive time on the Internet, and downloading nonwork files."

• "We have the right to monitor company computer systems, including Web sites, chat rooms, and news groups visited by users. We can review material uploaded or downloaded to or from the Internet, e-mails, and attachments sent and received by users."

TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to fire walls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.

©2001 TechRepublic, Inc.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.