S 3.78 Correct behaviour on the Internet

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: User

When using Internet services for professional purposes, statements made here by employees of an organisation are usually perceived as statements by the institution and not as a statement by a private person. For this reason, the employees must be informed how to behave correctly when using the Internet and what behaviour should be explicitly avoided.

Information should only be published on the Internet after thorough examination, regardless of whether via Internet portals, the organisation's own websites, mailing lists or blogs. Even information which actually has a short life span, such as contributions to a discussion in a form originally intended for a small group of readers only, may remain accessible for a very long time. Additional information from various areas of life can be combined by means of research, for example, through search engines or social networks. In order to prevent that the targeted evaluation of information about a person or certain areas of an organisation resulting in unpleasant surprises, the Internet users should observe the following basic rules:

• Data economy: Before transmitting or publishing information on the Internet, the users should ask themselves how this information could reflect on them or their organisation and whether it should really be transmitted. Personal or business information should only be transmitted sparingly. As a general principle, nothing should be published which could not appear in a magazine under your own name.
• Need-to-know: Information should only be made accessible to those who should really be aware of it. This means that, for example, restricted forums or protected areas should be used for the transmission of data.
• Blogs, forums, mailing lists and similar applications should be used in such a way that private statements cannot be confused with professional statements or misunderstood.
• All unnecessary additional information should be removed from meta data of files (see S 4.64 Verification of data before transmission / elimination of residual information). Image files can, for example, contain more image information than visible in the published photo.

Every user should behave appropriately on the Internet, i.e. observe the netiquette. Netiquette (net etiquette) refers to a set of rules of politeness and suggested behaviour which has become standard practice for use of the Internet over time and the observance of which is supposed to ensure that everyone can use the Internet efficiently and to everyone' s satisfaction. This includes, for example, the following aspects:

• Just like in real life, the tone and the content online should always be suitable for the target group. Employees of organisations must always observe that they should only make statements that cannot be interpreted in a negative way for them or the organisation. The tone of writing should always be objective. Statements should always be examined as to whether they could also be printed in this form. They should never be or appear to be arrogant, discriminating or offensive.
• Depending on the Internet application, there are conventions on the composition of messages. In general, information should always be transmitted in such a way that it is as easy as possible to read and edit it. This includes correct syntax and orthography, capitalisation and conventional courtesy phrases. The messages should be shortened to the minimum needed.
• The relevant statutory regulations must always be observed when transmitting information. Before data is transmitted by or through third parties (texts, photos, etc.), for example, the copyright, general rights of personality (right to one's own image) or similar laws regarding the protection of personal and business data must be taken into account.

The recommended behaviours for the use of Internet services should be published in the Intranet or in another suitable form.

Review questions:

• Are the employees informed how to behave on the Internet and what behaviour should be explicitly avoided?