Please excuse the postings to individual users...I don't remember who the original person was that submitted the question...
Regardless, while I agree with Mr. Jackson that people will sue for just about anything I think that for a person (i.e., business) to be prudent they should employ a knowledgeable lawyer when formulating AUPs. Not just for their protection from civil actions but also so that they have a firm foundation for administrative and criminal actions. Kevin Mandia and Chris Prosise outline these very issues in "Incident Response: Investigating Computer Crime" and provide a good reference for developing AUPs that *should* hold up under scrutiny. >From the same publication (closest book to me right now...) are these particular >points that should be considered (edited info so as not to infringe the >copyright...even if this is educational). Also, even though US law is mentioned here >many areas now have *similar* laws (another reason to hire a technology lawyer in >your region): i. Without any policies to the contrary, your employees have an expectation of privacy. ii. If you do not have explicit policies that advocate the protection of your intellectual property and the monitoring of employee activities, their expectation of privacy may be supported viii. 18 USC 2511 generally makes it illegal for anyone to intercept wire, oral, or electronic communications while they are being transmitted.
