Create a bespoke document in minutes, or upload and review your own.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Acceptable Use Policy
I need an Acceptable Use Policy for a small business that outlines the appropriate use of company resources, including internet and email, to ensure compliance with legal and ethical standards. The policy should include guidelines for data protection, prohibited activities, and consequences for violations.
What is an Acceptable Use Policy?
An Acceptable Use Policy spells out the rules and limits for using an organization's IT systems, networks, and digital resources. It protects both employers and staff by clearly stating what counts as proper use of company technology, from email and internet access to software and devices.
Under NZ's Privacy Act and Harmful Digital Communications Act, these policies help organizations meet their legal obligations while managing cyber risks. A well-crafted policy balances workplace productivity with security needs, giving staff clear guidelines about appropriate online behavior and helping prevent issues like data breaches, harassment, or misuse of company resources.
When should you use an Acceptable Use Policy?
Put an Acceptable Use Policy in place when introducing new IT systems, onboarding employees, or updating your digital workplace policies. It's especially crucial for organizations handling sensitive data or subject to NZ's Privacy Act requirements - like healthcare providers, financial services, and government agencies.
The policy becomes essential when expanding remote work options, implementing BYOD programs, or after security incidents. Many organizations create or update their policy during annual compliance reviews, when adopting new technologies, or merging with other companies. Having clear rules before problems arise prevents misuse and protects both the organization and its staff.
What are the different types of Acceptable Use Policy?
- Acceptable Use Agreement: A comprehensive policy focusing on overall IT system usage, typically used by larger organizations. Covers broad digital conduct expectations and security requirements under NZ privacy laws.
- Email And Internet Usage Policy: A specialized version specifically addressing email communications and web browsing. Popular with small-to-medium businesses needing focused guidelines for daily digital communications and internet access.
Who should typically use an Acceptable Use Policy?
- IT Managers and System Administrators: Draft and enforce the Acceptable Use Policy, monitoring compliance and handling technical implementation
- Legal Teams: Review and update policies to ensure alignment with NZ Privacy Act and cybersecurity regulations
- Employees and Contractors: Must understand and follow the policy's rules when using company IT resources
- HR Departments: Include the policy in onboarding processes and handle violations alongside disciplinary procedures
- External Consultants: Help develop customized policies for specific industry needs or compliance requirements
How do you write an Acceptable Use Policy?
- IT Infrastructure Review: List all systems, software, and devices that employees access
- Security Requirements: Document your cybersecurity protocols and data protection needs under NZ privacy laws
- Usage Boundaries: Define acceptable personal use of company resources and prohibited activities
- Compliance Needs: Identify industry-specific regulations affecting your digital workplace
- Enforcement Process: Plan how violations will be monitored, reported, and addressed
- Policy Generation: Use our platform to create a customized, legally-sound Acceptable Use Policy that includes all required elements
What should be included in an Acceptable Use Policy?
- Scope Statement: Clear definition of who must follow the policy and which systems it covers
- Acceptable Use Rules: Specific guidelines for proper use of IT resources and digital assets
- Privacy Compliance: Alignment with NZ Privacy Act requirements for data handling and protection
- Security Measures: Required protocols for passwords, encryption, and device security
- Prohibited Activities: Explicit list of banned behaviors and potential consequences
- Monitoring Notice: Declaration of system monitoring practices and user privacy expectations
- Acknowledgment Section: User agreement and signature block confirming policy understanding
What's the difference between an Acceptable Use Policy and an Access Control Policy?
While both documents deal with system access, an Acceptable Use Policy differs significantly from an Access Control Policy in several key ways.
- Primary Focus: Acceptable Use Policies govern behavior and appropriate use of IT resources, while Access Control Policies specifically manage who can access what systems and when
- Scope of Coverage: Acceptable Use extends to all digital activities and conduct, whereas Access Control deals purely with authentication, authorization, and security clearance levels
- Implementation Level: Acceptable Use works as a behavioral guideline affecting daily operations, while Access Control operates at a technical security infrastructure level
- Compliance Context: Under NZ privacy laws, Acceptable Use addresses general conduct and data protection, while Access Control fulfills specific security control requirements
Download our whitepaper on the future of AI in Legal
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.