7/27/2019 How to Draft Your Clubs IT Policies

1/3

Private Clubs Newsletter

How to Draft Your Clubs IT Policies

By Thomas DeMayo, Manager of Information & Technology

Services

To protect your club from liability, be sure to develop usage rules in the

following areas when crafting your clubs IT policies:

E-Mail

Internet

Remote Access

Passwords

Removable Media Social Media

Specific policies your club should consider implementing include:

E-Mail/Internet:

Prohibit employees from transmitting or viewing content that

could violate equal opportunity or discrimination laws.

Forbid employees from transmitting or viewing e-mail messages of

a sexual nature or containing racial, ethnic or other slurs. If an

employee sends out a lewd message with your clubs name on it,

the club could be held liable. Instruct employees never to open e-mail attachments or links from

unknown senders.

Inform employees that deleted e-mail will not ensure

confidentiality. Messages can be restored and archived.

Inform employees that the clubs systems are not in place for their

personal business ventures.

Do not prohibit employees from sending personal e-mails. Be

realistic, but set terms and conditions as to what is and is not

acceptable.

Only authorized personnel should be permitted to transmit club-

wide e-mails.

Do not permit employees to send chain letters, jokes and political

correspondence.

Prohibit the streaming of any video or media that is not needed for

business purposes.

Have a clause or separate section regarding e-mail retention.

Contact:

New York, NY

(downtown)

212.867.8000

New York, NY

(midtown)212.286.2600

Harrison, NY

914.381.8900

Stamford, CT

203.323.2400

Paramus, NJ

201.712.9800

New Windsor, NY

845.220.2400

Wethersfield, CT

860.257.1870

7/27/2019 How to Draft Your Clubs IT Policies

2/3

Passwords:

Clearly define what the minimum password requirements are for

all business systems and applications, including length, complexity,

lockout, change frequency, etc.

Require that employees keep passwords protected. No yellowsticky notes attached to the monitor. No exception to this rule for

family and friends as well.

Inform employees that passwords may be reset by management to

access their systems and files if needed.

Remote Access:

Prohibit remote access from kiosks or insecure public locations.

If possible, limit remote access to business-owned and controlled

systems.

Require active antivirus scanning on the system used to connect.

Require the connecting machine to have recent operating system

and application security updates installed.

Require the user to close the session when they are done and not

leave the session unattended for any length of time.

Removable Media (USB drives, external hard drives, iPods, etc.):

Take a position on whether or not removable media is acceptable

in your club. If employees have no legitimate business need for the

use of removable media, ban it. Removable media can introduce

viruses and can be the biggest source of confidential data loss. Also

keep mind, as innocent as an iPod may seem, it is still a hard drivethat can either infect or steal information from a network.

If you allow USB drives, specify if encryption is required.

Social Media:

Define what the club considers to be social media.

Clarify the clubs position on the use of the club name on personal

social media pages.

Specify whether or not club supplied e-mail addresses can be used

to create social media accounts.

Remind employees that they represent the club. You do not want a

client or business associate to search an employee name and easilyobtain images and/or content that may place into question the

integrity and quality of the club.

About Our Practice:

Private clubs operate in a unique business environment. They are constantly challenged with

providing optimum quality and service while controlling costs. Private clubs must be aware and

ready to react to changes in government regulations, tax laws, operational advancements and

member expectations. Our dedicated Private Club professionals include partners, managers and

7/27/2019 How to Draft Your Clubs IT Policies

3/3

staff with highly specialized experience, education and training. Our team is current on developing

trends in the industry which assists our clients achieve their strategic goals for success. Our long

history of serving the private club industry exemplifies our commitment to serving this community.

OConnor Davies, LLP is a member firm of the PKF International Limited network of legally

independent firms and does not accept any responsibility or liability for the actions or inactions on

the part of any other individual member firm or firms.

IRS CIRCULAR 230 DISCLOSURE: To comply with IRS regulations, we are required to inform you that

unless expressly stated otherwise, any discussion of U.S. federal tax issues in this correspondence

(including any attachments) is not intended or written to be used, and cannot be used, (i) to avoid

any penalties imposed by the Internal Revenue Code, or (ii) to promote, market, or recommend to

another party any transaction or matter addressed herein. Our firm provides the information in this

e-newsletter for general guidance only, and it does not constitute the provision of legal advice, tax

advice, accounting services, investment advice, or professional consulting of any kind.

The information provided herein should not be used as a substitute for consultation with

professional tax, accounting, legal, or other competent advisers. Before making any decision or

taking any action, you should consult a professional adviser who has been provided with all

pertinent facts relevant to your particular situation