The porn case

What are the lessons from the Budlong porn case?

On the face of it, the NSW Industrial Relation Commission's ruling that being sacked for possessing porn is unreasonable is worrying. But like all these things a reading of the judgment reveals there's a lot more to the case. It appears NCR were inconsistent and made a number of mistakes.

The biggest mistake NCR made was inconsistency. Another staff member had been counseled for inappropriate email usage, she was sacked after continuing the behaviour. Budlong wasn't given counselling before being sacked.

A more striking problem for NCR was their Acceptable Usage Policy. The "air of automation" comment by the commission was my biggest worry, but it turns out the policy was FIFTY pages long. It clearly wasn't readable, the commission also hints that not all staff had signed it.

The third and, in my view, most dubious point against NCR was the lack of a firewall. While I'm surprised a company like this didn't have one, the commission took it as indicating the company didn't seriously enforce it's policies. It shows a business has to take positive steps to prevent this happenning.

This case has presented a few lessons for businesses and IT departments. While the specific case is only applicable to New South Wales, the lessons can be taken on board by most companies. Those lessons are.

1. Have a clear and concise policy on inappropriate usage.
2. Act decisively, fairly and consistently when it is breached.
3. Do not rely on an AUP, install filtering and monitoring equipment to stop these things coming into the network.

From a purely mercenary point of view, this is an excellent opportunity for IT businesses to push filtering and AUP policies.