Code of Practice for organisations

Every business, school and university can implement a Code of Practice or Acceptable Use Policy to clearly set out what is considered appropriate use of the Internet.

Having a Code of Practice will not protect you from prosecution action so organisations should always consider getting their own legal advice. Note section 138 of the Films, Videos, and Publications Classification Act – Liability of employers.

Draft Code of Practice for Internet usage

This draft code of practice is only a recommendation. It covers topics in a general way that organisations should adapt and amend for their own purposes.

It is important that organisations be aware that Internet activity that is not illegal on a home computer can still cause legal issues at work. This can include employees accidentally damaging the organisation’s reputation and harassment complaints about material that is offensive to other staff.

This draft code of practice does not discuss issues that are outside the Department’s jurisdiction, and you should also consider advice from human resources and employment law specialists.

See our Disclaimer and Copyright information.

On this page


These Internet policies and guidelines are designed to ensure that staff are aware of the appropriate usage of the Internet and their responsibilities. This policy should be reviewed regularly to consider the changing nature of the Internet and the laws surrounding its use.


Throughout this document, reference to the Internet should be taken to include all online services such as the World Wide Web, e-mail, newsgroups, chat groups and File Transfer Protocol (FTP) servers. The policies and guidelines should:

  • apply to all staff
  • be designed to be used in conjunction with existing policies such as disaster recovery and human resources
  • be consistent with the Human Resources guidelines already signed by all employees.

Policy objective

The objective of these policies and guidelines is to allow open access to the Internet during the course of all business. Responsibility for use and management of use of the Internet lies with the manager and their employee. The guidelines can be used to protect the employer if abuse is suspected and/or proved. The guidelines are also designed to protect the employee as long as they are followed. The guidelines provide:

  • A framework for providing desktop access to the Internet
  • Direction and guidance on appropriate use of the Internet.

Policy statements

Use of the Internet

Use of the Internet by staff is permitted and encouraged when it is being used for business purposes and supports the goals and objectives of the employer.

Standards of conduct

The Internet should only be used as part of the normal execution of an employee’s responsibilities and should be used in a manner that is consistent with the employer's standards of business conduct.


Information communicated via the Internet should be subject to the same protocols and publication standards as traditional means of communication (e.g. approval by manager, review by Marketing and Communications manager etc).

Monitoring rights

The Management of (organisation) reserves the right to monitor the volume and cost of network traffic generated by each person at all times, and the right to monitor, access, retrieve and read all communication in the following circumstances:

  • Legitimate business need (e.g. routine system administration, access to information when the employee is unavailable, but timing is critical)
  • Reasonable suspicion of prohibited activities
  • Information obtained in these circumstances may be disclosed to direct managers of staff members involved and other authorities if necessitated by the information retrieved.


The presence of a body of work on the Internet does not necessarily mean that there is an automatic right to copy. Works may only be copied where the author has expressed or implied that authorised copying can occur. Staff should not post any information protected by copyright unless permission has been officially provided. Users must abide by all software licensing agreements, copyright laws and other applicable regulations.


Accuracy of information

Users should be aware that information on the Internet may be inaccurate or untimely and there is a danger that opinions may be presented as facts.

Appropriate activities

Staff using the Internet must ensure that the use they make is ‘appropriate’. Examples of appropriate use include:

  • Conducting research & investigation in support of output delivery
  • Communication and information exchange with Government agencies and other organisations as required by business (if relevant)
  • Retrieving news stories or other information of interest to the (organisation)
  • Professional development activity, such as maintaining currency with and/or debating issues in, a field of knowledge. This includes personal development activity, such as university associations and professional societies.

Prohibited activities

Staff must not use the Internet for inappropriate purposes. Inappropriate use includes but is not limited to:

  • Visiting sites or receiving communications that contain material that is obscene, objectionable, or likely to be offensive (for a definition of "objectionable" see Objectionable and restricted material).
  • Gambling
  • Soliciting for personal gain or profit
  • Making or posting indecent remarks and proposals
  • Uploading or downloading commercial software in violation of its copyright
  • Downloading any software or electronic files without reasonable virus protection measures in place
  • Passing off personal views as representing those of the (organisation)
  • Any activity that violates New Zealand law and / or the public service code of conduct

Extensive private usage

It is not the role of this document to define "extensive": this is a matter to be addressed between the manager and their staff member. Use is likely to be extensive when it either interferes with production of business unit outputs or costs the business unit an unacceptable amount of money.


Staff are responsible for:

  • Ensuring that any files downloaded from the Internet are checked for virus infection, and immediately informing the relevant manager if a virus is detected
  • Adhering to the Internet policy and guidelines, and immediately reporting to the relevant manager any perceived weaknesses or breaches of this policy as soon as they become aware of them
  • Validating and authenticating information retrieved from the Internet before it is used for business purposes
  • Ensuring all information posted to or communicated via the Internet is accurate and has an appropriate level of authorisation
  • Not sharing their password, user identification or other secure information
  • Not using unauthorised codes or passwords to gain access to other’s files.

Breach of policies and guidelines

Any breach of these policies and guidelines will be investigated and dealt with. Any staff member found to be in breach of these policies may be subject to disciplinary action including dismissal.

More information


Schools must provide a safe physical and emotional learning environment, and the Ministry of Education has endorsed the Internet Safety Group's NetSafe Kit for Schools as best practice for all New Zealand schools. This kit includes sample policies and procedures, as well as a detailed explanation of effective incident response.

The full kit is available online (along with other education resources) or can be ordered by contacting the Internet Safety Group.


Enquiries may be directed to the Digital Child Exploitation Team (DCET)