If your organization provides a service that's accessed by members of the public, you'll want to make sure it's not misused. Unlawful or malicious use of your property could lead to costs, legal issues, and reputational damage.
An Acceptable Use Policy will make the rules of using your service clear. It is also a legally-binding document that you can use to enforce your organization's rights or defend against legal claims.
But not all Acceptable Use Policies are created equally. Draft it carelessly and you'll end up with an agreement that's not worth the paper it's written on.
Let's take a look at how you can create an Acceptable Use Policy that serves the needs of your organization.
An Acceptable Use Policy is an agreement between a service provider and a service user. It typically sets out the rules of how the system may be used, and what will happen in the event of non-compliance with these rules.
There is no predetermined format for an Acceptable Use Policy, but most will include certain sections. We'll look at what these are later.
The exact contents of your Acceptable Use Policy will vary depending on the context in which you're using it and the nature of your business. We're going to look at some example of the clauses that are typically present in such agreements.
Remember that your Acceptable Use Policy must be clear and easy to understand. Keep your target audience in mind. Are they members of the general public, students, employees?
The agreement should not read like a complicated business-to-business contract. Try to avoid "legalese" where possible.
Here's an example from Business Advice:
This strikes a somewhat different tone. However, there is nothing wrong with keeping your introduction brief, so long as it serves your purposes.
It's helpful to define certain words in your Acceptable Use Policy to minimize the risk of misinterpretation.
Here's how SEACOM does this:
You might define some or all of the phrases used in another document, such as your Terms and Conditions. If so, you should make your users aware of this. Here's an example from Telnyx:
Before setting out what's not allowed, some Acceptable Use Policies have a section that sets out what the service may be used for.
Here's an example from VoiceSage:
You should list the things that are not allowed when using your service.
What you include in your rules is up to you. Almost all Acceptable Use Policies will have a term that prohibits using the service for illegal activities.
Here are some of Shopify's prohibited activities:
You'll notice that under rule 1, the word "Materials" is a link. It leads to a page that defines "Materials":
Linking back to your definitions throughout your Acceptable Use Policy is a good way to help ensure clarity.
As well as preventing the misuse of your service, you may wish to impose limitations on the way in which your service is supposed to be used. For example, if you run a website or app which allows users to sell products, you could list the types of products that are not permitted for sale.
Here's an excerpt from such a list from PayToolbox:
Some activities might be restricted, but not banned outright. If you wish to place conditions on certain activities you should make these clear.
Here's how PayPal does this:
Some Acceptable Use Policies will include an indemnity clause (often known as a "hold harmless" clause). These are usually included in a main Terms and Conditions agreement but are sometimes found in an Acceptable Use Policy.
An indemnity clause is a legal mechanism by which a party agrees to compensate another party for the cost of any damages caused by their actions.
For example, a user might make a libelous claim on your website. If the victim of this libel takes legal action against your company, you will want to recuperate the cost from your user. An indemnity clause could be helpful in this context.
An indemnity clause will need to be very carefully worded in order to be enforceable. Local laws may restrict or prohibit their enforceability.
Here's an example of an indemnity clause from the Acceptable Use Policy of the Seafarers' Rights International website:
If you wish to impose any penalties for non-compliance with the rules, you must set these out clearly in your Acceptable Use Policy.
This will usually include your right to suspend or terminate a user's access to your service.
Here's how Algolia set out its rights to investigate violations, suspend or terminate accounts and remove any content that violates its Acceptable Use Policy:
And here's the relevant part of ServerGuy's policy, which threatens some particularly severe penalties:
The extent to which these sorts of penalties would be enforceable will depend on various factors, including local law.
You may wish to include a procedure whereby users can report alleged infringements of the Acceptable Use Policy. This can also set out the procedure by which your company will investigate such claims.
Many Acceptable Use Policies covering the use of shared networks include such a section.
Your Acceptable Use Policy is where you can make it very clear how your users are to use your service, and what they must not do. You can also disclose your plan of action for if there are violations of your policy.
You should do everything you can to make sure your users read your Acceptable Use Policy.
It's best to place a link to your Acceptable Use Policy in a persistent footer on your website, along with any other agreements that you hope your users will read. Here's how the Royal College of Surgeons does this:
But simply placing a link to your Acceptable Use Policy on your website is unlikely to be enough.
You should take all reasonable steps to ensure that your users actively agree to your Acceptable Use Policy. You might find that your agreement is not enforced in court unless your users can be shown to have agreed to it.
A "clickwrap" method of obtaining agreement is safest. You ask your users to click a box to confirm that they have read and agree to your Acceptable Use Policy.
This should be simple where users are creating an account or logging into a network.
An Acceptable Use Policy helps establish the rules of using your service. It can also help you enforce those rules or seek compensation if they are broken.