Private Clubs Newsletter

How to Draft Your Clubs IT Policies

By Thomas DeMayo, Manager of Information & Technology Services
Contact: New York, NY (downtown) 212.867.8000 New York, NY (midtown) 212.286.2600 Harrison, NY 914.381.8900 Stamford, CT 203.323.2400 Paramus, NJ 201.712.9800 New Windsor, NY 845.220.2400 Wethersfield, CT 860.257.1870

To protect your club from liability, be sure to develop usage rules in the following areas when crafting your clubs IT policies: E-Mail Internet Remote Access Passwords Removable Media Social Media

Specific policies your club should consider implementing include: E-Mail/Internet: Prohibit employees from transmitting or viewing content that could violate equal opportunity or discrimination laws. Forbid employees from transmitting or viewing e-mail messages of a sexual nature or containing racial, ethnic or other slurs. If an employee sends out a lewd message with your clubs name on it, the club could be held liable. Instruct employees never to open e-mail attachments or links from unknown senders. Inform employees that deleted e-mail will not ensure confidentiality. Messages can be restored and archived. Inform employees that the clubs systems are not in place for their personal business ventures. Do not prohibit employees from sending personal e-mails. Be realistic, but set terms and conditions as to what is and is not acceptable. Only authorized personnel should be permitted to transmit clubwide e-mails. Do not permit employees to send chain letters, jokes and political correspondence. Prohibit the streaming of any video or media that is not needed for business purposes. Have a clause or separate section regarding e-mail retention.

Passwords: Clearly define what the minimum password requirements are for all business systems and applications, including length, complexity, lockout, change frequency, etc. Require that employees keep passwords protected. No yellow sticky notes attached to the monitor. No exception to this rule for family and friends as well. Inform employees that passwords may be reset by management to access their systems and files if needed.

Remote Access: Prohibit remote access from kiosks or insecure public locations. If possible, limit remote access to business-owned and controlled systems. Require active antivirus scanning on the system used to connect. Require the connecting machine to have recent operating system and application security updates installed. Require the user to close the session when they are done and not leave the session unattended for any length of time.

Removable Media (USB drives, external hard drives, iPods, etc.): Take a position on whether or not removable media is acceptable in your club. If employees have no legitimate business need for the use of removable media, ban it. Removable media can introduce viruses and can be the biggest source of confidential data loss. Also keep mind, as innocent as an iPod may seem, it is still a hard drive that can either infect or steal information from a network. If you allow USB drives, specify if encryption is required.

Social Media: Define what the club considers to be social media. Clarify the clubs position on the use of the club name on personal social media pages. Specify whether or not club supplied e-mail addresses can be used to create social media accounts. Remind employees that they represent the club. You do not want a client or business associate to search an employee name and easily obtain images and/or content that may place into question the integrity and quality of the club.

About Our Practice: Private clubs operate in a unique business environment. They are constantly challenged with providing optimum quality and service while controlling costs. Private clubs must be aware and ready to react to changes in government regulations, tax laws, operational advancements and member expectations. Our dedicated Private Club professionals include partners, managers and

staff with highly specialized experience, education and training. Our team is current on developing trends in the industry which assists our clients achieve their strategic goals for success. Our long history of serving the private club industry exemplifies our commitment to serving this community. OConnor Davies, LLP is a member firm of the PKF International Limited network of legally independent firms and does not accept any responsibility or liability for the actions or inactions on the part of any other individual member firm or firms. IRS CIRCULAR 230 DISCLOSURE: To comply with IRS regulations, we are required to inform you that unless expressly stated otherwise, any discussion of U.S. federal tax issues in this correspondence (including any attachments) is not intended or written to be used, and cannot be used, (i) to avoid any penalties imposed by the Internal Revenue Code, or (ii) to promote, market, or recommend to another party any transaction or matter addressed herein. Our firm provides the information in this e-newsletter for general guidance only, and it does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation