Book a demo Log in / Sign up

Acceptable Computer Use Policy Template for the United States

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Acceptable Computer Use Policy?

The Acceptable Computer Use Policy has become essential in today's digital workplace environment. This document is implemented to protect organizational assets, ensure compliance with relevant U.S. legislation, and establish clear guidelines for technology use. It addresses growing concerns about cybersecurity, data protection, and appropriate use of company resources while establishing clear expectations for all users. The policy is particularly crucial given the increasing instances of cyber threats, data breaches, and the need for clear governance in digital workplace environments.

Frequently Asked Questions

Is an Acceptable Computer Use Policy legally binding on employees in the United States?

Yes, an Acceptable Computer Use Policy is legally binding when properly implemented as part of employment terms or through acknowledged employee handbook policies. Under U.S. federal law, including the Computer Fraud and Abuse Act, these policies establish enforceable standards for technology use and can serve as evidence in disciplinary actions or legal proceedings. Employees must typically acknowledge receipt and understanding of the policy for it to be fully enforceable.

Can my company face legal liability if we don't have an Acceptable Computer Use Policy?

Yes, companies without proper computer use policies face increased liability for data breaches, unauthorized access incidents, and employee misconduct involving technology. Under the Computer Fraud and Abuse Act and Electronic Communications Privacy Act, employers may struggle to prove due diligence in cybersecurity efforts without documented policies. Missing policies can also complicate disciplinary actions and increase exposure to wrongful termination claims.

Which federal laws must an Acceptable Computer Use Policy comply with in the United States?

Key federal laws include the Computer Fraud and Abuse Act (CFAA) which addresses unauthorized computer access and hacking, and the Electronic Communications Privacy Act (ECPA) which governs electronic communications monitoring. Additional considerations include the Stored Communications Act for email privacy, HIPAA for healthcare data, and industry-specific regulations like SOX for financial companies. State privacy laws may also apply depending on your location and employee base.

How does an Acceptable Computer Use Policy differ from a cybersecurity policy?

An Acceptable Computer Use Policy focuses on employee behavior and usage guidelines for company technology resources, while a cybersecurity policy covers broader technical security measures and incident response procedures. The computer use policy is employee-facing and addresses acceptable activities, personal use restrictions, and disciplinary consequences. A cybersecurity policy typically includes technical controls, data classification, and security protocols that may not directly involve day-to-day employee behavior.

How long does it typically take to implement an Acceptable Computer Use Policy?

Creating and implementing a comprehensive policy typically takes 2-4 weeks for most businesses. This includes 3-5 days for initial drafting, 1-2 weeks for management review and legal consultation, and 1 week for employee training and acknowledgment collection. Complex organizations or those in highly regulated industries may require 4-6 weeks to ensure thorough compliance review and stakeholder input.

Can employees use company computers for personal activities under U.S. law?

Personal use depends entirely on what your Acceptable Computer Use Policy permits, as U.S. federal law doesn't mandate personal use rights on employer-owned equipment. Most policies allow limited personal use during breaks while prohibiting activities like personal business, illegal content, or excessive bandwidth usage. Under the ECPA, employers generally have broad rights to monitor company-owned devices, so personal use should be clearly defined in the policy.

Should my Acceptable Computer Use Policy address remote work and personal devices?

Yes, modern policies must address remote work scenarios and bring-your-own-device (BYOD) situations to maintain legal protection under federal cybersecurity laws. The policy should specify security requirements for home networks, personal device usage for work, and data access protocols outside the office. This is particularly important under the Computer Fraud and Abuse Act, which requires clear boundaries between authorized and unauthorized access regardless of location.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

United States

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Acceptable Use Policy

Sector

Business

Cost

Free to use

Last updated

About the Acceptable Computer Use Policy

An Acceptable Computer Use Policy is a comprehensive document that establishes the rules and guidelines governing how employees, contractors, and other authorized users can access and utilize your organization's computer systems, networks, and digital resources. This policy serves as both a protective measure for your business and a clear framework that helps users understand their responsibilities when using company technology.

When do you need this document?

You need an Acceptable Computer Use Policy whenever employees or contractors access your organization's computer systems, email accounts, internet connections, or digital resources. This includes remote workers accessing company networks through VPNs, employees using company-issued devices, contractors working with sensitive data, and any staff members who handle customer information or proprietary business data. Educational institutions require these policies under the Children's Internet Protection Act when providing internet access to students. Healthcare organizations need robust policies to maintain HIPAA compliance when accessing patient records electronically. Financial services companies must implement these policies to meet regulatory requirements for data security and fraud prevention.

Key legal considerations

Your policy must clearly define what constitutes authorized versus unauthorized access to comply with the Computer Fraud and Abuse Act, which criminalizes unauthorized computer access and data theft. Include specific provisions about monitoring employee communications and system usage, as the Electronic Communications Privacy Act regulates when and how employers can monitor electronic communications. Address data retention and privacy expectations under the Stored Communications Act, particularly regarding stored emails and digital files. Establish clear consequences for policy violations, including termination procedures and potential legal action. Include provisions for incident reporting and breach notification to comply with various state and federal data breach laws. Consider intellectual property protections and restrictions on downloading or sharing proprietary information.

Legal requirements in United States

Under federal law, your Acceptable Computer Use Policy must comply with the Computer Fraud and Abuse Act by clearly defining authorized system access and prohibited activities like hacking or unauthorized data access. The Electronic Communications Privacy Act requires you to provide notice about monitoring practices and obtain appropriate consent for surveillance of employee communications. If your organization serves children under 17, the Children's Internet Protection Act mandates internet safety policies and content filtering measures. State privacy laws may impose additional requirements for employee notification about monitoring and data collection practices. Include provisions for reasonable accommodation under the Americans with Disabilities Act for employees who need assistive technology. Ensure your policy addresses cross-border data transfers if you operate internationally, as this may trigger additional compliance requirements under various state privacy regulations.

GOVERNING LAW

Applicable law

This Acceptable Computer Use Policy is drafted to comply with United States law. Key legislation includes:

Computer Fraud and Abuse Act (CFAA): Federal law that addresses unauthorized computer access, hacking, and computer-related fraud. Key consideration for defining acceptable use and unauthorized access provisions in the policy.

Electronic Communications Privacy Act (ECPA): Federal legislation that regulates the interception and monitoring of electronic communications, including email. Essential for defining monitoring and surveillance policies.

Stored Communications Act (SCA): Component of ECPA that specifically addresses privacy protections for stored electronic communications and records.

Children's Internet Protection Act (CIPA): Federal law requiring internet safety policies and technology protection measures, particularly relevant for educational institutions and libraries.

Health Insurance Portability and Accountability Act (HIPAA): Federal law governing the security and privacy of electronic protected health information, crucial if organization handles medical data.

Gramm-Leach-Bliley Act (GLBA): Federal legislation focusing on security requirements for financial institutions and protection of financial data.

State Data Breach Notification Laws: State-specific requirements for handling and reporting data breaches, varying by jurisdiction.

State Privacy Laws: Various state-specific privacy regulations, such as CCPA in California, that may impose additional data protection requirements.

Copyright Laws: Federal and state regulations protecting intellectual property rights, relevant for defining acceptable content usage and sharing.

Employment Monitoring Laws: State and federal regulations governing employee monitoring and surveillance in the workplace.

Trade Secret Protection Laws: Federal and state laws governing the protection of confidential business information and trade secrets.

Record Retention Requirements: Various federal and state regulations specifying how long different types of electronic records must be maintained.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it