Acceptable Use Policy (AUP)

Three Main Elements Every Business Should Know

Most Canadian e-commerce businesses utilize what is known as an acceptable use policy (AUP), also referred to as a fair use policy. This policy plays a major role in what business practices and processes are conducted on the Internet. Most acceptable use policies are very in-depth because almost all land-based and e-commerce businesses heavily rely on the Internet. 

One of the main purposes of the acceptable use policy is to prevent security hacks and cyberattacks. While it is impossible to avoid all of these risks, with the right acceptable use policy, it is possible to avoid most of them. 


An AUP consists of three main elements, including:

  • Strict rules that prohibit pirating of movies, music, and other digital goods
  • A list of violation warnings and penalties 
  • A system for granting Internet access to employees


It is crucial for every employee who is granted Internet access to know the ins and outs of the acceptable use policy. Many companies tend to overview their AUP’s during new-hire and safety training courses. 

Internet access is a privilege, which is how it should be treated. Employees also need to know the consequences of violating the AUP. Every business has a unique set of Internet violation consequences. It is crucial every new-hire is familiar with your business AUP before granting him/her access to the company’s computer system.


How To Create The Perfect AUP For Your Company

It cannot be stressed enough the importance of an AUP. If your company relies on the Internet for customer service, inventory management, data storage, and other processes, it is likely almost every single one of your employees will need to be granted access at some point. 

There are several main purposes of an AUP. The first purpose mentioned previously, is to fight against cyberattacks. The second purpose is to outline a business office network. The third purpose is to outline a network for customers. The fourth purpose is to provide assistance for a customer creating an AUP for a business network.

As a business owner, you may or may not be involved in writing the AUP. However, it is important that you are involved in the implementation of your company’s new AUP. The main goal is to create an AUP with all the legal necessities to decrease liability for you and your company.


An AUP Must Meet Or Exceed Relevant Canadian Regulations And Laws

Before you start writing an AUP for your business, it is important to know the laws. To avoid monetary penalties, the AUP must be onboard with Canadian laws. If you are not familiar with the laws, you could very well get caught up in a federal violation. Factors to consider when writing an AUP:

  • Canadian data security regulations and compliance determination
  • Federal security and data privacy laws, such as HITECH And HIPAA requirements. This is especially important for companies in the healthcare industry.
  • The jurisdiction that applies to your company. This is the area where your AUP rules and regulations can be enforced.
  • Federal regulations regarding the behavior of employees who have been granted access to the company network. This is basically the etiquette of online behavior


All AUPs must comply with all relevant Canadian laws. Adhering to the regulations will minimize violation risks and improve your odds of winning a lawsuit.

On rare occasions, Canadian companies have reported AUP violations, resulting in monetary penalties. Adhering to the legislative requirements will help your company avoid Errors and Omissions (E&O) lawsuits. If your AUP does not heed to the federal regulations, you will not be able to enforce its regulations legally or lawfully.


AUP – Promotion Of Data Security Procedures

Since the main purpose of an AUP is to fight against online attacks, it only makes sense to utilize it to promote your company’s data security procedures. The main concern for companies that rely on the Internet for nearly all their operations and processes is cybersecurity. If you feel your data security practices are lacking in any shape or form, you can make improvements through your AUP. How is this possible? Well, you start by outlining employee and client online behavior, warnings, and penalties. 

You can also encourage your employees and customers to refer to your company’s AUP before and between network access. Any questions can be referred to your AUP but only if it meets or exceeds the federal and state guidelines.

To avoid most potential online behavior violations, such as illegal downloads, it is always a good idea to make some websites off limit to your employees. However, this will not prevent all illegal online behavior but it is a great starting point.


Details that should be integrated into your AUP include:

  • An outline of employee network responsibilities, including frequent password updates
  • An outline of how the network should be utilized (e.g., customer support, inventory management, and professional email transmissions)
  • Illegal website restrictions (prohibiting access to websites with adult content)


AUP – Outline Cyber Liability 

You can also utilize your company AUP to outline employee and client cyber liability. You can do this by integrating disclaimers that outline your company’s responsibilities for hacking incidents, data breaches, and cyberattacks. If you choose to go this route, you may be able to utilize your AUP in court, giving you a leg to stand on in a mass cybersecurity lawsuit.

Doing this will provide your employees and clients with advance warning of your company’s responsibilities regarding data breaches and other online criminal activities involving your network. It is important to note that AUP disclaimers will not remove all of your responsibilities involving cybercrime. However, it will help your defense in an E&O lawsuit.


AUP Limitations – What You Need To Know

Like most professional documents, AUPs have limitations, which you should be fully aware of. Another way to protect your company in the event you sued because of a network cyber attack is to obtain cyber liability insurance. Do your company better with a customized policy combining cyber liability, cgl, and E&O insurance. These policies will go a long way in protecting your company from financial devastation when facing a mass cybersecurity lawsuit.


Contact ProfessionalsCoverage For Insurance

ProfessionalsCoverage can connect you with a Canadian IT Business insurance expert. For more information about E&O insurance or cyber liability insurance contact us directly. We will pair you with an experienced agent for policy customization or quote request. Our goal is to make sure every company is fully protected from financial loss associated with lawsuits and claims.

ProfessionalsCoverage is only a phone call away. We will work one-on-one with you to customize a policy that is guaranteed to meet or exceed all your business insurance needs.





Need coverage in effect? Compare the market!

get a quote






Helpful resources for IT professionals and their companies


Other types of IT Businesses we insure:

If your specializing is not mentioned below, have no worries. Our insurance markets can provide liability coverage for the majority of information technology related businesses.

Why not get a free quote?

Takes less than 30 seconds. Compare multiple insurance companies at once.


get a quote now



Ok, sure.