The Royal Bank of Scotland lost an unfair dismissal case last month because it failed to communicate details of its online usage policy to an employee. The case shows that policies may do little to protect firms unless there are procedures to ensure staff understand them, experts said.

The employee, dismissed for sending pornographic material via email, took her case to an employment tribunal where she admitted awareness of the bank's IT security policy.

However, she was found to have been unclear about the inclusion of a matrix system for determining unauthorised material and associated sanctions, and so won the case. The bank lost an appeal against the decision.

"This case is a timely reminder that employers can trip up even on basic points of procedure when dealing with breach of rules governing email and internet use," said Robyn McIlroy, an employment law specialist with international law firm Masons.

She warned firms that employees must be given full details of what constitutes misconduct before any disciplinary action is taken. "That may, depending on the circumstances, also require the employee to be given an opportunity to respond to any factors which the employer considers material in deciding the appropriate disciplinary sanction."

A recent study by filtering specialist firm Websense highlighted the need for companies to address staff misuse of the internet at work.

Almost a quarter of men, and 12 percent of women, said they had visited a porn site at work. However, while more than half of the men admitted the visit had been intentional, all the females said it was an accident.