Definition: Acceptable Use, as part of an information security plan, describes for an organization's what constitutes appropriate and inappropriate use of an information asset or resource. Written policies that describe when, how and who can use information resources should be specified in order to establish a valid security plan.
Its Relevance: An organization can encounter significant problems if its employees mis-use information system resources. For example, an employee who sends an inappropriate email could incur liability for the company (e.g. harassment). Unauthorized duplication of software or documents might be a copyright infringement. Adding or deleting records by a person who is unauthorized could be extremely dangerous to the integrity of an organization’s information resources. A company may very well find itself responsible for what has been referred to as "down stream liability".
Trend: Legal theory has evolved relative to the responsibility of infrastructure owners for appropriate use. Many states and nations now have laws on the books addressing how confidential information it to be processed. The concept, at its most basic, is straight forward and simple. A company's Board (or owners) is responsible for making a reasonable and prudent effort to prevent the use of information resources in a way that could divulge private information or potentially harm others. Network owners could be held liable for fines or damages.
Every organization should have an "acceptable use" policy and be familiar with the laws in its jurisdiction.