No online shopping day is bigger than Cyber Monday. According to the National Retail Federation, an estimated 127 million people shopped on Cyber Monday last year—significantly more than the estimated 87 million in-store, Black Friday shoppers. In fact, Cyber Monday 2014 brought online retailers a staggering $2.5 billion in sales.

Given the temptation Cyber Monday provides to employees to use company and/or personal devices to shop for deals while at work, the shoppers’ “holiday” – like its springtime counterpart for sports fans, March Madness – serves as a reminder for employers: you would be wise to plan ahead, including by reviewing and updating your computer-use and monitoring policies. Below we offer some practical and legal considerations employers should keep in mind when deciding the appropriate scope of policies that limit employees’ at-work, personal use of company-provided devices.

1. Don’t Overreach

From a practical standpoint, the proliferation of social media and near-ubiquity of cell phones that offer Internet access, it would be virtually impossible for any employer to enforce a complete ban on employees’ personal Internet use while at work. Attempting such a ban would invariably invite violations, and could also negatively impact employee morale.

There are also recent legal developments that restrict the extent of permissible limits in this area. First, policies limiting employees’ computer or Internet use should not infringe on their right to use social media to discuss wages, hours, or working conditions. The NLRB recently held, in a case called Purple Communications, that employers must allow employees to use the company’s email system to discuss the terms and conditions of their employment during non-work time.

Second, policies prohibiting employees’ disclosure of company confidential information should not be crafted so broadly as to limit any employee’s ability to report legal violations to government agencies, such as the SEC. The SEC has taken a strong, public stance recently against confidentiality terms in employment policies and agreements that could have a “chilling effect” on would-be whistleblowers, including by bringing a formal enforcement action against one company that the agency thought had confidentiality agreements that went too far.

Finally, if you plan to monitor employees’ use of company-provided devices, for example, make sure you notify employees in advance. Your notice should be clear that:  (1) employees have no reasonable expectation of privacy when using company-provided devices; and (2) their continued employment constitutes consent to your monitoring their use of such devices.

2. State Your Policies Clearly

Your computer-use and monitoring policies should be written in clear and explicit terms. Both employees and the managers responsible for enforcing the policies need to understand what is allowed and what is not.

Of course, for a well-written policy to be effective, employees must know about it. You should distribute your computer-use and monitoring policies by providing them to employees at the beginning of employment and including them in the employee handbook. All policies should be redistributed when revised, and reminders can be distributed at regular time intervals – like the beginning of each year – and even prior to a day of expected high personal use, like Cyber Monday.

3. Enforce Your Policies Consistently

Once you have clear policies in place and have communicated them to all employees, consistent enforcement is key. Arbitrary or inconsistent enforcement may create potential liability under state and federal anti-discrimination laws.

On Cyber Monday – and throughout the year – effective computer-use and monitoring policies can help protect the productivity of your workforce in the face of shopping bargains, sporting events, and the many other distractions that technology constantly places at employees’ fingertips.