Legal implications of monitoring staff online

Risks of monitoring your employees’ online behaviour
Should you monitor your employee’s 
Pros and Cons of monitoring employee behaviour 
Monitoring your employee’s online behaviour?
Should you monitor your employee’s computer usage?

Legal implications of monitor staff online behaviour 
Header: Big brother could be watching you!
Intro: The internet and email have become indispensable tools for business, but many companies are finding employees are using these tools as much or more for personal activities than job-related tasks. If you don’t know what your staff are doing online, you’re putting yourself at risk.
STORY MARIA PADISETTI
Maria Padisetti
Many managers and business owners have recognised that unrestricted use of the internet by their employees has the potential to drain, rather than enhance productivity and, at worst, have dire legal consequences.
According to a recent Gallup poll, the average employee spends approximately 75 minutes a day using company provided computers for non-business activities. That averages a loss of around $6,250 per year, per employee. A company that employs 500 people could lose as much as $3.25million in lost productivity just from internet misuse.
To combat this problem, many employers monitor their employees’ computer usage. They are tracking email, instant messenger, internet use, recording telephone calls or videotaping the workplace. Sales of surveillance equipment and computer monitoring software are steadily increasing. The available software can record every keystroke made, take screen shots of selected computers at specific time intervals or examine the images attached to emails looking for inappropriate material.
Some of the employers’ concerns are legal and others are business-related. The important point is that all of them can have a profound effect on the bottom line. Some of the concerns are:
If an employee uses company email to discriminate against or to harass other employees, the employer can be used by the victimised employee for allowing it to happen.
If an employee commits a crime using company equipment, the employer can be held liable for damages or criminal prosecution for allowing it to occur.
Employees can intentionally or accidentally share company trade secrets or other proprietary information with competitors.
The amount of time wasted on inappropriate activities can cost the company thousands of dollars in lost productivity.
An invasion of the employee’s privacy?
Employees are wasting valuable company time by surfing inappropriate websites such as shopping, sports, stocks, web auctions, pornographic sites, etc, sending and receiving personal email, talking to friends via online chat, downloading illegal software, music and even porn using the company network.
In most cases, the courts have stated that an employer is allowed to monitor the use of equipment and services they provide to their employees. However, employers should notify their employees that electronic communication might be monitored. They should also have employees sign a form stating that they have read and understood the company’s policies regarding the use of company-owned property. Company policies should explicitly limit the use of company-provided equipment and services to company business and state that employees who use company property such as email, telephones and Internet access for personal use, are in violation of company policy and subject to disciplinary action.
Taking charge of how your employees use the internet and reducing or eliminating excessive non-business usage can increase productivity and provide significant cost savings both from better productivity and lower bandwidth costs.
To reduce the risk and minimise non-productive activities, several businesses are using a two-pronged approach: implementing an Internet Acceptable Use Policy (IAUP) and installing a monitoring system to restrict and police employees’ online activities.
An IAUP is nothing more than a written agreement that sets out the permissible workplace uses of the internet and email. In addition to describing permissible uses, an IAUP should specifically set out prohibited uses, rules of online behaviour, and access privileges with penalties for violations of the policy spelled out, including security violations and vandalism of the system.
Some common rules that should be included with most IAUPs are:
All sensitive or confidential data must be encrypted before sending across the web. For example, many doctors’ offices use instant messaging (IM) to communicate from the front desk to the back office. However, many don’t realise that this is a serious security risk because IM is not a secure way to transmit information about a patient or their health conditions.
A restriction on sharing confidential information about the company, its clients or the people working there. With social media as popular as it is, you don’t want an employee writing all about the latest company scandal on their MySpace or Facebook page; it’s just not good for business!
Prohibition against visiting websites that contain pornography, racism, sexism, gambling, or email with any such content sent from your business. Remember, even innocent jokes with racist content can leave a huge black mark on your company’s reputation.
Absolutely no downloading of music files or other programs that are not approved by management. Innocent screensaver programs and jokes often contain nasty viruses that could bring down your entire system or invite a hacker into your network.
Not only does an IAUP reduce wasted hours on the net, it can reduce bandwidth and equipment needs, as well as shield you, the business owner, from possible sexual harassment and other lawsuits arising from your employee’s inappropriate use of the web.
An IAUP is only half the battle
Unfortunately, not everyone follows policies, and some will accidentally violate your IAUP. To ensure company policies are being followed, some businesses are choosing to monitor all internet activity initiated by their employees using web content filtering software.
Tools available today make monitoring of employee internet usage simple and easy. Most companies choose to regularly monitor summary level activity like hours connected to the web, number of sites visited, and illegal or banned sites visited by the company while leaving detailed transaction reviews as necessary on a case-by-case basis.
If someone complains that this is a violation of their privacy, rest assured that nothing could be further from the truth. It’s not only legal but good business. After all, they are using your company assets and if employees are focused on productive work and minimise personal use of the internet, you’re likely to never need to address their internet usage. Just be sure to include a clause about internet monitoring in your IAUP and have your employees sign the agreement.
–Maria Padisetti is CEO of Digital Armour Corporation (www.digitalarmour.com.au), a comprehensive IT support company, covering both infrastructure and software.

Legal implications of monitoring staff onlineThe internet and email have become indispensable tools for business, but many companies are finding employees are using these tools as much or more for personal activities than job-related tasks. If you don’t know what your staff are doing online, you’re putting yourself at risk.

Many managers and business owners have recognised that unrestricted use of the internet by their employees has the potential to drain, rather than enhance productivity and, at worst, have dire legal consequences.

According to a recent Gallup poll, the average employee spends approximately 75 minutes a day using company provided computers for non-business activities. That averages a loss of around $6,250 per year, per employee. A company that employs 500 people could lose as much as $3.25 million in lost productivity just from internet misuse.

To combat this problem, many employers monitor their employees’ computer usage. They are tracking email, instant messenger, internet use, recording telephone calls or videotaping the workplace. Sales of surveillance equipment and computer monitoring software are steadily increasing. The available software can record every keystroke made, take screen shots of selected computers at specific time intervals or examine the images attached to emails looking for inappropriate material.

Some of the employers’ concerns are legal and others are business-related. The important point is that all of them can have a profound effect on the bottom line. Some of the concerns are:

  • If an employee uses company email to discriminate against or to harass other employees, the employer can be sued by the victimised employee for allowing it to happen.
  • If an employee commits a crime using company equipment, the employer can be held liable for damages or criminal prosecution for allowing it to occur.
  • Employees can intentionally or accidentally share company trade secrets or other proprietary information with competitors.
  • The amount of time wasted on inappropriate activities can cost the company thousands of dollars in lost productivity.

An invasion of the employee’s privacy?

Employees are wasting valuable company time by surfing inappropriate websites such as shopping, sports, stocks, web auctions, pornographic sites, etc, sending and receiving personal email, talking to friends via online chat, downloading illegal software, music and even porn using the company network.

In most cases, the courts have stated that an employer is allowed to monitor the use of equipment and services they provide to their employees. However, employers should notify their employees that electronic communication might be monitored. They should also have employees sign a form stating that they have read and understood the company’s policies regarding the use of company-owned property.
Company policies should explicitly limit the use of company-provided equipment and services to company business and state that employees who use company property such as email, telephones and internet access for personal use, are in violation of company policy and subject to disciplinary action.

Taking charge of how your employees use the internet and reducing or eliminating excessive non-business usage can increase productivity and provide significant cost savings both from better productivity and lower bandwidth costs.

To reduce the risk and minimise non-productive activities, several businesses are using a two-pronged approach: implementing an Internet Acceptable Use Policy (IAUP) and installing a monitoring system to restrict and police employees’ online activities.

An IAUP is nothing more than a written agreement that sets out the permissible workplace uses of the internet and email. In addition to describing permissible uses, an IAUP should specifically set out prohibited uses, rules of online behaviour, and access privileges with penalties for violations of the policy spelled out, including security violations and vandalism of the system.
Some common rules that should be included with most IAUPs are:

  • All sensitive or confidential data must be encrypted before sending across the web. For example, many doctors’ offices use instant messaging (IM) to communicate from the front desk to the back office. However, many don’t realise that this is a serious security risk because IM is not a secure way to transmit information about a patient or their health conditions.
  • A restriction on sharing confidential information about the company, its clients or the people working there. With social media as popular as it is, you don’t want an employee writing all about the latest company scandal on their MySpace or Facebook page; it’s just not good for business!
  • Prohibition against visiting websites that contain pornography, racism, sexism, gambling, or email with any such content sent from your business. Remember, even innocent jokes with racist content can leave a huge black mark on your company’s reputation.
  • Absolutely no downloading of music files or other programs that are not approved by management. Innocent screensaver programs and jokes often contain nasty viruses that could bring down your entire system or invite a hacker into your network.

Not only does an IAUP reduce wasted hours on the net, it can reduce bandwidth and equipment needs, as well as shield you, the business owner, from possible sexual harassment and other lawsuits arising from your employee’s inappropriate use of the web.

An IAUP is only half the battle

Unfortunately, not everyone follows policies, and some will accidentally violate your IAUP. To ensure company policies are being followed, some businesses are choosing to monitor all internet activity initiated by their employees using web content filtering software.

Tools available today make monitoring of employee internet usage simple and easy. Most companies choose to regularly monitor summary level activity like hours connected to the web, number of sites visited, and illegal or banned sites visited by the company while leaving detailed transaction reviews as necessary on a case-by-case basis.

If someone complains that this is a violation of their privacy, rest assured that nothing could be further from the truth. It’s not only legal but good business. After all, they are using your company assets and if employees are focused on productive work and minimise personal use of the internet, you’re likely to never need to address their internet usage. Just be sure to include a clause about internet monitoring in your IAUP and have your employees sign the agreement.

–Maria Padisetti is CEO of Digital Armour Corporation (www.digitalarmour.com.au), a comprehensive IT support company, covering both infrastructure and software.

Related Stories