Tactical Advice

Don't Put Your Company at Risk by Failing to Monitor

Monitoring and failing to monitor electronic communications in the workplace both involve risk.
This story appears in the March 2007 issue of BizTech Magazine.

 


Photo: Zaid Hamid
Mark D. Rasch, former head of the Justice Department’s Computer Crime Unit

If employees use company e-mail, their employer has the right to monitor it, right? Well, not necessarily. The question of employee privacy regarding electronic resources isn’t so simple and requires that companies develop well-thought-out policies and then take reasonable steps to enforce them.

 

Written Versus De Facto

Most companies typically practice two policies: the one on paper and the one they actually follow. If you fail to enforce or selectively enforce written policies, your business runs the risk of creating expectations of privacy based not on what you say but on what you actually do.

Last year, the Defense Department tried to enforce its monitoring policy and read e-mail written on a DOD computer used by Lance Cpl. Jennifer Long about how to fake a drug test. The department wanted to use the message in a criminal prosecution against Long. But the U.S. Court of Military Appeals ruled against DOD, stating that the broad warning banner had to be compared against what the department actually did. Similarly, when a California police department tried to read the personal pages on a government-supplied pager, the court also found that the user had an expectation of privacy. Although a policy statement that “the failure to enforce a policy does not constitute a waiver of the policy” might help, nothing beats having a clear, enforceable and enforced policy.

Common Perception

Do your employees have a reasonable expectation of privacy in their use of corporate electronic resources, such as e-mail, the Internet, telephones, voice mail or cell phones? Your gut reaction might be, “No.” But that reaction isn’t practical. Think of the nonelectronic workplace. Employees have privacy expectations in rest rooms, in their wallets or purses and in personal matters (for example, an employee who brings in a medical bill to pay while at work).

It is clear that, at least in the physical world, employees have actual and reasonable expectations of privacy. The same applies to the virtual world. Nobody expects that other employees can or will read e-mail not addressed to them or that employees will have unlimited free rein to examine the contents of other employees’ hard drives. Indeed, the concept of data segregation, authorization and authentication all create some expectations that only properly authorized people will view documents and communications for authorized purposes.

The beginning of any employer-employee relationship must encompass a comprehensive and comprehensible use and monitoring policy that employees consent to in writing. It should state that the failure to monitor particular situations does not waive the company’s right to monitor. This would mean that the company would inform employees that the employees consent to permitting the employer to monitor their e-mail and Internet use for particular purposes, including to ensure that corporate policy is being followed, to prevent fraud or crimes, for technical reasons, when there is reasonable suspicion that some violation has occurred and, the catchall, “for other lawful purposes.”

By creating such a policy, you are conveying to your staff that the company will not simply engage in voyeuristic monitoring of employees’ conduct, but it can and will monitor for appropriate purposes.

Mark D. Rasch, former head of the Justice Department’s Computer Crime Unit, is a lawyer working in Bethesda, Md. He specializes in electronic security, privacy and technology law.
Sign up for our e-newsletter

Security

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...