| The commonly held assumption that employers have unfettered access to electronic communications in the workplace has been called into question. In a federal court in California, a judge issued a verdict in June that said it was illegal for an employer to read employees’ personal pager messages.
 Case Law
The case revolved around a member of the police department in Ontario, Calif., using a work-issued pager. After the police officer’s supervisor told his staff that their text messages would not be monitored, the messages were audited. The officer claimed that it was illegal for members of the police bureau’s internal affairs department to read the police officers’ text messages from a pager that a third-party vendor supplied. While some of the messages were not work-related and were even sexually explicit, the appeals court ruled that the police officer had a reasonable expectation of privacy and that the audit of the messages was unlawful.
“Employers, I think, were very complacent in assuming that they could do whatever they wanted as far as workplace monitoring goes,” says Jeremy Gruber, legal director for The National Workrights Institute (www.workrights.org). “This case demonstrates that the law is still developing on workplace monitoring. Employers who have programs that are overly broad and invasive could at some point find themselves on the wrong side of the law.”
Gruber continues, “Specifically, this case makes it clear that employers using third-party vendors to administer their monitoring program do not have the same protections that employers who use their own equipment for monitoring do. Also, employers who use third-party vendors can find themselves liable for invasion of privacy if they don’t have proper disclosure and proper notice depending on how they use the systems.”
Indeed, the ruling has challenged the status quo, says Adam Schran, chief executive and founder of Ascentive (www.ascentive.com), which designs and markets employee monitoring software. “It did come as a total surprise,” Schran says. “The legal situation is in flux, so you have to be in contact with your lawyers or the general counsel of the company to make sure you are doing it in the right way.”
Employee monitoring has entered the realm of legally murky territory. This means qualified legal counsel to guide SMEs about what they can and cannot do has become more important than it was in the past.
The perceived need to monitor employees’ communications has skyrocketed. Since employers first began to fret over how staffers could waste time, the explosion of ways to goof off at work has compounded demand for surveillance tools to keep an eye on workers’ activities. According to Ascentive, employee monitoring, blocking, and filtering product sales have become a $300 million-a-year market since they were first introduced for mainstream applications more than a decade ago.
Ethical Dilemma
Surveillance of employees’ electronic communications also involves ethical issues admins need to address, even if the monitoring is perfectly legal. Many admins may be uncomfortable with employee monitoring, especially when a company implements a heavy-handed policy and asks admins to use technology to closely monitor what employees write in their email messages or which Web sites they visit.
“I would tell my boss that it’s unethical, in my opinion, to monitor employees if they have not signed an agreement that fully sets their expectations about the monitoring. If the boss wanted to do the monitoring, we could send out a form to all employees that they would all sign and return before any monitoring begins,” says John Matzek, co-chief executive officer of Logic IT Consulting (www.logicitc.com). “I would also expect the boss and the CEO to sign the form. Employee morale is critical to the success of a business, and covert monitoring could have a huge impact on morale.”
The general public is also becoming more aware of how admins are often privy to the contents of employees’ email and other electronic communications. Cyber-Ark (www.cyber-ark.com), a provider of digital vault and privileged identity management technology, recently caused a stir when it revealed that 47% of 300 senior IT professionals surveyed said they had “accessed information that was not relevant to their role.”
“As an administrator, I will often need to fix or maintain the email system,” Matzek says. “I agree to keep client information confidential, but I will often need to log in as a user to troubleshoot their email issues or make sure things are working after maintenance.”
Policy Matters
General industry-standard guidelines for employee monitoring have not been established; it is up to individual enterprises to set their own policies, while the IT department must determine how it does monitoring.
“Employee monitoring is fairly common in policy but varied in practice,” says Michael Rasmussen, president of Corporate Integrity (www.corp-integrity.com). “Most organizations have policies in place to establish that employees should not have an expectation of privacy and that the corporation retains rights to monitor communications. However, the practice is quite varied.”
Still, there are certain policies all enterprises should follow, Rasmussen says. “Organizations that are going to pursue monitoring need to have a policy in place that states that there is no expectation of employee privacy and that the organization reserves the right to monitor communication,” he notes. “Monitoring also has to be done for a legitimate purpose and cannot be done in a way that discriminates against an individual.” 
by Bruce Gain Processor.com |
