Under Surveillance
- Article 4 of 77
- Information Age, January 2001
How can organisations monitor employees' Internet and email activities for abuse, without infringing their right to privacy?
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages
And in December 2000, it was announced that Bradley Chait, a lawyer at London law firm Norton Rose, was to face disciplinary action after he forwarded an email from his girlfriend Claire Swire, describing a sex act, to six of his friends.
Unfortunately for Chait, the email did not stop with his friends, but was passed on to an ever-widening circle of acquaintances, eventually reaching over a million people, and passing through the headquarters of organisations such as merchant bank JP Morgan and consumer goods multinational Unilever.
It is important, however, to distinguish between an employer's right to restrict employee Internet usage and blatant prying into supposedly confidential emails - a distinction that is made difficult by the complex web of legislation surrounding employee monitoring (see box, The legislative framework).
“I don't think there's been any doubt about an employer's right to block access to certain web sites or to control the use of the Internet from the workplace,” says Graham Titterington, senior analyst at Ovum Research. “The main issues here are a waste of time and resources, and a wish not to have anything around that's not consistent with the tone of the organisation.”
As well as using tools to dynamically monitor a web site for salacious content by looking for keywords and colour tone, some companies have gone a step further.
'Web bugs' hide computer codes behind images only a pixel in size on the computer screen to gather information about web surfing habits. Effectively, an invisible dot on the screen can watch every move a surfer makes, collecting information on the sites being visited as well as details of the computer being used.
Such sophisticated prying should be the last resort and not routine, argues Titterington. “Email was intended to be a confidential communication between two individuals, whether on company business or not,” he says. “What we're seeing is not just the interception or prevention of transmission, but the opening of the contents.” If the risk to the business through email is no greater than the risk of the telephone, it makes no sense to implement monitoring measures, he argues.
Titterington knows of one blue chip company that bans all external email, allegedly to protect itself against the risk of viruses. But the true motive behind the ban, he says, is a concern that employees may make an offer that becomes legally binding on the company.
“Employers have the right to withdraw the facility for sending personal email by means of blocking addresses,” he says. “Looking into the contents of what is supposed to be a confidential communication is not acceptable. As for communications containing harassment or the racial vilification of other employees, you don't need to snoop on that as the receiver can complain. And once it's received, the email is their property.”
Internet security should be a core business issue, but despite cases where people's rights have been infringed, two-thirds of companies either have no email and Internet policy, or don't enforce it.
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages