Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting Your Company While Protecting Privacy?

Posted by Cliff on from the avoiding-the-juicy-email-situation dept.

gmhowell asks: "After reading this story on Slashdot, it seems to me that I haven't heard of a good proposal from employees regarding their e-mail/browsing privacy compared to the demands that a company avoid lawsuits. I manage a small business and am well aware of how bizarre the EEOC and others can get when it comes to sexual harassment, racial quotas, etc. For example, if a delivery person flirts with a secretary too much, is it UPS who has created the hostile workplace? Nope. It's my company. Similarly, the company can and will be held liable for any e-mail sent that ends in '@familyhealthcarepa.com'. So we really should be monitoring all e-mail, both internal and external. However, most of our employees are trustworthy, hardworking, and not interested in using our system to create mischief and I really don't want to turn into 'Big Brother'."

"Sure, I'll block a URL here or there but spot checking e-mail? How long until some smartass comes up with a .sig containing all of my keywords?

In general, people are going to be more productive if they take their five minute break at their terminal browsing than screwing around by the coffee machine. Along the same venue, I am not interested in tracking 'abuse' (such as hitting eBay, checking the sports scores, etc.) If someone is using that much time that it interferes with their job, I'll be speaking with them regarding their dereliction of duties in general, and not speaking to them about Internet usage in particular.

So, again, I pose the question: what sort of policy and procedures will protect the privacy of employees' surfing and e-mail, while still protecting my company from liability?"

4 of 184 comments (clear)

  1. Contextualizing Email by Effugas · · Score: 5

    Stop.

    This presumption that all emails can and should be logged comes from the presumption that emails are equivalent to official memos from the corporation.

    They're not, and shame on anyone who would argue differently.

    The fact that harassing comments may be spoken at the water cooler does not obligate the company to install an audio recorder at that cooler. The fact that harassing comments often are spoken over telephone lines assuredly does not obligate a company to record all calls made to and from the office building. The fact that E-Mail can occasionally lead to harassing comments as well does not obligate the company to violate the privacy of its workers.

    Now, given an active suspicion(usually brought upon by an aggrieved party commenting to his or her manager), it's justified ethically to verify the charge by watching traffic in a limited manner. We wouldn't want someone to lose their job without their sins being proven.

    But to say that employers are mandated by government to spy on everything their workers do obscures the fact that the government itself is mandated a privacy violation infrastructure be built into every single workplace in the name of "protecting us from ourselves."

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com

  2. From the Linux Capital Group employee handbook by Bruce+Perens · · Score: 5
    It's OK to use this text under the GNU Documentation License. I plan to put the whole handbook out as free software when I have time.

    Bruce

    Systems Use and Privacy

    In order to facilitate communications and business operations, the Company uses a number of devices, objects and systems. This includes but is not limited to mail, e-mail, telephones, desks, common areas, cabinets, files, computers, networks, passwords, voice mail, etc. Access can be made by the company to any or all of these items or systems at any time. Employees should not assume that contents of messages are confidential and will be only reviewed by the employee.

    The Company does not guarantee the security of the Company's systems, computers or telephones. If you need to communicate in a secure fashion, do it outside of Company buildings and without using any Company equipment or facilities. We employ technical experts who are able to read your computer data and tap your phone.

    Members of the executive staff, the employee's supervisor, or another employee at the direction of a member of the executive staff, may access, monitor and act on any message or communication or data in any system at any time and may view and consider and act on the contents of any item provided for use in the normal course of company business.

    None of this, however, conveys authorization for any employee to eavesdrop. The email, files, and other communications of your co-workers are not your business and you are to avoid situations that would expose you to them unnecessarily. "Snooping" is unethical and you are liable to be terminated if you engage in it.

    Our systems are never to be used for pornography, email spam, ethically questionable or unprofessional activities. Internet service is widely available outside of the Company at low cost. Do not consider us to be your "Internet provider": our Internet facilities are only for work. Internet communications that are not part of your job should be carried out using an outside internet provider, a non-Company email address and non-company URLs.

    In a nutshell...this means don't be doing nasty or illegal things in the office or on our networks. Respect the fact that your co-workers have access to information on the network and the computers and they would like to be able to respect you in the morning. The Company reserves the right to inspect information and work environment at any time, with or without notice

    No Personal Businesses On-Site

    It is understandable that many of the Company employees are entrepreneurs and may have one or more companies or separate enterprises, outside of their interest in the Company. It is our desire to nurture and respect the mindset of the entrepreneur. However, under no circumstances shall any employee of the Company run their own company at or through the Company. The use of the Company resources to conduct said business is strictly prohibited. All such enterprises shall be conducted completely off-site and shall not in any way be connected to or interfere with the normal operation of the Company

    It is understood and accepted that occasional phone calls will need to be made or taken with regard to personal business. However, there shall be no routine phone calls. There shall be no connections with your personal enterprises and the Company. You are not authorized to use computers, addresses or other Company property, licenses or identification numbers to conduct your personal enterprise. In addition, you shall not use to the advantage of your personal enterprise any business information acquired on the job, at the Company.

    --
    Bruce Perens.
  3. You need a legal opinion not a tech one by gelfling · · Score: 5

    Even if you monitor what are you monitoring for? Who does this protect? While it may afford the company the excuse that they can go after an employee it does not protect the company from anything per se. Moreover if you have an official policy of monitoring AND ALSO filtering then the company is setting itself up to NEVER send out anything that is in violation of the policy. That is, if you claim you are in compliance then you in fact HAVE TO BE in compliance and you may be exposing the company to even more trouble. In this case the liability is clear regardless of who sends out the offending email. Therefore you again have not actually protected the company from anything unless you the email admin can guarantee the process.

    You need to consult an attorney. You may also want to investigate some kind of business insurance to cover litigation and damages that may result.

  4. Educate them by MagicYoshi · · Score: 5

    I've always felt that when you give people all the information, they often can be trusted much more.

    When I was in college, I was involved with a school program that was being threatened with being shut down because incoming students would complain that they were pressured into drinking. However, there were 400 students involved in the program and there was no way we could police them all. The students in charge of the program appealed to the other students, explained the problem and explained the consequences and we had almost no problems. A couple of years later, it had become a "rule", and it's now a problem again. My point is that when we explained the situation, they wanted to help and were able to.

    As far as the UPS person flirting with a receptionist, if you receptionist has some sort of way of getting help or discreetly calling someone into the room, the flirting will not be a problem. I would think any judge would look at that and realize the company had done all it could. But then, IANAL.