Slashdot Mirror
Reporting on Your Employees' Internet Access?
kooky45 asks: "My team has recently installed content filters for my company which restrict the web sites that employees can visit. It also logs the sites they do visit; not whole URLs, just the site domain names. This has been useful for a couple of disciplinary investigations of employees suspected of wrongdoing. However, word has got round to some managers that this capability exists. They are starting to ask my team to provide lists of sites that their team members have accessed over the past few weeks, claiming they are suspicious of time wasting on the Internet and need proof. We're pushing back because of privacy concerns but the pressure is building on us. We have no experience in this area, and I'd like to ask Slashdot how other companies handle this, what the important considerations are, and where it could all go wrong?"
Our simple answer:
"We don't take requests from department managers".
At our shop, requests for such information come from the HR director or the General Manager and only those people. And such information is provided to them and them alone. Such rules make our lives easier. HR and/or the GM workout what to do with the department head -- solutions which may involve IT or not.
Such requests are rare now. They are usually handled by the supervisor alone now without need of escalation.
unless there's something in the staff policy about 'not' visiting sites people might deem offensive/doing non work on computers etc etc there's not alot the managers can do.
Also pop in the managers usage as well - as someone else pointed out.
It sounds to me like the managers don't have enough to do and are wasting their time micromanaging employees.
However, word has got round to some managers that this capability exists. They are starting to ask my team to provide lists of sites that their team members have accessed over the past few weeks, claiming they are suspicious of time wasting on the Internet and need proof.
It takes real time to develop a culture in a workplace. If your culture is such that managers are looking for evidence of "slacking" to try to motivate them or replace them, then you are probably looking at a lost cause. The only thing I can recommend is a well written letter to someone high up in the company about the dangers of an adversarial workplace culture and the resulting brain drain and poor quality.
We're pushing back because of privacy concerns but the pressure is building on us. We have no experience in this area, and I'd like to ask Slashdot how other companies handle this, what the important considerations are, and where it could all go wrong?"
Any manager that needs to look at logs like this for their employees is incompetent and dragging your company down. A good manager provides positive incentives for employees and creates loyalty both to himself and to the company by treating employees like people. The only reason to consider removing an employee is if they are not getting their job done. If this is the case, then they should be able to tell him why. If he does not trust them, he should find someone else regardless of what a log says.
Treating your employees as mercenaries will make them act that way. Why should they give 2 weeks notice if they're leaving? Why shouldn't they steal office supplies if they can get away with it. Why shouldn't they make a copy of your customer database or defect to the competition? If money is all you are offering, then you can always be outbid.
One thing you might want to consider and which might be able to pull you company out of its cultural death spin is moving drastically from secret monitoring to complete openness. Make an announcement to the whole company that internet monitoring is being applied and then open the system up to everyone. Managers will be able to see what sites their employees visit, but employees will be able to see what sites their bosses visit and when and for how long. We have such a system here, and every now and again we'll announce in a meeting the person who wasted the most time on Slashdot that month.
With such a move to openness i does not seem so much like an us versus them arrangement, but rather an even playing field for all. It works for us, but then we also have a very progressive culture of treating employees well and avoiding micro management. People take on responsibilities and the only problem is if they don't live up to them. No one cares if I post on Slashdot in the middle of the day, so long as I get my work done and it is of sufficient quality. It may be too late where you work, however. You might want to seriously consider looking for an employer that is smarter.
As a manager of engineering teams, I do not look to closely at what the staff does; As long as the product works, and it is delivered in a timely manner. The company owns the equipment, so there is a need to respect its ownership. I tell the team leaders that it is not a good thing to be caught accessing the design ideas from a porn site, at work. And I do know that the porn industry is light years ahead of all of us when it comes to copyrights, revenues, downloads, and traffic monitoring. My advice for companies that have managers that need to spy on employees is to ask that manager for immediate status report on all outstanding projects. Then start increasing that managers work load. If a person has time to spy, then that person has time to work; For the good of the company. And if there is no work for that person, then maybe the Finance Department should be brought into the loop at that time.
I continue to hope that good managers would understand people getting sidetracked during the day. Browsing /. and random news stories is my way of letting my brain process on something so it gets internalized, and I can then go tackle the problem head on. I don't work well just beating my head against something, I have to poke at it for a while and then go read or play a flash game for 10 minutes and let it sink in. Subconcious processing, transfer to long-term memory, whatever it is, it's how I work. I'm plenty productive despite hitting /. about 5 times a day.
Slashdot needs a "-1, Wrong" moderation option.
The Urban Hippie
From reading the post, I'm guessing you're one of the folks who actually works for a living, rather than manages other people who actually work for a living. Decisions like this usually aren't handled at the "actually do it" level. This is definitely something I'd kick up through the management chain, as this is something that should be clarified at a company policy level.
Some companies make it very clear that people who work for them are subject to monitoring, etc., and can expect no privacy. Others will have the same general policy, but have other policies in place as to who can see the logs and under what circumstances. That's what you'll have to establish, and it's a decision that should be handled at a management level high enough to make it stick.
My answer, in the absense of an established policy would be "Have your boss talk to my boss, and they can hash it out with HR and Legal."
Never attribute to malice what can as easily be the result of incompetence...
From the description, there appears to be no policy in place governing how IT information can be used by company management. The problem lies in that fact, not the fact that someone is requesting the information.
I suspect that this is also further complicated by the fact that employment is regulated at the detail level on a state by state basis, and therefore the legal aspects of your situation will be influenced by local laws.
However, what I would do if this is the first time this has happened is to run this by the head of the HR department or someone who handles such things within the company. Where I live, if there is no policy, the employee whose information is being disclosed might have some legal rights, or could simply try to sue everyone involved if something negative happens. I suspect this could happen anywhere, as well. If HR has a discrete policy, then you are covered and the rules are clear.
Personally, I'd get someone in authority (boss, HR, legal) to give you in writing their guidelines, and perhaps take the opportunity to help create a policy if it doesn't exist.
I have worked for/with several large corporations, and each one has had very clear guidelines, spelled out in detail in the AUP for computer/internet use which employees must sign as part of the hiring paperwork. My wifes' company, for instance, (a large multinational news firm) allows any line manager to request the internet records of any employee after discussing it with their appointed HR rep (each manager has his/her own HR rep who handles such things and is involved with the managers on a daily basis). I've also worked with other organizations where only the security team, who had independent authority and worked hand-in-hand with management and HR, had direct access to the records.
However, I must mention the most brilliant and most efficient filtering scheme I've ever seen: make everything public. I worked with one of the large credit card corporations a while back, and when they first allowed general internet access, they had a website that simply logged *EVERY* employees browsing history (not urls, just domains). An employee could see his managers, the managers could see the employees. It worked brilliantly, since no one was going to risk being exposed as having gone to even questionable sites, so there were very few abuses. Plus it required no upgrades, no computers, no power, and virtually no effort. I suppose this was a good implementation of Cory Doctorow's recent suggestion about making security public. Too bad they discontinued it because of lawsuit concerns.
Well since basically every employee does that, an employer that does not expect and understand it is far past delusional.
and who wants to work for someone that is that out of touch with reality. Employees slack off at work, if someone does not understand that concept, well they are flat out idiots and i am willing to bet, have extremely high turn over rates.
Those no down time employees, usually burn out and come back with an AR15...
The phrase "more better" is acceptable English. suck it grammar Nazis
California Labor Law requirements are fairly strict (with a bit of wiggleroom, but not much) on when breaks must be provided.
Blame Sacramento. I'd like a government that treated it's citizens as adults.
Um guess what, they are already allowed to do that today.
but basically, this monitoring business is just a replacement for common sense, ie at the end of the day, did the employee get his shit done...that is all that matters. but instead you get managers who think they will suddenly be in touch with employees by monitoring their internet usage, instead of just paying attention to the quality of the work.
The phrase "more better" is acceptable English. suck it grammar Nazis
I did it one better back in the day. Proxy logs were themselves available online. Anyone could look at anyone else's history. Problem solved and I didn't have to do anything else.
Whether it had been necessary to step in or not, they would have. They're government, after all.
Blame still lies with Sacramento!
I get the feeling that you are wrong for the wrong reasons.
Firstly, I think there should be an expressed expectation of privacy, or level thereof. I expect that my employer wouldn't put a camera in the bathrooms. I think what keeps some from doing so is the letter of the law and the blanket coverage of all employees, including those responsible for the cameras. But I'm not going to bother to find and quote any decisions. My employer has a stated computer useage requirements. It is intentionally vague, but not beyond most people's comprehension. For instance, it doesn't identify the web filtering in place, but specifically prohibits circumventive behavior. I'm not happy about this as I don't agree with the filtering of sites like the wikipedia as personal pages. But I hardly find it reason enough to find other work.
But the expectation of entitlement to anything not compensated for is rediculous. The idea that only the educated have bargaining power is rather ignorant. Your assertion that companies will lose out on the best employees seems to imply that because it decided to settle for less than the best that it will fail. My employer is a prime example of the contrary. This may be true when applied to entities of different sizes, say an accounting office with ten people might have greater friction and turnover over something as simple as web filtering. But even it would not instantly go out of business due to restictive uses.
The only variable that ultimately affects any business is money. People will put up with a lot of unnecessary shit for the right price. That is the double edge sword of getting what you pay for. Pay peanuts, expect elephants.
Someone hates these cans.
...is a lack of results/deliverables in the expected time frame. Either your employees are producing at an acceptable level or they aren't. I don't understand why many managers feel they need to waste time with the cat and mouse games. Perhaps the real question this guy should be asking is "Why do the middle managers at my company have time available to look into this; Perhaps we should have fewer middle managers."
For a few clients I've worked at. The only time they really want to read any logs is when they want to get rid of a specific employee. If you're not on their hit list you didn't have a worry, but it you were then they would find the smallest detail in a log to pick you out and fire you for breaking their internet use policy.
Task Mangler
they own the bathroom too