Reporting on Your Employees' Internet Access?

kooky45 asks: "My team has recently installed content filters for my company which restrict the web sites that employees can visit. It also logs the sites they do visit; not whole URLs, just the site domain names. This has been useful for a couple of disciplinary investigations of employees suspected of wrongdoing. However, word has got round to some managers that this capability exists. They are starting to ask my team to provide lists of sites that their team members have accessed over the past few weeks, claiming they are suspicious of time wasting on the Internet and need proof. We're pushing back because of privacy concerns but the pressure is building on us. We have no experience in this area, and I'd like to ask Slashdot how other companies handle this, what the important considerations are, and where it could all go wrong?"

We do this.

[NorbMan]

Our employee AUP specifically states that the company equipment belongs to the company, and there should be no expectation of privacy. It also states we perform monitoring of Internet and email activity. All employees are required to agree to the policy before they are granted access. Supervisors occasionally do request reports from our logs when they're trying to determine how productive their employees are. This is one of the reasons we have the logging in place.

Re:We do this.

[jaseuk]

We do exactly the same thing and it works very well. Very few of these people take it any further once they realise they need approval from a director.

My line with most monitoring and lockdown requests is that it's a management issue, using the IT Department to control your staff builds resentment towards IT and often punishes other members of staff when all it would take to solve is a quiet word with the individual concerned.

Jason.

A somewhat complex issue

[Scott+Lockwood]

Like all employment, everything is negotiable. For example, employers have the right to be as draconian as they wish. Some don't allow internet access at all, for example. Some do with heavy filtering, and dismissal for the slightest infraction, for ANYONE. Employees on the other hand, are not without rights themselves, chief amonst them, the right to walk away. If an employer seems unreasonable, then work for someone else. If you don't have the skills to do that, put up with it until you do. People who won't better themselves shouldn't bother to complain.

Legal expectations of privacy....

[Snowtide]

Being a tech support monkey at both a university and a private business I have been told by the lawyers at both places there is little or no expectation of privacy using a businesses equipment. They pay for it and pay you to use it for their benefit, not yours. Universities are often trickier with the whole academic freedom bit and the often continuous political games. We have had the best results with the policy described by a previous poster. Accept requests for those records from only one or two people of authority. The head of HR for instance, it takes the load off the IT department and helps limit the number of requests. People will hassle It to try to get that information for all kinds of petty reasons, but HR controls reviews and paychecks, it often makes people think twice before asking for things.

Thank God my bosses believe me when I describe Slashdot as a tech reference site and I am in charge of any network monitoring we might do.
:)

it's been said...

[Heem]

I'll say it again though.. These requests should only come from HR/Personell whatever you call them.

At a previous job I had the task of the web filter logs, as well as access to all emails and user's files. Sure, I looked at them sometimes, but only if I needed to. And yes, at times lower lever managers - supervisors - would ask for information about their direct reports.

Even though no direct policy like this existed, I told them I will only give that information to HR. One time the CEO asked for something, and I would not even give it to him. I defered him to my boss, who, probably gave it to him, but I made it very clear:

"I've been given trust by the company to access this information. What if someone went to a website that divulged information about a medical condition that they were keeping secret? Granted, they would be wrong for doing it on company time, but I am NOT going to be the one to give up that information"

I think I also gained a little respect by saying that and instituting my policy. Of course, YMMV

We aren't authorized!

[bigbigbison]

Since you don't know if you should do it, I'm assuming no one has specifically given you authority to do it. Therefore, you just do the number one corporate run-around "I'm not authorized to do that." Then if they as who is, tell them you don't know.

How much is it worth?

[Kadin2048]

I was reading an article a while back about how more and more employees are coming to either expect, or desire as a perk, unfettered internet access.

I wonder if anyone has done a study or survey of how much employees value their internet access, and what kind of pay cut they'd be willing to take for it, or what kind of pay bump they would require to move to a company that didn't offer it.

Right now it might seem like a minor issue -- in many tech fields, there are enough candidates that employers can dictate terms to their employees, and employees are sufficiently discouraged by the thought of finding a new job, that they won't tell them to suck eggs and walk away. However, in a tighter market this might not be the case. I could easily see a situation where a company might decide that it's cheaper to offer unfettered internet access (and swallow the cost of the productivity hit) rather than pay extra in order to recruit and retain people who are willing to work under more limited conditions.

I've thought about what it's worth to me, and I think I would probably accept working in a secure area (where there's no public net access) for about a 5% pay increase; any less than that, and I'd probably say no. If they just started blocking web traffic tomorrow in my current position, I probably wouldn't quit immediately, but it would certainly factor into my list of things that I don't particularly like. At some point when that list got long enough, I'd find another job.

Everything's a trade-off, both from the employer's perspective and the employee's.

Re:Our solution

[jbarr]

I absolutely agree. Letting any department manager have access could present a huge privacy problem. Leave it up to HR, and have the managers go through porper channels.

Yes, it is the company's equipment, but with the flurry of crazy litigation and legislation, it's better for all parties if there is a defined, followed policy.

The beat^Wcensoring will continue...

[Kadin2048]

Well put.

If your employees/team are being productive, and your project is successful and you're meeting deadlines, I question why a manager really ought to care whether people are reading Slashdot or Google News or playing the occasional Flash game.

If work's getting done, don't micromanage -- let your people do their work; the damage you'll do by creating an adversarial work culture probably greatly outweighs the very small gain in efficiency you'll get by prohibiting web browsing (and for some people, prohibiting them from doing that may result in a negative productivity change). If work isn't getting done, then maybe you need to take a look at either your recruiting, motivation, or compensation practices. You can't "beat them until morale improves," and employees who are all disinterested in work is probably a symptom of a greater problem than the browsing itself.