Reference no: EM13946540
Prevention better than litigation? Monitoring of employee computer use
Summarizes the extent of non-work related, computer-related activities in the workplaces and explores approaches to limit these activities.
A quarter of UK companies have dismissed employees for internet misconduct, with the vast majority of sackings related to accessing or transmitting online pornography, according to Websense, a provider of internet management solutions.
Misuse of the internet in the workplace is so widespread that 72 per cent of UK companies have had to deal with it, mostly by having a quiet word with the employee, followed by verbal warnings.
The company's research also shows that time wasting on the internet is an issue. In the US, workers spend more than one entire workday each week surfing non-work-related websites, with 18 per cent admitting that pornography sites were a big draw, only just behind shopping sites and online news.
Websense's products are now used by more than half of the Fortune 500, one third of the Nikkei 225, and half of the FTSE 100 companies, indicating that online porn in the workplace is a fast-growing problem. But for employers, dealing with the issue is not always as straightforward as buying some software.
Ray Stanton, director of security at Unisys, has faced the problem head-on in previous jobs. He relates how an employee was caught sending e-mails around the organisation with 127MB (megabytes) of pornography attached, in the shape of games, pictures and text. The sheer size of the attachments caused the e-mail server to crash.
Of greater concern to Mr Stanton was that the volume of material was not coming into the organisation from the internet even with broadband it would have taken too long to download. These megabytes of pornography were already on the corporate network.
When the business unit where that individual worked upgraded its desktops, an exercise which required the monitoring of file transfers, engineers discovered 20GB (gigabytes or billion bytes) of unacceptable material in corporate storage systems, the result of perhaps dozens of people's online activity. ‘Apart from anything else, that represents a serious management cost, perhaps $250,000 worth', Mr Stanton says. The individual who sent the 127MB email was disciplined under usual procedures.
Mr Stanton believes that the problem of online pornography is not going to go away and that it needs to be treated as a special case. In part, that is because it does not usually stop just with individuals looking at pornography.
‘From experience in investigating many such cases, most start off as a joke and rapidly turn into a real problem', says Clifford May, principal forensic consultant at Integralis, the IT security solutions vendor. ‘The immediacy of e-mail is the biggest danger, supported by the ease with which a large audience can be accessed people attach images, hit send and think about it later so-called clicker's remorse.'
Mr May adds that the circulation of explicit images as a joke is also a very real problem and in some cases has brought multi-million pound projects to a halt while development staff are investigated for circulating ever more outrageous material.
While measures such as filtering and blocking websites can help, it does not stop internet misuse.
‘Companies need a policy in place to know how and when employees use the internet, with guidelines that they stick to', says Stephanie Slanickova, a solicitor at Tarlo Lyons, a law firm that specialised in IT issues.
‘It is also important that companies get employee consent for monitoring, perhaps by [including] a clause in their contract. If a company just goes ahead with surveillance it could be in breach of the law. But they will be OK if they clearly set out what they are going to do', she adds.
The legal situation varies in different parts of the world, and is still evolving. The general principle is that if a citizen's right to privacy is enshrined in a written constitution, companies need to be more careful about any surveillance they wish to carry out. A good indicator of what the European Commission (EC) is currently thinking is provided by a working party document released in May this year . Personal e-mails are where the issue gets particularly thorny. ‘The document announces that employees don't abandon their right to privacy and data protection at the door to the workplace', explains Michael Clinch, a partner at Picton Howell, the London law firm.
‘They have a legitimate expectation of a certain degree of privacy. The EC recognises, however, that this has to be balanced with the employer's right to run a business', he says.
However, he believes that employers will not like the document, since the European Union has consistently taken the side of the individual on data protection issues.
The topic will be reviewed during 2002 and 2003 with a view to harmonising national laws on e-mail monitoring at the end of that period [see the sites listed at the end of the chapter for the latest developments in employee monitoring.
1 Summarize the benefits of using automated software tools to manage staff access to Internet content and e-mail.
2 What practices does the article suggest organizations should adopt to counter misuse of computer resources by employees? Can you suggest further measures?
3 Do you think it is ethical for organizations to monitor employees to detect access to pornography and then sack them if they have accessed it?
Of course, if a company has to resort to the law, it already represents a breakdown in communication between employer and employee. This is why everyone advising on the matter stresses the need for clearly advertised and enforced policies and guidelines. Prevention is far better than litigation.
‘Dismissing an employee for internet misuse is a substantial cost to the employer', says Jonathan Naylor, a barrister in the employment, pensions and benefits group of Morgan Cole, the UK law firm.
A study in 2001 by Incomes Data Services found that the costs of replacing key staff could be as much as 150 per cent of the employee's annual salary.
In addition, if the dismissal process is handled poorly by the employer, the organisation could also face employment tribunal proceedings, incurring further management time and costs.
Mr Stanton does not believe companies should panic, although they do need to be sensible and pragmatic since doing nothing is not an option.
‘Any director of a large company can assume he has a problem', he says. ‘It comes with the people.' But over time, through education, monitoring and some disciplinary action, companies can learn to deal with it.
Source: Mark Vernon, Legal and ethical issues, Financial Times; 2 October 2002.