Being Big Brother: Monitoring employees' network activity

By Deb Shinder

October 3, 2005 12:00 PM ET

Recommended

(4)

Digg

Twitter

Share/Email

WindowSecurity.com - If you, as network administrator or IT policy maker, are charged with being Big Brother for your company, there are both legal and technological factors to consider.
In this article, we'll discuss both. Remember, though, that laws differ from country to country and even from state to state, and even if you think you know the law in your jurisdiction, it's subject to change any time a legislative body meets.
Why monitor employees' network activities?
Why should you consider monitoring employees' activities in the first place? Are employers who read their employees' e-mail or keep track of Web sites visited just being nosy and overly controlling? Unfortunately, the company can be held civilly liable or even criminally responsible for employees' actions.
If an employee downloads pornography onto a work computer that is displayed, intentionally or accidentally, to others, the company could be sued for sexual harassment (creating or allowing a "hostile workplace"). If the employee downloads child porn, the company may become caught up in a criminal investigation. If the employee is embezzling money from customers' accounts, the company could be held to be negligent. If an employee uses company equipment to commit any criminal act, at the very least the company may end up having its computers confiscated for evidence.
Even if the employees' activities aren't subject to criminal charges or lawsuits, wasting large amounts of company time surfing non-business-related Web sites, sending personal e-mail or chatting with friends costs the company money in lost productivity.
Downloading large files uses network bandwidth and may slow down the network for legitimate users. Visiting unsafe Web sites may introduce viruses and other malware to the company network. Finally, employees may deliberately or inadvertently expose confidential company information (trade secrets, personnel data, financial information) to unauthorized persons through e-mail or chat.
Monitoring employees' network activities: policy issues
Although there have been a number of cases where employees have sued employers for invasion of privacy (usually under state statutes), in most cases the courts have sided with the employer.
Note: Although many people think the Constitution explicitly guarantees a right to privacy, the privacy protections in the Bill of Rights apply only when the government is the intruder. Some state constitutions or statutes address individual privacy rights, and these differ widely in scope.
Two important concepts used by the court in determining whether monitoring is permissible under the law are:

The "expectation of privacy" of the employee

The "reasonableness" of the monitoring

Some employees have claimed to have an expectation of privacy because their access

Reprinted with permission from

For more security news visit WindowSecurity.com
Story copyright 2006 WindowSecurity.com. All rights reserved.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Privacy

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.