Being Big Brother: Monitoring employees' network activity
WindowSecurity.com -
If you, as network administrator or IT policy maker, are charged with being Big Brother for your company, there are both legal and technological factors to consider.
In this article, we'll discuss both. Remember, though, that laws differ from country to country and even from state to state, and even if you think you know the law in your jurisdiction, it's subject to change any time a legislative body meets.
Why monitor employees' network activities?
Why should you consider monitoring employees' activities in the first place? Are employers who read their employees' e-mail or keep track of Web sites visited just being nosy and overly controlling? Unfortunately, the company can be held civilly liable or even criminally responsible for employees' actions.
If an employee downloads pornography onto a work computer that is displayed, intentionally or accidentally, to others, the company could be sued for sexual harassment (creating or allowing a "hostile workplace"). If the employee downloads child porn, the company may become caught up in a criminal investigation. If the employee is embezzling money from customers' accounts, the company could be held to be negligent. If an employee uses company equipment to commit any criminal act, at the very least the company may end up having its computers confiscated for evidence.
Even if the employees' activities aren't subject to criminal charges or lawsuits, wasting large amounts of company time surfing non-business-related Web sites, sending personal e-mail or chatting with friends costs the company money in lost productivity.
Downloading large files uses network bandwidth and may slow down the network for legitimate users. Visiting unsafe Web sites may introduce viruses and other malware to the company network. Finally, employees may deliberately or inadvertently expose confidential company information (trade secrets, personnel data, financial information) to unauthorized persons through e-mail or chat.
Monitoring employees' network activities: policy issues
Although there have been a number of cases where employees have sued employers for invasion of privacy (usually under state statutes), in most cases the courts have sided with the employer.
Note: Although many people think the Constitution explicitly guarantees a right to privacy, the privacy protections in the Bill of Rights apply only when the government is the intruder. Some state constitutions or statutes address individual privacy rights, and these differ widely in scope.
Two important concepts used by the court in determining whether monitoring is permissible under the law are:
- The "expectation of privacy" of the employee
- The "reasonableness" of the monitoring
Some employees have claimed to have an expectation of privacy because their access
Reprinted with permission from
Story copyright 2006 WindowSecurity.com. All rights reserved.
Privacy
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
