Skip the navigation

Employee monitoring: When IT is asked to spy

By Tam Harbert
June 16, 2010 06:00 AM ET

The legal eagle

"Daryl" -- who requested anonymity -- is an IT manager at a midsize industrial manufacturer in the U.K. He strongly believes that IT has the right, and the duty, to monitor employee activity in order to protect the interests of the company.

He once caught an employee who was engaged in criminal activity involving intellectual property that could have resulted in a big financial loss for the company.

He went straight to the CEO, and the employee was dismissed. (For more on violations that cause employees to lose their jobs, read Corporations crack down on digital delinquents.) The employer didn't press charges, however, because "it would've been very embarrassing for the company," Daryl says.

Daryl's complaint is not that he has to police employees, but that he's not allowed to do it properly.

His graduate-level college courses in information security and forensics taught him how to properly preserve electronic evidence so that it is admissible in U.K. courts. For the information from a laptop to be admissible, he says, the hard drive needs to be removed and cloned, and then the clone is examined while the original evidence is left untouched.

But his bosses aren't interested in that. "The process my managers want me to follow is inappropriate," he says -- namely, they advise him to skip the cloning step and examine the hard drive straight off. "It's highly unlikely that they would ever be able to bring a successful prosecution [because] they insist on using a practice that would invalidate any evidence obtained as a result."

Daryl is an exception when it comes to legal knowledge among IT professionals. It's more common that the IT manager doesn't know how to correctly preserve evidence, and probably doesn't even know what information might be legally relevant, says Jason M. Shinn, an attorney with Lipson, Neilson, Cole, Seltzer & Garin PC who specializes in electronic discovery and technology issues in employment law.

That's why both in-house legal counsel and HR should be involved in monitoring activity, he advises.

(Next: The conscientious objector)

Corporations crack down on digital delinquents
Not only do corporations appear to be monitoring their employees more frequently and more closely, but they're also punishing violators more severely when they do get caught -- and some are even terminating employees who violated company policies.

Percentage of companies that terminated employees when they violated stated policies on the use of:
The Internet -- 26%
E-mail -- 26%
Cell phones -- 6%
Instant messaging -- 4%
Text messaging -- 3%
Social networking -- 2%
Video sharing -- 1%
Personal blogs -- 1%
Corporate blogs -- 1%
2009 survey co-sponsored by the American Management Association and The ePolicy Institute.

In addition, 13% of companies surveyed said they review job applicants' social networking sites or personal blogs as part of the interview process, and 3% reported that they have rejected job applicants on the basis of content posted on such sites.


Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!