Columns

Big Brother and the Workplace

• By Charles H. Trepper
• January 1, 2001

If the number of news stories and magazine articles is any indication, the controversy over privacy in the workplace is growing. Many organizations are now struggling to create policies that and, at the same time, protect the company from potential legal, moral and ethical liabilities. Some companies are moving to a tighter monitoring model, while others are taking a hands-off approach to make employees feel trusted. Both approaches have benefits and drawbacks — the one that is right for your company will depend on your organization's history with its employees, employee attitudes toward the firm, federal and state laws, and judicial precedents. Regardless of the approach you take, employees must be made acutely aware of the policies and penalties associated with the use of an organization's computers.

Hands-on vs. hands-off

Let's take a look at two companies with two very different approaches to privacy in the workplace.

The first is a large, direct mail company that does not monitor its employees' computer use, and provides no specific training on E-mail or Web usage. The company assumes that if employees waste time it will affect their performance. The company also believes that by not telling employees they will be protected, they are limiting the firm's liability should an employee get into trouble. The second firm is a large railroad company that has five employees dedicated to monitoring employee E-mail and use of the Internet. The organization holds periodic update seminars and has clearly written policies that are very specific about the proper usage of company computers.

According to William Henney, a Minneapolis-based attorney, the direct mail firm may have a problem because its lack of a computer policy opens the door to abuse. Its employees may do things that are unprofessional and that create a "hostile workplace," which could lead to legal action. On the other hand, the railroad company is in a more likely position to prevent any problems resulting from an employee's improper use of E-mail and the Internet, he said.

If employees have E-mail and Web access, said Henney, there should be rules to govern their use. This includes what types of E-mails are acceptable and what kinds of sites employees can visit. Most organizations argue that, since they own the equipment used to transmit data (including both E-mail and Internet usage), they should have the right to monitor any use of their equipment. Companies further argue that personal use of equipment during business hours can hurt productivity. Thus, Henney contends that organizations can and should regulate use of their electronic resources.

Training: The best prevention

The best prevention against lawsuits over privacy in the workplace is a comprehensive policy concerning the use of an organization's electronic resources; in addition, the policy should be communicated to all employees in a properly structured training class. Classes should be held for new hires, and for all employees when policies are changed or updated. According to Henney, training classes should communicate:

• What the organization wants to accomplish with its policies.
• The purpose of the allowed access in generic terms (e.g., professional use only, with some personal exceptions such as during lunch hour or after work hours).
• Specifically what is and is not allowed, but in broad categories (e.g., all pornographic sites are not allowed, regardless of content).
• Specifically, that employee use is monitored.
• All content is owned by the organization, not the employee, and even personal data on the organization's computers may be subject to examination.

All of this information should be included in the employee handbook. It is also important to make sure that employees acknowledge in writing that the material was received and understood. Inserts and updates to the handbook should be provided whenever policies are changed.

According to Henney, organizations should train employees on policies and monitor usage to create a standard, professional workplace that limits the firm's liabilities. Warren Reid, an Encino, Calif.-based technology consultant and litigation expert, agrees. Because inappropriate use of company computers continues, he said, organizations must have some kind of written policy. Such policies prevent employee confusion and show consistency. Consistent enforcement is important, explained Reid, because selective enforcement can give employees the impression that the organization does not care about its policy. This can make prosecuting violations more difficult.

In the extreme case of a termination, for example, an employee who violated a rule could say "everyone does it," and then claim discrimination. Courts frequently judge the validity of an employee's claim of discrimination or other improper termination by how consistently the organization has enforced the policy or policies leading to termination, as well as how clearly those policies were communicated to employees. Good training programs prove that an organization cares about its policy and makes a good faith effort to communicate those policies to employees accurately and often.

Clearly communicated enforcement policies have another benefit: Improved workplace efficiency. The math is simple: Reducing Internet abuse by just 30 minutes per day adds 2.5 hours of work time per week — a potentially significant increase in productivity. Reid said a temporary decrease in employee satisfaction might occur because employees may be prevented from doing some personal tasks on the Web. However, for those employees to whom professional growth is important, overall job satisfaction will actually rise because they will be more productive. They will also be rewarded by the organization for that value added during the additional work hours.

Controversy continues

Organizations such as the Electronic Freedom Frontier (EFF) and the American Civil Liberties Union (ACLU) oppose monitoring because they believe it constitutes an invasion of privacy. The ACLU states that employee privacy should be protected as long as it does not compromise the workplace. However, these organizations do not address the fact that the equipment employees are using to send E-mail and surf the Web is purchased and maintained by employers.

Employee opposition to monitoring generally centers on workplace morale. Employees claim that monitoring makes them nervous, and makes it more difficult for them to concentrate on their work. Employers counter that employees shouldn't have to worry about monitoring if they're not doing anything wrong. Obviously, this controversy is not likely to be resolved soon. Court decisions are still mixed, and the U.S. Supreme Court has yet to send a clear signal regarding who can or cannot do what to whom. However, both sides agree that workplace monitoring policies (if any) should be communicated clearly. In this way, both the employee and the organization are clear on the acceptable and unacceptable uses of electronic resources.

As more employees gain access to E-mail and the Internet, it will become even more important for organizations and employees to come to a mutually beneficial definition of workplace privacy. Firms must continue to monitor court decisions regarding employee monitoring closely, and their legal counsels should stay up-to-date on precedents. Employees should bear in mind that the equipment they use is purchased by their employer for its own benefit. Employees should also stay current on their organization's policies and procedures on electronic resource usage.

The issue of workplace privacy will no doubt continue to be controversial. However, organizations and their employees should work together to ensure mutual understanding. This relationship is best built and maintained through clear, easily understood policies that are communicated frequently.