The episode underscores the fact that instant message conversations can be just as damaging as e-mail, says Shawna Swanson, a partner with San Francisco-based law firm Fenwick & West’s Employment Practices group. "The big difference between the two, frankly, is people know how to monitor e-mail better than they know how to monitor IMs," Swanson says. "I hear people say that there is no way to monitor IM, but that’s actually not the case."

According to a 2006 survey by the American Management Association and the ePolicy Institute, workplace IM is "a recipe for legal, regulatory and security disaster." Ten percent of employees reported sending sexual, romantic or pornographic instant messages and half of these are sent on free instant messaging software rather than company sanctioned tools, according to the survey.

The ePolicy Institute has some tips on how to rein in instant messaging

• Assume employees are using IM. Only 47 percent of employees using free IM tools reported that their companies knew about its use.
• Survey employees and test your network to see if employees are using IM clients. Symantec and other vendors make management tools to detect and monitor IM traffic.
• When you find IM clients on the network, don’t rush to ban them. Employees who see IM as critical to their jobs might revolt. Besides, they’ll probably just find a back door to sneak in IM.
• Set an IM policy that reflects any regulatory compliance requirements and acceptable use rules. Make it clear that instant messages belong to the employer, not the employee.
• Make sure your IM policy is being met. IM management tools, available from vendors such as Akonix, IMlogic and FaceTime, can help log and report on IM traffic and enforce company policy.