Acceptable Use: What Privacy are You Entitled to at Work?

Many employers monitor all employee communications-and are within their rights to do so.

As it turns out, privacy is not an inalienable right. If you download child pornography on your personal computer and bring it to the office, it could certainly land you in federal prison.

Such a fate exists for Michael Barrows, former Glencoe, Okla., city treasurer. In early April, a U.S. Court of Appeals upheld Barrows' six-year sentence for possession of child pornography, after he argued that he had an expectation of privacy when he took his personal PC to work. The illegal files were discovered when a city clerk, who was having trouble opening a file, asked for help from a reserve police officer who traced the problem back to a file-sharing program running on Barrows' computer.

So what rights does one have when using personal technology in the workplace? Not many, according to Nancy Flynn, executive director of the ePolicy Institute, an electronic communications consultancy. ­According to a recent American ­Management Association/ePolicy Institute survey, 84 percent of employers had policies governing workers' personal e-mail use, 76 percent monitored workers' website connections, and 65 percent blocked certain connections completely. Half of all employers said they have fired workers for misusing the Internet or e-mail at work. The number-one reason employers monitor e-mail and Internet use is fear of litigation, says Flynn, and that fear is well founded: 24 percent of small, midsize and large U.S. companies had e-mails subpoenaed by the court in 2006. E-mail has become the "electronic equivalent of DNA," she says.

The best way employers can ensure the proper use of their computer assets is to set rules governing them. In Flynn's opinion, an ideal policy would ban the use of personal technology at the office completely. However, if employers decide to allow personal use, the policy should spell out e-mail rules regarding content, language and confidentiality. "You may want to restrict personal use to certain hours of the day: lunch hours and work breaks, for example, and restrict who they can communicate with: maybe kids, spouses and baby-sitters." Employers should also offer formal training when it comes to e-mail rules and risks, says Flynn. That way, employees won't feel like Big Brother is looking over their shoulder. "When employers explain rules, why they are in place, how they monitor and why, it goes a long way toward encouraging compliance," says Flynn.

Could personal technology use compromise your company?

Nancy Flynn, executive director of the ePolicy Institute, recommends taking the following steps to protect your company and its security.

Monitor nontraditional technologies closely. Add rules governing the use of IM, blogs, personal e-mail and smart phones to the company's acceptable use policy.
Review and update electronic policies every 12 months.
Ban the use of personal technologies and devices, such as cell phones and laptops, entirely. Since failure to produce subpoenaed e-mails can cost companies millions, employers should insist on the use of enterprise-grade technology tools 100 percent of the time.
Continue to train and educate employees on the organization's acceptable use policies as they evolve.

This story, "Acceptable Use: What Privacy are You Entitled to at Work?" was originally published by CSO.


Copyright © 2007 IDG Communications, Inc.

Discover what your peers are reading. Sign up for our FREE email newsletters today!