Time magazine ran an interesting story in their 9/11 issue, "Snooping Bosses" that discussed multiple privacy issues within the workplace. They provided a sidebar that truly should be common sense to anyone working in this day and age. I’ll go over it later…it’s not on their site…
The article started with a great story about security guard who was fired for playing hooky…he called in sick, but his company-provided cell phone had a GPS system that showed him on the road to Reno…ultimately the unemployment ax fell.
Here are a few interesting excerpts with statistics you will find surprising…or perhaps not…
- "Nine out of 10 employers observe your electronic behavior, according to the Center for Business Ethics at Bentley College."
- "A study by the American Management Association and the ePolicy Institute found 76% of employers watch you surf the Web and 36% track content, keystrokes and time spent at the keyboard." & "38% hire staff to sift through your e-mail."
- "A June survey by Forrester Research and Proofpoint found that 32% of employers fired workers over the previous 12 months for violating e-mail policies by sending content that posed legal, financial, regulatory or p.r. risks."
I would think the numbers in the first two bullets are actually higher. With today’s regulatory requirements, need to demonstrate due diligence, and studies such as those referenced below, it just makes good business sense to monitor certain electronic communications…in reasonable ways. If personnel violate published and communicated corporate policies they should face sanctions, and sometimes those will need to be dismissal.
- "45% of us admit that surfing is our favorite time waster, according to a joint survey by Salary.com and AOL"
See…no wonder employers are monitoring!! I’ve read other reports as well that indicate personnel spend anywhere from 8 – 20 hours per week surfing. If you were paying someone to do work and they were sitting on the clock submitting bids on eBay or spending hours on Match.com, wouldn’t you be a little more than a bit ticked off?
- "A Northeast technology company found that several employees who frequently complained of overwork actually spent all day on MySpace.com"
This is funny and sad simultaneously. They probably did feel tired from all their MySpace.com chatting and viewing…poor carpel-tunnel fatigued folks.
- "Slightly more than half of employers surveyed monitor how much time their employees spend on the phone, and even track calls–up from 9% in 2001."
Over 50% monitoring calls. Not that surprising. Quite interesting how much it has increased since 2001, though.
- "Workers at Google, Delta Airlines and Microsoft have claimed their blogs got them fired."
Do you have policies regarding what your personnel cannot post to blogs with regard to your company? Not only can information blogged about your company be embarrassing and cause PR problems, it is also very easy for confidential information to be inappropriately posted within blogs.
- "In Thompson v. Johnson County Community College in Oklahoma, the court held that employees had no expectation of privacy in a locker room because the room had pipes that required occasional maintenance. (The need to service the pipes was enough for the court to let the employer use video surveillance.)"
ICK. Where were those CCTVs pointed? Although there are safety and physical security reasons for CCTVs, putting them in locker rooms still seems at first blush (so to speak) a little too far. Hopefully they communicated or had signs indicating the areas that were visible to the CCTVs.
- "At Citywatcher, a Cincinnati, Ohio, company that provides video surveillance to police, some workers volunteered to have ID chips embedded in their forearms last June."
I’ve read other articles about this. This really does take the 2-factor authentication concept of something you have and something you are to a whole new level. What happens if the folks are fired? Or, if they decide to quit and not come back to work? There’s probably some way to disable them, but still…I’m not sure all the potential negative impacts of creating Johnny Mnemonic-like employees in our workplace have really been explored and addressed.
The sidebar lists "precautions" that should not only be common sense by now, but should also have been covered multiple times through a good information security and privacy training and awareness program. At a high level these 9 precautions include:
- "Know your company’s policies" DUH. However, if the information security and privacy folks are NOT telling personnel what the policies are, then personnel will not know and will likely then do bad or dangerous things with your organization’s information assets.
- "Surf the web sparingly" This is not only good for the company’s bottom line (hey, they are paying you to work, folks), but it is good for information security to help keep the electronic nasties from finding their way into your network.
- "Think twice before you hit "Send"" Most definitely. I blogged about this recently.
- "Proofread profiles" This warns the personnel to make sure their own profile information on their blogs, in their emails, etc. will not result in your company manager, or worse HR person, calling them in to have a serious discussion about their profession-limiting activities.
- "Snail-mail your resume" This is so earlier edits do not hang around in them, and also so your boss does not see you are sending your resumes to other organizations.
- "Hold your tongue" This warns not to leave voice mails you will later regret. This happens way too many times. Voice mails have been used extensively as evidence in court.
- "Forward with care" Another email oops that I have discussed
- "Use passwords" DUH. Info sec and privacy folks, you should be telling your personnel about all issues related to all types of passwords.
- "No porn at work" This is beyond, DUH…c’mon folks! You’re getting paid to work, not testing to see if you need the little blue pill.
Technorati Tags
information security
IT compliance
policies and procedures
corporate governance
employee privacy
awareness and training
privacy