Few topics are as inherently controversial as whether companies should monitor their employees' e-mail and internet usage. Perhaps the only thing that almost everyone agrees on is that all organisations should have some sort of written policy. Unfortunately, too many of these policies are so out of touch with everyday workplace reality and so hopelessly biased toward the employer that they often sound like they were borrowed from some old KGB security manual. Would you really want to work for a company that tells you that you can't use company property to send an e-mail to an old friend or pass along a joke to a colleague?
Writing broad and easily understood guidelines is rarely easy, but it's often a worthwhile exercise. The following are five suggested rules that, to me at least, seem fair to both employers and employees:
1. The company recognises that its employees have busy lives and long workdays and that this sometimes warrants the use of the company's computers, printers, copiers, telephones and networks for occasional and limited personal use. If an employee has any doubts about the meaning of limited or occasional, he should consult an immediate supervisor or human resources representative.
2. The company recognises that employees aren't robots. Both during and after normal working hours, employees may occasionally access the Internet for non-work-related purposes (subject to the restrictions below), just as they are currently allowed to read newspapers in the company library or make occasional non-work-related telephone calls.
3. The company has no intention to broadly monitor the content of individual employee e-mail communications. However, in order to maintain a high-quality work environment, it does reserve the right to either randomly or systematically scan all employee e-mail for offensive words and phrases. Employees found using such language will be subject to disciplinary action, including termination.
4. Other than the aforementioned scan for offensive language, employee e-mail will never be reviewed without sufficient cause. Employees should be aware that valid potential causes include, but aren't limited to, the following: legal, ethical and customer issues; employee productivity and job performance concerns; unusual levels of network utilisation; and complaints from fellow workers or other individuals. Any such e-mail review will formally involve both the employee's immediate supervisor and a human resources representative.
5. The company reserves the right to block and/or monitor Internet access to any sites that the company deems to be offensive or undesirable. In addition, employees found to be visiting sites that aren't blocked that are subsequently found to be offensive are subject to review and possible disciplinary action. These offensive sites include, but are not limited to, sites focusing on pornography, violence, hate groups and similarly objectionable material of no business relevance.
Perhaps most important for IT professionals, the monitoring of employee behavior shouldn't primarily be the responsibility of the IT department. Just because IT can now keep track of many types of employee activity doesn't mean that it should, and many IT leaders would be wise to resist any management moves in this direction. More often than not, the value of monitoring messages or tracking employee time spent online and Web site visits won't justify the cost, financial or otherwise.
Both companies and workers have legitimate rights and needs. Right now, the balance is steadily shifting toward the employer. But, with all due respect to management, sometimes effective IT leaders need to speak up for the everyday employee.