Employee privacy is collateral damage

Average office workers are unaware of the extent to which they can be monitored at work

I have a friend who works for a large company, and he's quite a jokester. He loves to send off-color jokes to his closest friends. I recently cautioned him about doing this from work, telling him he could get himself in trouble with his employer. He said, "Don't worry, I only send these jokes to a few people who really know me. They know I'm only kidding around."

Uh, oh, I thought. He doesn't know. He's not aware that every digital action he takes at work probably is monitored and logged. He doesn't realize his jokes and his complaints and ranting about co-workers live forever in an e-mail archive. He doesn't know his personal conversation on the company's phone system can be reconstructed and listened to verbatim six months from now. He isn't aware his company knows about every Web site he visits on a given workday, and how he spends his time online.

Talking to my friend made me realize that average office workers are unaware of the extent to which they can be monitored at work -- even if there is no suspicion of aberrant behavior.

That's not to say that companies snoop on employees because employees can't be trusted to use their time and company-owned resources properly. In fact, this is rarely the case. Rather, employee privacy is more like collateral damage in the effort to wring out wasteful operational costs and to improve the security and efficiency of expensive IT systems. It's usually only in extreme cases when an employee is suspected of wrongdoing that the digital monitors are purposely pointed directly at him.

Workers might view digital monitoring as the rogue actions of an Evil Empire, but it's really just good IT operations.

I explained to my friend that large companies' IT departments use tools that, by default, reveal much more than often is needed to manage their IT systems. Office workers should keep this in mind and act accordingly, knowing full well that others can "see" what they are doing.

For instance, a company deploys a secure Web-gateway appliance to block harmful Web sites that might plant viruses or spyware on desktop workstations. The appliance also does content-filtering to prevent users from being exposed to offensive materials, such as pornography. Most employees would agree these are worthwhile pursuits. What they don't realize, however, is that administrators and managers can use such tools to track every Web site and page visited by every computer user on the network. This is no big deal, unless you are the guy who spends an hour a day on your Fantasy Football site. Would you want your boss to know that's how you spend your time in the office?

Or, consider what can be done with a VoIP analyzer. Technicians use such a tool to listen to recorded conversations to determine the quality of calls. Is there packet loss or network jitter that leads to broken dialogue? Certainly problems like these need to be rooted out and resolved. Too bad if the monitor happens to play back a call in which an employee is "privately" whispering sweet nothings to her hot boyfriend across town. Oops!

Likewise, when workers type a snide comment in an e-mail or an instant message, they don't think how it will be logged and archived for the next seven years, and possibly made public or admitted into evidence if the company is ever investigated or sued. Certainly former Enron employees didn't consider this when they used corporate e-mail to discuss intimate personal details with others. Then, as part of an open records act, a log of thousands of Enron e-mails -- business-related or otherwise -- ended up on a public Web site operated by the Federal Energy Regulatory Committee when the disgraced energy company was under investigation.

I'd venture to guess there are very few employers that go looking for the dirt on employees. Certainly IT people don't have the time for it. System administrators are far too busy digging for problems' root causes or looking for ways to stretch resources to spend time looking for e-mail abusers -- unless, of course, there's a specific reason to point the spotlight on someone. Then the company has free rein, and sometimes an obligation, to analyze an employee's digital trail.

As I told my friend, there's no sense in inviting the focus of the spotlight. It's definitely time to take the politically incorrect e-mails and actions out of the electronic office. Though unintended, collateral damage can be pretty destructive.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ACTBossDialogueEnronGatewayHISIT PeopleVerbatim

Show Comments