Legal, security and ethical issues trouble IT managers confronted with the added task of workplace monitoring, making them the surveillance checkpoint as companies move to reshape Internet usage policies.
Monitoring in the workplace is now a reality, but fears of legal retribution are shaping the type of policies some organisations are developing.
Employer liability applies in a range of areas relating to staff use of the Internet, but the medium's infancy has left many IT managers with the responsibility of enforcing policies with very little legal precedent.
RACQ IS manager Bruce Rice said network engineers at the organisation monitor e-mail for two hours each day under strict nondisclosure conditions.
"They have also been instructed to have the mindset of turning off and forgetting what they have seen when they are finished," he said. Hotmail access is banned and all e-mails are tested for viruses, Rice said, as they are considered security issues. Mike Evans, IS manager at the SAS Institute, said the group does not monitor e-mails. "We do reserve the right to look at someone's e-mail if the need came up, but we don't participate in e-mail monitoring as such," he said.
A spokesperson from Pilkington Glass, who requested anonymity, said e-mail is monitored four hours a week.
"We don't look at e-mails per se but at attachments like Jpegs and other likely pornographic problems; we are now looking at content software to do this," the spokesperson said.
"Hotmail is a security issue as it has been shown to open doorways through firewalls, therefore, we need to find a solution so company security isn't corrupted."
Gayle Hill, corporate and technology special counsel at Freehill, Hollingdale and Page, said studies on workplace resources show 60 to 70 per cent of e-mail usage is actually personal and leaves companies extremely vulnerable to the theft of company information.
She also referred to one of her clients who had to confront a defamation claim because an employee had used the e-mail system to place an allegedly defamatory message on a bulletin board.
"A key issue arising in the US is the unmasking of an anonymous Web poster with the debate focusing on rights to anonymity on the Internet and freedom of speech," she said.
"A company executive was unmasked for posting an allegedly defamatory remark which led to his dismissal; he is now suing the Internet service provider for disclosing his identity."
Meanwhile, tackling the question of liability while still providing a reasonable degree of employee privacy is at the centre of attempts by the Labor Council of NSW to legislate e-mail use in the workplace. The Labor Council wants to ensure e-mail can be used in the workplace to communicate with unions.
But as the council's industrial officer, Michael Gadiel pointed out, the onus of confidentiality is left with IT managers igniting fears that sensitive communications may be passed on to the HR department or CEO.
"When filtering is carried out we have to consider where that information will go as employees have the right to confidentiality," he said.
Gadiel said the council has written to the NSW Premier asking that the same personal use standard applied to the telephone be applied to e-mail. When policing co-workers human nature can also lead to inconsistency or overzealousness in the way it is applied.
According to an annual survey of the American Management Association, workplace surveillance has doubled since 1997 largely as a result of the more widespread use of e-mail.However, a policy not enforced correctly can leave the employer liable in cases of online gambling during business hours or access to pornography may lead to sexual harassment claims.
Monitoring is often just one of the many tasks undertaken by IT staff, so enforcement may be inconsistent as checking the downloads for inappropriate material could be way down on the weekly to-do list.