It’s in the Genes – Corporate DNA in the Internet Age

“I’m going to have to let you go” are dreaded words in one’s career. But hearing them after stellar performance reviews, successful projects, or that one big sale can send one reeling. But in a surprisingly high number, this is what’s happening due to violations of employers’ Internet use policies. The affected employees are faced with personal and professional turmoil, especially with the confidential nature of such dismissals. Paranoia and mystery can run rampant for a very long time, shaking up teams and other employees.

But the risks of not having or enforcing use policies can have wider and more expensive results including legal liabilities such as sexual harassment and wrongful termination lawsuits, lost productivity, PR headaches, lost revenues, wasted computer resources, security breaches, and more.

Avoiding these situations requires diligence, open communications, and intelligent use of available technology. Advice from legal counsel can give you the specifics for your firm. I’m no attorney, but many of the facts are pretty clear.

Many firms are turning to electronic surveillance as a first line of defense, seeking to locate problems early. Use is widespread, and it’s growing. A recent survey of 526 mid to large sized companies done by the American Management Association found that 76% were monitoring their workers’ Internet connections and 65% were using software to block inappropriate websites, and smaller firms weren’t far behind. This number is expected to grow rapidly in the coming years. In addition, high quality spam and virus blocking systems can prevent pornographic or offensive emails from ever entering your company network at all.

Only 10 years ago, conversations on the phone or in the hallways were forgotten quickly, introducing reasonable doubt if ever questioned in a legal context. But now these conversations, conducted electronically, are woven into the history of a company via electronic logging and backups. Nancy Flynn, executive director of the ePolicy Institute, puts it this way “There are three main reasons employers monitor employees: legal liability issues, employee productivity and security breaches. For example, e-mail creates a written business record, and employers are becoming increasingly aware that e-mail and Internet activity is the electronic equivalent of DNA evidence. If a company is sued or investigated by a regulatory agency, you can take it to the bank that e-mail will be subpoenaed.”

One of the early reasons for inappropriate use on the web was the availability of high speed connections at work, but even with high speed connections at home, some employees are not getting the message. Though most employees are aware (85%) of monitoring, fully 25% of the firms in the survey had fired employees for inappropriate Internet use and one in five had email subpoenaed by law enforcement. It’s clear that we must look beyond fancy software to solve the problem for us.

A proven method to avoid problems is rather old-fashioned. Clear, consistent communication about what is expected from employees. This is usually done in the form of written policies and some sort of signature. Having consent can be important if a problem emerges, even if it’s implied through policies. “Employers should notify employees that they are being monitored, what type of monitoring is being done, and how data from monitoring will be used.” says Beth Givens, executive director of the Privacy Rights Clearinghouse. Employees also should know that accidental viewing of offensive material is not something to worry about – as it happens to us all sometimes.

All types of electronic communications are subject to risks and you, with legal counsel, should have a policy covering their use. An outside consultant can be used to help educate the manager or executive in the best ways to present the information, but should not be used to deliver it to employees in my opinion. In addition, I recommend examples of violations along with more generic “common sense” expectations.

I would encourage some sort of automated reminder mechanism as well. Email reminders can be set to send “reports” to employees on a regular basis with information about numbers of emails sent, pages visited, or a simple note. A gentle reminder keeps the rules on the minds of the users with regular frequency. “Yep, they’re still monitoring.” The message should be matter-of-fact and straightforward – not oppressive in tone.

The Federal Wiretap Act provides allows (via some rather elegant technicalities) employers to monitor email and IM communications in the workplace under many conditions. Other laws protect employee’s private communications, such as access to an employee’s web-based email services, such as Gmail or Yahoo! Email. It might make sense to ask employees to use those services for personal, for example, in your policy, to provide a clear delineation between personal and company email.

While it might seem awkward to discuss with your staff, done properly, these policy distributions can be used in a very positive light. Use them to strengthen the trust and respect within your team and to protect all employees from the damage of one bad apple.