Home » Physical Security » Employee Protection

In Depth

Employee Monitoring: Watch This Way

What you don't know about how your employees are using company resources can hurt you. But remember this: There are acceptable, and not so acceptable, ways to monitor employee activity.

By Daintry Duffy

Page 4

A company might decide to monitor employees who are "misusing" their e-mail or Internet access to create a hostile work environmentwhich can be a dangerously subjective concept. In 1995, Chevron settled a well-publicized sexual harassment suit brought by four female employees who alleged that their coworkers created a hostile work environment by circulating offensive e-mails and Internet images. One of the items that was introduced into evidence was an e-mail titled "25 Reasons Beer Is Better than Women." Chevron paid out $2.2 million to make the suit go away.

For every half-written document, hastily tapped instant message and ill-conceived e-mail, there's a subpoena to ensnare. Witness the public spanking of Merrill Lynch's stock price after authorities recovered e-mails that showed stock analysts privately trashing companies that they had publicly touted. In fact, the largest legal settlement ever involving a drug company owes a debt of gratitude to the evidence provided by internal e-mails. During litigation over diet pills manufactured by American Home Products, e-mails came out that showed the company was not only aware but dismissive of the drug's potentially fatal side effects. In one particular e-mail an employee scoffed at the notion of having to pay off "fat people who are afraid of some silly lung problem." The company settled the case in a settlement valued at up to $3.8 billion.

Open acknowledgement that a company monitors, reinforced by decisive action when infractions are discovered, will drive home to employees the understanding that e-mail is not a private form of communication. They, in turn, will likely police their own e-mail content.

The liabilities that employees can create with the use of computer systems are almost limitless. Imagine the damage (and damages awarded) if an employee uses the company's network infrastructure to launch an Internet-based attack, or if an embittered employee decides to post fabricated information about his publicly traded employer onto a chat room bulletin board.

However, companies that have acted in good faith to enact a monitoring policy and educate employees about abiding by those requirements will be in a significantly stronger legal position. "The courts look favorably on employers with a written policy consistently enforced and backed up by education," says Nancy Flynn, executive director of The ePolicy Institute and coauthor of E-Mail Rules: A Business Guide to Managing Policies, Security, and Legal Issues for E-Mail and Digital Communication (Amacom, April 2003). "Those employers are seen to have done everything possible to maintain a safe, secure and appropriate work environment."