• United States



Expect No Privacy at Work

Jul 20, 20072 mins
ComplianceIT LeadershipNetwork Security

Acceptable use policies strongly suggest personal computing belongs at home, not in the workplace


As it turns out, privacy is not an inalienable right. If you download child pornography on your personal computer and bring it to the office, it could certainly land you in federal prison.

Such a fate exists for Michael Barrows, former Glencoe, Okla., city treasurer. In early April, a U.S. Court of Appeals upheld Barrows’ six-year sentence for possession of child pornography, after he argued that he had an expectation of privacy when he took his personal PC to work. The illegal files were discovered when a city clerk, who was having trouble opening a file, asked for help from a reserve police officer who traced the problem back to a file-sharing program running on Barrows’ computer.

So what rights does one have when using personal technology in

the workplace? Not many, according to Nancy Flynn, executive director of the ePolicy Institute, an electronic communications consultancy. ­According to a recent American ­Management Association/ePolicy Institute survey, 84 percent of employers had policies governing workers’ personal e-mail use, 76 percent monitored workers’ website connections, and 65 percent blocked certain connections completely. Half of all employers said they have fired workers for misusing the Internet or e-mail at work. The number-one reason employers monitor e-mail and Internet use is fear of litigation, says Flynn, and that fear is well founded: 24 percent of small, midsize and large U.S. companies had e-mails subpoenaed by the court in 2006. E-mail has become the “electronic equivalent of DNA,” she says.

The best way employers can ensure the proper use of their computer assets is to set rules governing them. In Flynn’s opinion, an ideal policy would ban the use of personal technology at the office completely. However, if employers decide to allow personal use, the policy should spell out e-mail rules regarding content, language and confidentiality. “You may want to restrict personal use to certain hours of the day: lunch hours and work breaks, for example, and restrict who they can communicate with: maybe kids, spouses and baby-sitters.” Employers should also offer formal training when it comes to e-mail rules and risks, says Flynn. That way, employees won’t feel like Big Brother is looking over their shoulder. “When employers explain rules, why they are in place, how they monitor and why, it goes a long way toward encouraging compliance,” says Flynn.