Tag Archives: Sturm College

About 2425 days ago Data Security

Should You Monitor Employee E-Mail?

A disgruntled artist at an animation studio stands up and looks over his cubicle to make sure the coast is clear. Slumping back in his chair, he opens his anonymous Gmail account, attaches documents about a top-secret movie the company is working on, and smiles as he clicks the “send” button, electronically transmitting this sensitive info to a rival company. What this employee fails to realize is that his boss remotely monitors e-mail and Web activity to catch such insubordinate acts. The animator is fired, then sued, and will likely never find work in the industry again. Roughly 25 to 40 percent of firms in North America monitor employee e-mail in some capacity, says Mark Levitt, vice president of collaborative computing and the enterprise workplace at IDC, the research firm in Framingham, Mass. “Employers have both a right and a responsibility to ensure that e-mail is used for the good of the organization and is not used in an unlawful or damaging way,” says Levitt, a retired attorney. When it comes to the debate over privacy, Levitt says an employer’s owns the e-mail systems — which includes the software, network access, computers, and so forth. Therefore, the company has the legal right to oversee how its systems are being used or abused. In one sense, e-mail monitoring is a way to protect the organization’s confidential business information. “Employers need to know if employees are sending e-mails to competitors containing confidential information about product designs or strategies,” says Levitt. Liability and potential lawsuits Aside from divulging trade secrets, there are other key reasons to monitor e-mail. A company needs to protect itself from legal liability if a worker is misusing e-mail to send offensive messages to or about co-workers in the office, such as inappropriate sexual remarks. New laws and regulations require companies to protect private customer information and that means making sure employees are not divulging customer information to a third-party via e-mail. There are also productivity issues. A business owner will want to to know if an employee is sending personal e-mails all day. Small businesses have fewer staff members and it hurts the bottom line to have one or more being unproductive. “The question isn’t whether an employer should monitor workers’ e-mail — the answer to that is yes, and it is legal — but it’s how they should go about it,” says John Soma, law professor at  Sturm College at the University of Denver and Executive Director at the Privacy Foundation, an organization that conducts research and educates the public about technologies that affect personal privacy when improperly implemented. “The first step is to make sure employees consent to it by signing a disclaimer that acknowledges the company has a right to monitor e-mail,” says Soma. “You can do it when an employee is hired, at contract renewal or at a company meeting — but the key is consent.” Letting employees know up front their e-mails can be monitored may also serve as a preventative measure. Ways to monitor e-mail According to Jonathan Singer, an analyst at the Boston, Mass.-based Yankee Group research firm, companies can monitor their employee’s e-mail messages in a variety of ways. “How extensively you want to monitor outgoing e-mail likely depends on the nature of your business,” says Singer. “A small tech start-up company for example, may want to make sure their secrets aren’t being divulged, while a financial services firm would want to ensure customer records aren’t sent out to places it shouldn’t.” In other cases, such as a mom and pop pet store, industrial espionage may be less of an issue. Singer says there are several ways to do this: Manually. You can manually go through an employee’s messages by using the administrative access that most e-mail systems provide. Filtering software. You can install filtering software that detect key words, attachment files or specific e-mail domains and pre-emptively blocks these types of e-mails. Keystroke loggers. Keystroke logger programs can send a record of every key pressed on the computer back to an employer or IT department for review. The latter is a drastic measure and should only be deployed if a company has suspicions that an employee is engaged in illegal activities.

About 2425 days ago Data Security

Tips for Developing a Workplace E-Mail Policy

our beautiful site

E-mail is a quick, inexpensive, and convenient business tool, but at the same time it can pose a serious threat to a company due to legal liability, data breaches, or lost productivity caused by employees who abuse the privilege for personal reasons. A company can help protect itself from such threats if owners or managers  implement and then enforce an e-mail policy, a document that clearly outlines the rules and limits for employees who use e-mail — and the employer’s right to monitor employee e-mail messages. “An e-mail policy is critical to avoid ambiguity that could create unfounded expectations of privacy in employer-provided e-mail,” says Mark Levitt, vice president of Collaborative Computing and the Enterprise Workplace at IDC, the Framingham, Mass.-based research firm.. “This also helps to reduce the extent to which employees become upset or angry when they find out that their e-mails have been monitored.” The following is a look at writing the policy, properly implementing it and ways to enforce it. Step 1: Drafting a policy Before you can implement a company e-mail policy, you need to write one. You may be able to turn to experts for cheap and easy help, according to John Soma, Executive Director of the Privacy Foundation, and a law professor at Sturm College at the University of Denver.  “Each industry typically has some sort of trade association, and they may already have some kind of e-mail policy templates you can modify to suit your company’s needs,” says Soma. “It’s foolish to reinvent the wheel, to invent your own e-mail policy from scratch — instead, use what resources are available.” Once you’ve begun to work on your draft, be explicit, says Jonathan Singer, an analyst at the Boston, Mass.-based Yankee Group. He advises crafting a policy that is abundantly clear and to the point: “If there’s any ambiguity, it can cause a problem in court, so make sure it’s worded as simply as possible.” The bottom line to the e-mail policy, says Singer, needs to be: “This is the company’s e-mail and employers have no right to privacy when using it.” Levitt, a former attorney, advises that companies should hire a lawyer with experience drafting e-mail policies. “They need to take into consideration relevant federal and state laws, particular industry regulations and practices, and the business and human resource practices and culture of the employer,” he says. Step 2: Introducing the policy Employees should sign a document that confirms the e-mail policy has been read, understood, and agreed to. Typically, this is done upon hiring, but also should be in every employee handbook, says Singer. “It’s key for a business owner to have every employee sign off on this policy.” The signoff signifies that they are aware of the policy and they agree to abide by it. Experts say you should  warn your employees that their e-mails may be monitored. It’s not so much a legal consideration, but an ethical one so that you are above board with important staff members who represent your company. Forewarning employees about monitoring may also prevent them from doing something that can get them in trouble down the road. Not only do you want to prevent employees from sending confidential company or customer information to themselves, competitors or other members of the public via e-mail, but you want to prevent accidental breaches of confidentiality as well. Soma says an e-mail policy must be implemented fairly to all employees, consistently from the gopher to upper managers, and constantly so that it is an ongoing policy. You have to allow employees use e-mail for some personal reasons if it’s quick and not abused, adds Soma, such as a quick note to say you’re going to the grocery store after work. “It’s no different than quick call on the phone — as long as personal e-mails are used and not abused,” says Soma. “If you don’t allow it, it will immediately decrease productivity and the morale of organization.” Step 3: Reviewing the policy After signing off on the e-mail policy, it’s not a bad idea to remind employees to review it from time to time. Singer suggests adding it in an employee handbook but it’s not something you need to review every month. Monitoring employee e-mail can be performed in various ways: manually perusing through messages with network administration privileges, software that scans messages or monitors keystrokes, or outsourcing these e-mail monitoring services to an offsite company. Lastly, you need to decide how and how often to monitor employee e-mail, experts say.  Some small and medium-sized businesses flag employee e-mail based on specific words or domain addresses, while others don’t do anything other than archive all e-mails in case a situation arises such as a sexual harassment complaint.  You need to decide what level of e-mail monitoring is best for your business.