Most Canadian firms exercise some level of control over staff Internet usage – by blocking risqué Web pages, or monitoring URLs visited or e-mail usage at work.
Such oversight can be useful to employer and employee alike.
It can boost staff productivity and prevent “illicit” use of company computers and damaging litigation that could result.
But experts note employee monitoring can function as a double-edged sword. If done improperly and with inappropriate tools it can actually do more harm than good, they say.
For instance, when checking on employee surfing habits, there’s a chance someone may be wrongly accused because they accidentally clicked on an offensive pop up, or their malware-infested PC downloaded illicit material without their knowledge or consent.
Or perhaps someone else used their computer during a break.
To minimize the pitfalls of employee monitoring, and maximize its benefits, industry insiders have suggested various strategies.
One is adopting reliable monitoring tools and technologies.
For instance, enterprise iBoss – a new product from San Diego, Calif.–based Phantom Technologies LLC. is being positioned as a “responsible” staff monitoring offering that does the job without any false positives.
A Web filter application, enterprise iBoss automatically monitors and records activity on desktops or laptops flagged for inappropriate content, said Peter Martini, chief operating officer (COO) at Phantom Technologies.
For instance, if an employee attempts to access an “adult” Web site five times in two minutes, the activity will be recorded. Then the user’s desktop will be recorded for three additional minutes to confirm the inappropriate activity is intentional.
The tool can be set to record activities on a PC for a specified period of time following certain prohibited actions – such as visiting an adult site, engaging in an online chat, peer-to-peer file sharing or downloading.
A sufficiently long recording of a user’s actions will indicate if the prohibited action is deliberate or unintentional, or the result of malware, Martini noted.
Administrators, he said, can remotely monitor and control up to ten desktops live, potentially reducing overhead costs.
The main benefit for employees is the tool creates a safer, more enjoyable workplace, the Phantom Technologies COO said. Employees have the assurance their Internet administrator won’t falsely accuse them of inappropriate activity due to a pop-up ad.
And the iBoss application also ensures users are more cautious with content they’re sending around the office. “Twenty-seven per cent of Fortune 500 companies have [faced]sexual harassment suits resulting from e-mail,” Martini noted. “All employees suffer when this happens.”
He said besides helping employers ensure staff are following their corporate Internet policy, the application will also improve productivity – forcing employees who check their Facebook or personal e-mail a lot to cut back.
Sixty-three per cent of companies say they can better manage risks relating to employee communications by using an e-mail monitoring tool and 26 per cent say they’ve fired an employee as a result, according to a November 2006 Fortiva survey.
In the U.S., 46 million employees go online during work hours for personal reasons, and 53 per cent engage in personal Web surfing every day, a survey by e-business and Internet market research publication eMarketer.com reveals.
The average American Internet user now clocks about a full workday online each week – approximately 7.8 hours a week – totaling 21 hours in a four-week month, according to the USC Annenberg School Center for the Digital Future.
This matches up with data from an IDC Research/Harris Interactive poll finding that workers spend 8.3 hours a week surfing non-work related sites.
While companies understandably want to ensure employees are productive in time they’re being paid for, employers also need to consider the individual’s rights before over-using tracking tools, say privacy and human rights commentators.
Ten years ago, the Canadian government excluded employee records from freedom of information Acts at the provincial and municipal level.
British Columbia, Alberta and Quebec have legislation but all other provinces are essentially left unprotected, says Mary O’Donaghue, general counsel to Ontario’s Information Privacy Commissioner.
In a 2007 symposium, Canada’s Privacy Commissioner called on employers and legislators to strengthen employee privacy guarantees, fearing employers would abuse new tracking tools to infringe on employee’s privacy rights.
Written notice of monitoring and a promise of reasonableness are two protections O’Donaghue wants for employees.
Employers, she said, shouldn’t be abusing their authority or collecting more information than they need. And if there is a less invasive way to monitor productivity, they should try that out first.
An Ottawa-based employment and labour lawyer agrees.
The key issue employers should consider when tracking Internet usage or monitoring e-mail is what a typical person would consider “reasonable,” says Dan Palayew, a partner at Ottawa-based Heenan Blaikie SRL/LLP.
Almost all employees would expect some kind of Internet monitoring while on a corporate computer. “I don’t think anyone should find that surprising.”
Ten years ago, 50 to 60 per cent of employers used employee monitoring tools, now that number has increased to about 88 per cent, Palayew said. Around 90 per cent of employers use monitoring filters to block Web sites on restricted topics, such as pornography, travel, gambling or entertainment.
Palayew says most companies are circumspect in their tracking techniques. “A lot of organizations still try to apply best practice privacy principles.”
In privacy law, he said, “it’s all about balancing employers’ legitimate needs with employees’ rights to privacy. And most employers are balancing – [they] don’t want to act as Big Brother to ensure productivity.”
The other key, he said, is for companies to enforce a privacy policy consistently. “If managers are checking hockey scores on TSN and setting a bad example, you can’t get mad at an employee for surfing on a personal site.”
Palayew recommends corporations create a computer usage policy that all employees read and sign before they are hired. The agreement should clearly state that Internet usage – be at home or in the office – will be monitored by the employer if using corporate resources.
When it comes to reporting Internet activity, I think it’s fair, said James Quin, senior research analyst at Info-Tech Research in London, Ont.
He said e-mail tends to be a bit trickier because to do any filtering, you need to look at content, which is more personal than a list of URLs. “But businesses have a right to protect their integrity. And there’s a risk employees are sending out e-mails that could be damaging to the company.”
For instance, he said, companies need to protect themselves from e-mails filled with swear words (which makes the organization look bad) and those that leak confidential data.
Employers can protect themselves from the charge of privacy invasion by advising staff not to use corporate e-mail addresses for personal use.
As data leaks become more sensitive, e-mail monitoring will become more common, Quin predicted.
And it’s a practice he wholeheartedly endorses “because what’s good for the business is ultimately good for the employee.”
