With insider theft, low productivity and inappropriate behavior at the workplace in organizations such as HTC, NSA, and Zynga on the rise, more and more companies are realizing that they need to make use of an employee monitoring program. However, it does lead to a number of questions regarding its legality and whether or not it is a good practice because it isn’t as common as security for outside attacks.
Employee monitoring is legal within the United States, however, the 1986 Electronic Communications Privacy Act does prohibit unauthorized interception of any kind of electronic communication which includes emails however service providers are exempt from this law. Thus, courts tend to assume that employers who provide their employees with internet access and email fall under this category.
Not only is it considered legal to monitor employees while they are using their computers and are online, there also exists no federal US law which requires that employees must be notified prior to being monitored. Thus while informing employees of the right of the company to monitor them and any activity they conduct on computers and to disclose it in the employee handbook is considered to be a good practice, it isn’t part of the US law that this must be done.
According to research analysts at The Sentencing Project, Valerie Wright, notifying an employee the company’s right to monitor them can act as a natural deterrent. Research also suggests that an increase in the certainty of the punishment instead of its severity is likely to create deterrent benefits.
US courts have however tried to balance the expectation of employees with regard to privacy against the justification of employers for monitoring. A University Professor of Law, Dorothy Glancy says that while there aren’t a number of cases, they do tend to go against the employee. The opinions of courts tend to take the view point that when employees are making use of the property of the employer, employee’s expectation of privacy should be kept minimal. If employees, however, do want to have private communications, they can do so on their own free time.
A large number of companies are now monitoring their employees electronically and this has risen from 35% to 80% from 2001 to 2012 due to an increase in awareness. However, it is because of data breaches, inappropriate behavior, and theft which have caused such a rise.
If your company doesn’t have a policy as part of the employee handbook, it is best that you put one in. an Acceptable Use Policy has a number of purposes; it clearly states the policy of your company so that employees know what is acceptable and what isn’t. It also consists of a disclosure about the company having the right to monitor any activity which takes place on devices provided by the company as well as on the company network. Every employee should also be given a copy of the AUP and to acknowledge its receipt.
A greater number of companies are making use of employee monitoring to improve their security internally and to protect themselves from any inside threats, to ensure that employees adhere to every company policy and to improve the overall awareness about what is taking place within the company. By doing so, the company would at least have a strong legal standing.
It is also a good idea to consult laws which apply to your local jurisdiction as these vary from country to country. While everything stated in this article is not legal advice, it simply provides a framework of what should be done. An attorney who is familiar with such laws and has knowledge of such concerns should be contacted.