Employee Privacy in the Workplace

It can happen close to home. An explosion caused by a detonated bomb rocks downtown, and as news reports pour in, it is revealed that the suspected bomber was never considered by his employer or coworkers to be a terrorist. Everyone around him believed he was a respectable citizen and employee. Yet the question always asked is “were there any warning signs?” and if employee privacy is protected, the answer to that question would undoubtedly be no. Due to decreasing employee productivity, increasing levels of terrorism, and computer hacking employees should have no expectation of complete privacy in the workplace.

Fortunately, the story above may be fiction but if privacy advocates have their way, it could certainly become a reality. After the attacks on September 11th 2001, America was suddenly forced to examine how terrorists could infiltrate and undermine resources to their will. Airport security was tightened down, new agencies were created such as the Department of Homeland Security to handle security at home, and a new color coded alert system was put into place to warn citizens when the government has reason to believe that an attack could happen. It was clear; America had to find any way that a terrorist could infiltrate and use systems against us. The government then introduced and passed the Patriot Act, which allowed broader surveillance of almost all aspects of American lives.

Even though the government has extended their surveillance capabilities to the homes of all Americans, the Patriot Act provides very little ability for the government to monitor possible terrorist activity within the workplace (Echols, 2003). This has created a major gap in which terrorists could use company resources to acquire materials, plot their activities, and collaborate with other terrorists. Such resources include computer and phone systems, Internet connections, and private shipping services. Each of these resources can be especially helpful to a terrorist if left unchecked and unmonitored. In the fictional story above, the terrorist was never considered to be a threat because the government did not have the power to monitor him at work and his employer did not monitor their employees’ communications. While it may seem far fetched, it is still a legitimate possibility that requires vigilance in the workplace through monitoring. In order for Americans to expect the government to track down terrorists, companies should monitor their employees and report in suspicious activities. No one should be forced to ask, “were where the warning signs?”

Terrorism is a top concern for companies both large and small; however, they all share another reason to monitor their employees. Wen and Gershuny (2001) state, “Every minute spent booking a flight or checking a stock price is a minute not spent increasing revenue. The computer has usurped gossiping in the coffee room or talking on the telephone as the leading waste of corporate time.” While there is no way to pin point the exact amount of lost revenue from the personal use of computers, many companies currently err on the side of caution by monitoring their employees. The American Management Association completed a survey in 2005 that concluded 76% of surveyed companies actively monitor Internet activity for misuse. From those companies, 61% said they have disciplined employees and 26% have terminated employees for policy violations relating to personal use of Internet resources (AMA, 2005).

These numbers suggest that employees are, in fact, abusing company resources for personal use and in some cases, so severe that termination was required. Because employers have invested time and money through training and benefits, it is important to understand that employers do not want to terminate their employees for any small infraction. The employees terminated in the study above were obviously up to no good. It is plain to see that employers should be watching for the misuse of their systems for personal use.

Through monitoring, employers are also protecting themselves from attacks by computer hackers. Computer attacks happen when employees visit an inappropriate site, download a program, or get an email that houses a virus, trojan, or worm that infects their computer. The infection can attempt several attacks such as running a denial of service attack to shut down company servers. They can also steal company information, passwords, and personal information about employees and send all that information to millions of criminals just waiting for the opportunity to wreak havoc. The commonality in all attacks is that they all start from employees, whether they know it or not. The company has a vested interest in preventing these attacks by monitoring the computer activities of their employees. Employees may wonder who is responsible for protecting the employees’ private information. Luckily for employees, as the company protects their own assets they are also protecting the employees as well.

In 2002, the Computer Security Institute completed a survey showing $455,848,000 in lost revenue from companies attacked by computer hackers. The survey also reported that “seventy-eight percent detected employee abuse of Internet [sic] access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems)” (CSI, 2002). The monetary loss mentioned in the survey is the amount that was reported in 2002. There certainly are more companies that have lost revenue but have not reported it. With more than 450 million dollars of losses, one can certainly understand why companies monitor their employees to prevent them from visiting sites that could cause an attack on company servers or send emails that disclose proprietary information about the company and its employees.

Monetary losses and corporate liability are not the typical concerns for average employees. Opponents of monitoring cite many reasons to maintain complete privacy in the workplace such as employee morale. Echols (2003) refers to several factors such as “stress, depression, and anxiety” as well as trust and “mutual respect between employer and employee”. To some, these reasons could be considered problems of the individuals themselves. Nevertheless, employers should still consider them when creating polices and procedures for their work environment. There are options available to employers to alleviate these issues while still maintaining a protected environment.

Two options for employers to consider include a clearly defined privacy policy and separate areas for non-work related activities. A clearly defined policy is perhaps the easiest option available to implement. The policy should define what the company monitors, why they monitor them, and how this affects the employee. Employees should read this privacy policy and acknowledge that they understand it fully before accepting a position within the company. The second option, separate areas for non-work related activities, provides an opportunity for employees to conduct private matters such as banking and medical research without fear of intrusion into their personal lives. Separate non-work areas should include computers with minimal supervision with exception for illegal activities. These computers should also be separated from the main company network to prevent a possible denial of service attack against company servers and employees should only be allowed to use them when they are on their own personal time such as breaks, lunches, and coming in early. Each of these options will help educate employees on what is acceptable and allow them an outlet for personal privacy therefore reducing stress, anxiety, and depression in the workplace. If employees and employers alike will fully utilize these options, issues related to privacy in the workplace can usually be resolved.

In a world of terrorism, reduced productivity levels, and computer hacking, the need for monitoring employee communications in the workplace has never been greater. The American people should never have to wonder if the government and their employers are doing everything in their power to protect them from terrorists and hackers. Without employee monitoring in the workplace, the public can never fully expect the government to fight terrorism to the best of its ability. Furthermore, employees cannot expect corporations to ignore any capabilities that could undermine their systems. There is no doubt; employees should expect no right to complete privacy in the workplace.

References

American Management Association (2005). 2005 Electronic Monitoring & Surveillance Survey. Retrieved November 7, 2005, from http://www.amanet.org/research/pdfs/EMS_summary05.pdf.

Computer Security Institute (2002). Cyber crime bleeds U.S. corporations, survey shows Financial losses from attacks climb for third year in a row. Retrieved November 10, 2005, from http://www.gocsi.com/press/20020407.html.

Echols, M. (2003). Striking a Balance Employer Business Interests and Employee Privacy: Using Respondeant Superior to Justify the Monitoring of Web-Based, Personal Electronic Mail Accounts of Employees in the Workplace. Computer Law Review and Technology Journal, 7, 273-300. Retrieved November 1, 2005, from http://www.smu.edu/csr/articles/2003/Spring/Echols.pdf

Wen, H.J., Gershuny, P. (2005). Computer-based monitoring in the American workplace: Surveillance technologies and legal challenges. Human Systems Management, 24(2), 165-173. Retrieved October 18, 2005, from EBSCOhost database.

Leave a Reply

Your email address will not be published. Required fields are marked *


one + 3 =