Internet Monitoring in the Workplace

The Internet is an indispensable tool for employees, giving ready access to invaluable information. On the other hand, distractions loom large for employees given unfettered access to the Internet. The reality of the situation is that the Internet can consume a lot of work time by delivering anything a person wants to their desktop. This can lure employees into time-wasting surfing that leaves an organization with traffic congestion, decreased productivity and even potential legal issues.

Many corporations are taking a tough stance and blocking objectionable sites and or monitoring their employees Internet usage. The issue of Internet usage monitoring must be approached with caution as employee animosity could arise from feelings that the company is infringing on their personal rights. Privacy and personal rights in the workplace are some of the most troubling professional and personal issues of our time. The law does not offer much guidance in this arena and companies must look toward ethical analysis as a guide to decision making. The issue of monitoring employee’s Internet access continues to generate legal disputes and case laws continue to evolve. One point that is clear is that businesses’ have an interest in monitoring Internet access to reduce the risk from reduced productivity, legal liability, and confidential data loss.

According to a report by Elron Software about $1.05 billion, or 30% of the 3.5 billion corporations spend each year on Internet access is wasted on recreational surfing. It seems that access to the Internet has replaced the water cooler as the gathering spot of choice for employees. The pitfalls of a totally wired workforce are starting to become apparent to many companies. Managers are concerned about the possible lawsuits involving employees’ access to inappropriate material during work hours. They also are alarmed by the amount of time employees may be spending on personal interests rather than their actual jobs.

Research has determined that 18% of employees will visit the Internet 10 or more times a day for personal use and 25% visit the Internet 3 or more times a day. Of the employees who access the Internet at work, more than 25% think it is extremely likely that their supervisor is aware of there personal use of the Internet at work. A recent survey highlighted the online habits of workers with Internet access: 72% read the news, 40% shop. 37% search for another job, 34% check stocks, and 28% take care of personal issues. Some other popular uses for the Internet include checking sports scores, making travel arrangements, and spending time chatting in rooms or via the various instant-messaging applications (IM). An surprisingly, despite the risks, one in twenty-five employees still visit pornographic sites at work. Furthermore, according to Business Week, a full 80% of workers say the use company e-mail to send and receive personal messages. Most employees are aware that Internet activities not related to work can slow down Internet access for the entire company and can use up costly bandwidth, but persist in the use of the Internet. These activities are detrimental to the workplace and contribute to a loss or productivity as well as hampering mission critical Internet use.

It is important that Employers provide employees with a clear Internet Usage Policies, describing the permitted and prohibited uses of the Internet at work. The Internet Usage Policy (IUP) should make it clear that Internet traffic is not private and that the Employer has the right to monitor Internet use at will. Issues that need to be considered when drafting an Internet Usage Policy include whether the employees will be allowed to use the Internet for personal reasons, when and how often personal use may be allowed, and whether there are different policies for varying levels of the organization. When seeking guidance for these issues a firm should consult its mission statement, company goals or values, and principles. Human resources and Information Technology departments are essential to developing and implementing a high-quality Internet Usage Policy. The input of both departments should be sought to maximize the expertise brought to the table to ensure that all aspects of company policy are taken into consideration when developing the Internet Usage Policy. Once a policy has been approved, it should be made available to all employees and posted in prominent location in the workplace. It should also be distributed during any new employee orientations, as well as on a regular basis for all employees. This can ensure that the policy is relevant to everyone involved and that any issues related to new technologies or changing circumstances can be brought to the forefront and effectively resolved. In addition, it can be very helpful to have employees sign a standard acknowledgement that they have read and understand the Internet Usage Policy. Many corporations post messages reminding users of the Internet Usage Policy during logon or prior to Internet access. It is also important that the employer enforce the policy in a uniform manner following standard company disciplinary norms.

When drafting the Internet Usage Policy, the firm must be aware of the competing interests of employees and employers. The fact that the Employer has a right to manage the work environment of its employees cannot be challenged. Employers need to ensure compliance with laws and regulations, administer employee benefits, and protect employees from hostile or uncomfortable work environments. Additionally employers want to ensure that workers are productive and effective while at work. On the other hand, employees desire to be treated as capable and rational individuals who have the ability to follow company guidelines and make their own decisions. Most employees are interested in the ability to conduct some personal business at work, freedom from the lack of pressure related to monitoring, freedom from monitoring for privacy reasons, and the ability to review and challenge any data that is collected concerning their use of the Internet. Employees believe that when the employer possesses more information about them then the relationship has become unequal and the agreement unfair. If the employer does not allow the employee to have access to the information gathered than employees generally feel at a disadvantage.

An organization needs to attempt to strike a balance between the employee’s right to privacy and the companies goals. The general unease felt by many employees in knowing that every keystroke may be monitored has raised privacy issues in response to employer monitoring. The data gathered could have real consequences for employees. For example, the Dow Chemical Company fired fifty employees and disciplined 200 for using the Internet during company time to view pornography and violent images. In addition, Xerox Corporation fired forty employees for using company resources to browse pornography and shopping related web sites. Few would argue that employees caught viewing offensive content or revealing businesses trade secrets should not be disciplined or terminated, but should employees lose their jobs for using the Internet for personal use while at work. Engaging in activity such as browsing for sports statistics, shopping on web sites, searching for a new job, or any other activity that is neither illegal nor could lead to a hostile work environment does not seem to justify termination. The line between employee’s personal and business lives has blurred as workers conduct personal business in the office and professional business at home. Many workers can connect to their office via the Internet or phone lines to check e-mail and perform other tasks that in the past were limited to the office. The professional of today does not punch a card in the time clock or hand in a time sheet and is often expected to work until the task is completed or unusual hours based on their employers needs. For most of us we do not know when our day is over, it can be argued that we are not to blame if we need to conduct some of our personal business in the office. It seems that employers must be flexible and recognize the amount of time that their employees dedicate to the company.

When an employer unintentionally discovers confidential, potentially embarrassing, or harmful information about its employees through its monitoring, what is the employer to do with this information? What if an employer accidentally captures an employees credit report or medical information, would the employer than be responsible for making sure the information remains confidential? As employees spend many hours at work, the possibility of conducting some of their business via the Internet, such as banking online, making doctors appointment, or changes to Health Insurance may be necessary. The result is that information that employees might prefer to keep confidential may be exchanged over the employer's network and be captured. These questions serve to give credence to some of the issues that may concern employees in regards to having their online activities monitored. In most cases employees have no recourse but to accept that their Internet activities can or are being monitored. This was not the case in May of 2001 when a group of employees ordered the staff to stop monitoring Internet activity. You may wonder how employees could possibly accomplish such a feat. The employees were actually the judges of the U.S Court of appeals for the 9th Circuit, located in San Francisco, California. Very few employees have the power of federal appellate judges, but as it turns out they too are subject to monitoring. Monitoring of Internet access implicates the 4th Amendment to the Constitution, which prohibits unreasonable searches and seizures, thereby granting all citizens reasonable expectation of privacy. If a person believes that their communication is open to the public than there cannot be any expectation of privacy. If I am sitting in a park having a discussion, I cannot expect that my conversation is private and that if anyone overhears the conversation they are invading my privacy. The core issue in regards to most privacy cases it whether an employee had a reasonable expectation that their web traffic would be private. In general, employees have not had much success suing employers for invasion of privacy when their employers accessed data regarding their Internet activity. This is especially true in cases where the company had a clearly stated Internet Usage Policy in place. Courts have almost unanimously rejected employees’ claims for invasion of privacy where the employer had an effective Internet Usage Policy in place. Many state recognize a common law right to privacy. Additionally some states, such as Massachusetts and Rhode Island have broad statutory rights to privacy, while others such as New York and Virginia have more limited statutory rights. The most usual claim relied on by employees is the claim of “Intrusion Upon Seclusion”, which can occur if there is investigation by examination into the employees private affairs or the use of a service to over see or overhear the employees private affairs. The employee that brings this type of privacy claim must prove that the employer intentionally intruded into the employee’s private affairs and that the any reasonable person would find the intrusion highly offensive. It seems that the presence or absence of Internet policies have had a significant impacts on the courts determination whether an employee had a reasonable expectation of privacy. In addition, an employee’s consent to being monitored is grounds for defense on any subsequent claim for invasion of privacy. In the United States v. Simons, a criminal case where the defendant was charged with receiving and possessing child pornography, the Fourth Circuit Court affirmed a lower courts ruling that a government employee had no expectation of privacy when using the Internet at work, where his employer had a Internet Usage Policy in place that notified him of internal audits and set out guidelines on permitted and prohibited uses of the Internet. Even without an Internet Usage Policy some courts have upheld that the employer did not violate the employee’s rights or privacy by intercepting Internet traffic. In such cases the courts have generally ruled that the company’s interest in preventing inappropriate or illegal activity over its network outweighs any privacy concerns the employees’ may have.