Internet privacyThe debate about internet monitoring in the workplace has been going on for years! Employees often feel their employers are yet another entity that is enforcing the big brother effect on them, yet on the flip side employers feel as if they are well within their rights to keep the company’s best interests at heart. With various industry research reports over the years pointing out that a good portion of an employee’s work day is spent on personal websites while in the workplace, it’s no wonder that employers are concerned about their employee productivity levels. Of course, hand in hand with this comes the security risk associated with employees intentionally or unintentionally downloading malware from malicious sites or personal e-mail accounts.

CCTV has been around for decades and the thought of someone, somewhere, watching your every move is enough to scare even the hardest of people. To make it ‘OK’, the authorities often promote such surveillance under the umbrella of ‘public safety’ or ‘increased security’. It is phrases like this that probably make people tolerate the idea of being monitored, and in all fairness there are benefits – especially in terms of when CCTV helps prevent crime, solve murders, etc. The concern comes because of the uncertainty of what happens to the footage that is recorded. This is where data retention and data protection laws come into play. These same laws, or a derivation of them, also apply in the workplace when it comes to e-mail and web monitoring.

So the question remains, is internet monitoring fair? Is it ethical? Is it legal? Do you even care? I mean, if you have nothing to hide then why should you mind if your employer keeps a log of which websites you are visiting?

A bit about the law…

Since the employer owns the network and the computers that employees use in the workplace, they effectively have the right to screen what activity goes on involving this equipment (especially when there is a security risk involved).

In the UK, the main legislation associated with monitoring would be the Data Protection Act, the Human Rights Act, and the Regulation of Investigatory Powers Act.

The Data Protection Act which, while not explicitly stating that monitoring cannot be done, does require employers to manage personal information that is used, collected or stored in a way that is lawful, secure and fair to employees.

Section 8 of the Human Rights Act states that people “are entitled to the right to respect for private and family life, their home and their correspondence” and that “there shall be no interference by a public authority with the exercise of this right”. Several cases that have been won on the basis on the Human Rights Act highlight the need for a clear and effective communications policy in the workplace; one that sets out what can or can’t be done and is relayed to employees from the start (perhaps as part of their induction plan?).

The Regulation of Investigatory Powers Act stipulates that interception of communications is only lawful with consent or where required by the regulations.

Note: While the above legislation is related to the United Kingdom, each country should have its own equivalent.

In keeping with the law, the key to any sort of monitoring in the workplace is employee consent and notification. Both these can be stipulated in the employee contract, handbook, or on screen in the form of a message box from the application. Failure to do this may result in a breach of privacy or personal data protection to which the employee is entitled.

In the second part of this blog post we’ll look at why internet monitoring within an organization is deemed to be important by managers.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.