Monitoring Employee Records and Communications Best Practices

Monitoring Employee Records and Communications Best Practices

Should Companies Monitor Employee Records and Communications?

When organizations supply their employees with personal electronic devices, such as laptops, cell phones, or tablets, they will often have a policy or contract that explains that the employer reserves the right to monitor employee records and communications while they’re using company-owned equipment. Although these devices are used for personal communication as well as work reasons, such policies exist to ensure that company-owned devices are not abused by employees through participating in unauthorized activities. Even with policies or contracts in place, there is still a potential for an invasion of privacy, which makes such policies controversial.

When Should a Company Investigate an Employee’s Electronic Devices?

Just because an employer has the legal might to look at their employees’ emails or text messages does not mean that it is right to exercise that right often. Remember: might does not make it right. If an employer frequently goes through their employees’ text messages, emails, or other modes of electronic communication, employees may become unhappy with the company and feel like their personal privacy has been invaded.

Take, for example, the administration at Harvard University. Believing that someone was leaking information about a cheating scandal, the administration opened an investigation and determined they had the right to read the emails of 16 deans at Harvard. Without getting authorization to search the emails, the administration searched emails by looking only at subject lines within a specific time period. While the administration was legally within its rights to investigate the deans’ emails, it was the wrong political decision. The deans were very unhappy about the investigation into their emails and complained vocally about it. Because of the public attention that the investigation received, the administration ultimately issued a public apology to the deans.

Ultimately, even though organizations might have statements in place that explain that they have the right to monitor employee records and communications, exercising that right is not always cut-and-dry. We suggest very carefully evaluating the reasons why you want to investigate or monitor your employees’ communications so that you can avoid potentially ruining the work environment.

To learn more about monitoring employee records and communications, follow @BenjaminWright on Twitter or contact us today!

Video Transcription

It is common for an employer to have a policy or a contract with its employees stating that the employer reserves the right to monitor the communications and activities of employees while they’re using company-owned equipment. The reason for the employer to do this, of course, is to ensure that the employer is able to maintain a disciplined workplace where unauthorized activities are not happening. Unauthorized activities could be, for example, the exchange of pornography or the running of a side business while the employee is actually in the workplace and is supposed to be doing work.

However, these policies and contracts with employees can be controversial. Employees can be really unhappy when the employer, in fact, exercises its right and starts reading employees’ emails or looking at pictures that are on a company-owned device. Employees, naturally, may feel that even though they’ve signed an agreement saying that the employer has the right to look, they may still feel personally that they have some kind of a zone of privacy.

A common lesson for employers to bear in mind is what I call “Might Does Not Make Right.” What that means is just because the employer has the legal might to look at emails or text messages doesn’t necessarily mean that it is wise for the employer to actually exercise that right very often. A real good example comes from Harvard University. A few years ago, Harvard University was conducting an investigation where it believed that someone amongst the deans of the university was leaking important information out about a scandal related to students who had allegedly been cheating. The administration at Harvard decided that they needed to find out who was leaking the information and that they had the right under policy to actually read the emails of 22 deans at Harvard. The administration decided that it would conduct a limited search of emails of those deans by just searching not the content of emails, but the subject lines of emails within a specific time period.

Well, the deans at Harvard are very politically powerful people, and they were not happy about this. The deans complained very publicly and vocally about the administration exercising its right. Legally speaking, the administration was within its rights; however, politically speaking, the administration made a mistake and was embarrassed. Ultimately, the administration apologized to the deans publicly for looking at their subject lines without going through the appropriate channels, such as getting authority from the new faculty senate.

The larger message here for all kinds of employers is your wise to have an appropriate statement with employees saying that you reserve the right to look at their communications, but actually exercising that right is a very delicate process that you need to evaluate very carefully to ensure that you’re not spooking your employees or poisoning the work environment with your workforce.

In order to learn more about the course that I teach at the SANS Institute, you can click the link below. Also, another link below provides more information about me and my work in private practice.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *