Instant Messaging Belongs to the Employer, Not the Employee


Savvy employers are catching on to the wisdom of monitoring external e-communications. According to the ‘‘2003 E-Mail Rules, Policies, and Practices Survey,’’ 51 percent of employers monitor incoming e-mail, and 39 percent keep an eye on outgoing e-mail. Where employers drop the ball, however, is with the internal e-mail communications that take place among employees. Only 19 percent of U.S. organizations monitor internal e-mail. [1]

Employers who fail to monitor internal e-mail are playing with fire. Like IM, e-mail communications that take place internally among employees are exactly the type of conversations that are likely to be casual, informal, and contain language and content that could trigger disaster.

Organizations are advised to exercise their legal right to monitor-the IM and e-mail transmissions of their employees. According to the federal Electronic Communications Privacy Act (ECPA), an employer-provided computer system is the property of the employer. The ECPA gives employers the right to monitor IM transmissions, as well as e-mail traffic and Internet surfing on the organization’s system.

Employers should use written policies to notify employees that instant messages, e-mail, electronic documents, passwords, user IDs, and the computer system as a whole belong to the organization, not the individual. Clarify the fact that the organization has the right to access and review the content of any message that is created, stored, transmitted, or received using the organization’s computers and other resources provided by the organization or located in your facilities or on your property.

If you allow the use of personal IM tools downloaded from the Internet, it is particularly important that you let employees know that messages transmitted via this software on public networks are subject to monitoring, too. Inform employees that the theft of company data may result in civil or criminal penalties. If you monitor IM to prevent theft and reduce overall risks, use your IM policy to let your staff know.

start sidebar
Real-Life E-Disaster Story:
Customer Data at Risk of Identity Theft

According to a survey done for Vontu by Harris Interactive, 46 percent of managers and employees with access to sensitive customer information say it would be ‘‘easy’’ to ‘‘extremely easy’’ for workers to remove sensitive data from the corporate database.

Fully 66 percent of those surveyed say their coworkers, not hackers, pose the greatest risk to consumer privacy. Forty percent classify the security level of their corporate database as somewhere between ‘‘not at all secure’’ and ‘‘secure.’’ [2]

Instant messaging makes the potential for data theft—already a major headache for business—even greater. Your organization can’t afford to lose sensitive client, employee, or company information. Use technology tools, training, and policy to help guard against the accidental and intentional instant messaging of intellectual property and other confidential material.

end sidebar

start sidebar
Sample Record Ownership Statement

All records, including instant messages and e-mail, that are created, received, or used in the course of business belong to the company. This includes instant messages created, received, or transmitted via the organization’s own IM system or on any personal IM software you may have downloaded from the Internet.

Employees must make available to management company-owned instant messages, e-mail messages, and other business records at any time, for any reason.

When employees are terminated or leave the company for any reason, you must turn over to management originals (if available) and all copies (paper or electronic) of instant messages, e-mail messages, and other business records. Freelancers, subcontractors, and other third parties working on behalf of the company must return the original and all copies of company records upon request or at the termination of their contract with the company.

All records located in a company facility or facilities managed by third parties for the company are considered company property. All records created or stored on the company computer, IM system, email servers, imaging system, communications system, telecommunications system, storage device, storage medium, or any other company system, medium, or device are company property. All records that in any way pertain to the company or our business, no matter where they are located, are considered company property. [3]

end sidebar

IM Rule # 17: Watch your language! Confidential information and intellectual property can leave your system—instantly.

[1]‘‘2003 E-Mail Rules, Policies, and Practices Survey,’’ conducted by American Management Association, The ePolicy Institute, and Clearswift. Survey findings available online at www.epolicyinstitute.com.

[2]Press Release, ‘‘62% of Employees Report Incidents at Work That Put Customer Data at Risk for Identity Theft’’ (June 2, 2003). Survey conducted by Harris Interactive for Vontu. Survey summary online at www.vontu.com.

[3]Adapted from Nancy Flynn and Randolph Kahn, Esq., E-Mail Rules, New York, AMACOM, 2003.




Instant Messaging Rules. A Business Guide to Managing Policies, Security, and Legal Issues for Safe IM Communication
Instant Messaging Rules: A Business Guide to Managing Policies, Security, and Legal Issues for Safe IM Communication
ISBN: 0814472532
EAN: 2147483647
Year: 2003
Pages: 241
Authors: Nancy Flynn

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net