< Day Day Up > |
Surfing on Company TimeThe Annoyance:I think my boss is watching where I go on the Web. Aren't employers required to notify you if they monitor your web activity? The Fix:In general, no. With very few exceptions, private employers can monitor everything you do in the workplace and aren't required to tell you a thing about it. (Government employees actually enjoy a few more rights; see the sidebar "Better Fed than Dead?") Some employers include vague language like "we reserve the right to monitor your activities," either on a splash screen when you turn on your computer or buried deep within the employee handbook. Of course, that doesn't tell you whether they are monitoring or how they might be going about it. Only Connecticut and Delaware require employers to notify employees before monitoring their online communications. In other states it's entirely up to each company. Lewis Maltby, president of the National Workrights Institute (http://www.workrights.org), says that while there's little you can do to prevent your boss from monitoring your online behavior, you can make monitoring less intrusive and more transparent:
Find out why your company is monitoring employees, and see if there's a less intrusive method of achieving its security goals. For example, instead of using web monitoring software to log every site an employee visits, your employer could use the same program to block employees from visiting objectionable sites such as porn and hate speech sites that could cause the company legal headaches. Companies concerned about productivity loss could adjust the software to allow access to certain types of sites at specified hours say, news or travel sites during lunch or after work or for a certain number of minutes each day. Maltby says many firms would happily embrace policies that protect their needs without alienating their employees. "Most employers are not interested in spying on you," says Maltby. "They're just trying to avoid sexual harassment suits, prevent the loss of their trade secrets, and keep people from spending all day on the Net when they should be working. [But]...companies don't have to violate your personal privacy to protect their legitimate business interests."
Visit NasteePix.com, Get Fired?The Annoyance:I work hard, but I like to do a little recreational web surfing during break times. Can I get fired for this? The Fix:You might. It all depends on your employer's policies and what you mean by "recreation." If your definition includes gambling, viewing photos of scantily-clad models, downloading MP3s, or trolling hate-speech blogs, you stand a pretty good chance of getting canned. According to a 2001 survey by the American Management Association (AMA), 62 percent of companies monitor Internet content, and more than a third of those firms disciplined employees for breaking their Net policies. (The AMA doesn't say how many of those folks got fired, but you can be sure some did see "Privacy in Peril: Prurient Interest.") The trouble is that many corporations lack any kind of written guidelines on what's acceptable behavior. Porn is an obvious no-no, but what about news, political, or travel sites? A study by The Center for Business Ethics at Bentley College found that over 90 percent of companies allow "reasonable personal usage" of the Web, but only 42 percent define what "reasonable" means. So find out what your employer does and doesn't allow (see Table 4-1.) Some questions to ask:
Mark Rowe, one of the authors of the Bentley study, says a degree of recreational use is permissible in many organizations, but "companies are not being sufficiently explicit in terms of their policies. There need to be very clear guidelines for employees."
Out of the Office, But Not Out of SightThe Annoyance:I telecommute from home two days a week. I keep my Quicken checkbook, digital photos, and other personal stuff on the computer at home I use for work. Does my boss have a right to snoop around my home PC? The Fix:It depends on whose gear you're using. If your employer furnished the computer you use for telecommuting, then it has the right to look at anything on it. If you're using your own computer, you have more privacy rights, but you're far from in the clear. If you're logging into the corporate network and using that to connect to the Internet, your employer can monitor where you go and what you do online, though it probably can't legally look at what's on your hard drive. Even if you're on your own dime when paying for Net access, if you're checking a corporate email account, your employer can certainly monitor your inbox and outbox.
"If the company supplied it, they have the right to do anything they want," says privacy rights attorney Parry Aftab (http://www.aftab.com). "Those same rules apply to other employer-supplied gear like laptops, cell phones, pagers, handheld PCs, Blackberries, and so on. It's much broader than computers, which is something most people tend to forget." You may have also waived your privacy rights as part of a work-at-home agreement, says Aftab, which could give your boss unfettered access to your home computer (though probably not other machines on your home network). If you signed a telecommute agreement, now's the time to examine the fine print.
Whose Email Is It, Anyway?The Annoyance:I sometimes use my work email for personal use. I don't want my boss reading it. The Fix:Join the club. Nearly 9 out of 10 people use work email to send or receive personal messages, according to a 2004 survey by the AMA. That same survey found that 60 percent of companies monitor email communications with the outside world, and one in four companies has fired someone for violating their email policies. If you must send personal mail at work, you could use a webmail account such as Yahoo Mail or Hotmail instead of your corporate account. But remember, when you're using your work PC and/or your employer's network, your boss still has the legal right to read your outbound or inbound messages. And she could do it in a variety of ways. For example, your IT department could have a "sniffer" device on the network that captures unencrypted data as it passes over network wires. It might employ software such as netReplay that lets them view what's on users' screens kind of like a closed circuit TV camera trained on your PC. The office geek squad might install a keylogging program on your machine that captures everything you type. At the very least, companies concerned about employee communications can use web monitoring software to log the time you spend on these webmail sites and/or limit your access to them. One way to defeat a sniffer is by encrypting your mail so that only you and the intended recipient can read it. (See the tip below.) Encryption is especially useful when you need to share confidential business information across the wires. But if your employer has installed a monitoring device on your computer, there's little you can do short of disabling the device which is likely to get you in far hotter water. As with web monitoring, find out what kinds of messages your employer looks at and how, suggests NWI's Lewis Maltby, and see if you can carve out some personal use that won't infringe on company policies. For example, you could ask your bosses to fine-tune the scanning software to make exceptions for messages that are almost certain to be personal like email you send to your spouse.
Beware of IT SpiesThe Annoyance:I know my company is scanning my email. But I also suspect the little twerps in my company's IT department are reading my messages just for kicks, and then blabbing about it to the world. The Fix:They very well might. A recent survey by Forrester Consulting and Proofpoint found that 44 percent of large companies hire people to scan outgoing email looking for trade secrets, copyrighted material, or anything else that could get the company in legal trouble. The problem with this, says NWI's Lewis Maltby, is that few companies have anyone assigned to watch the watchers. Slightly more than half of the companies surveyed by Bentley College had written guidelines on how Internet monitoring is supposed to be conducted. Only a third required company monitors to sign a confidentiality agreement, and one in four performed no oversight at all. The survey only included companies that employed ethics officers so if these folks aren't thinking about keeping email monitors in line, imagine what the rest of Corporate America is like (see Table 4-2). Again, your best solution is to ask management. Do they have written guidelines that govern monitoring procedures? Are monitors bound by a confidentiality agreement? What's done to ensure they are following proper procedures? The bottom line, says Frederick S. Lane III, author of The Naked Employee: How Technology is Compromising Workplace Privacy, is to be very careful about what company resources you use. "If you don't want your employer reading email you send to your buddy at Alcoholics Anonymous, or your doctor, or your child, don't use your employer's computer to send that mail."
Chewing the Fat on ChatThe Annoyance:I use instant messaging to check in with my friends and family while I'm at work. Can my boss see who I'm talking to and when I'm logged on? The Fix:He sure can. For the moment, instant messaging is slightly more private chat than email. The Forrester survey found only 21 percent of companies are keeping an eye on IM communications, but that number is likely to grow as more companies adopt IM as a business tool and realize the potential havoc that IM could wreak. For example, the SEC now requires securities dealers to archive business IM records for three years; healthcare companies may also be required by federal statutes to preserve any electronic communications regarding patient health records, including IM. With software such as FaceTime Communications' IM Auditor or Akonix L7 Enforcer, your company's IT department can log the amount of time you spend on IM, record all your conversations, and/or block certain activities on IM such as file sharing. They can monitor all the major chat clients (so don't think using AOL's or MSN's IM software makes you safe). They can also log when you're online; so if you set your messenger software to indicate that you're not at your desk when you really are, your boss may think you're goldbricking. You may be able to keep your IM private by using products such as Hushmail's Hush Messenger (http://www.hushmail.com), which uses PGP encryption to scramble private conversations with other Hush Messenger users, or IMpasse (http://www.im-passe.com), which likewise automatically encrypts and decrypts messages sent via AIM, Yahoo Messenger, and MSN Messenger. Otherwise, when you use IM, assume someone's listening because even if they aren't now, they probably will be soon.
Do Your Hunting From HomeThe Annoyance:I hate my job, so during breaks at work, I've been posting digital résumés on job boards like Monster.com. There's no way my boss can find out, is there? The Fix:There is. If your company has installed web filtering software like Websense or SurfControl or even just looked at the network server logs your boss could easily find out exactly how much time you've been spending at Monster.com or any other online job board. If the company uses an email security program such as ClearSwift's MIMESweeper, it could scan outgoing email looking for telltale signs (like file attachments with "résumé" in the title). If they use a keylogger, they can detect what you've been typing on your PC at any time. And so on. One solution may be to use an anonymous proxy server and email encryption, assuming you can get them to work through the office firewall. But a better idea is simply to avoid using your work PC for anything involving a job search unless you want your boss to help you in your quest by firing you. (For more tips on Net job hunting privacy, see "Who's Reading Your Résumé?") |
< Day Day Up > |