Employee E-mail Surveillance
30th January 2007 by Natasha Nicholson
This little piece of news appearing in late 2006 may have escaped your attention but I thought it was worth bringing it up.
A survey conducted by Fortiva based on 100 North American organizations that monitor and review the messages of their employees found that:
* Of the 93 percent of companies that have formal electronic communication retention and review policies, 63% companies reported employee e-mail surveillance has improved their ability to see risks to the company.
* 12 percent of the companies uncovered customer complaints that were not previously escalated or disclosed.
* 14 percent also said copies of employee correspondence were forwarded to a regulatory body or law enforcement agency.
* The increase in visibility has resulted in 26 percent of organizations terminating an employee as a result of information yielded through email surveillance.
www.fortiva.com/news/pr_email_surviellance.html
Now, it’s hard to argue with the fact that a company reviewing its employees’ e-mail may indeed be getting some valuable information. And its important to note that this particular research surveyed North American securities industry companies, which are under some stringent rules when it comes to monitoring information.
But what about the rest of the business world? Just where does this type of surveillance fall when we consider the ethical implications? What are your thoughts on this?
Natasha
January 31st, 2007 at 6:02 pm
Yes, this study does illustrate the benefit in surveillance of employee email. Many companies have ethics policies as well as computer use and Internet policies. Thank goodness. In my own experience, as a consultant, I have seen significant abuse. Complaints and problem situations were not elevated or simply ignored; improper use of the web that left the company vulnerable to security breaches; and, sharing of client/employee social security numbers via e-mail.
Even when matters are brought to a department head’s attention, the problems may not be remedied because: 1) the severity of the issues are not understood due to lack of education/knowledge* 2) supervisor embarrassed to confront offenders that they are being “watched” 3) lack of a complete and known process for handling breaches to the policy. Most policies that I have encountered simply state the final penalty or disciplinary action; but there is no guidance on what to do if you encounter a problem or suspect there is a breach.
*I had a manager ask me to leave my computer desktop open so that another worker could use my computer without logging out of her computer OR tell the other worker my password. Is that insane or what? I simply stated that I could not because the company had me sign the computer use and security policy. The manager rolled her eyes and walked away.
February 5th, 2007 at 2:37 pm
E-mail surveillance is a bit of a double-edged sword: on the one hand, it can create or reinforce a culture of intimidation.
On the other hand, however, looking away from harmful e-mail content and towards understanding the networks of peer-to-peer relationships that exist in an organization, e-mail surveillance and mapping of e-mail flow could be a godsend to an organization that otherwise would have no clue about how lateral commmunication works therein.
Perhaps there needs to be some clear expectation setting about e-mail surveillance and tracking, and some framing of it both as a security measure and as an opportunity to improve organizational communication.
February 5th, 2007 at 5:01 pm
Mike,
That makes sense to me. It would seem that it would be critical to have transparency about the fact that e-mails are reviewed and a clear explanation as to why this is necessary.
The “reviewers” of the e-mails would need to have parameters set and their practices monitored to avoid abuse. Solid processes would be particularly critical when it came to employee terminations.
As with so much in this world, it’s one thing to act legally, it’s quite another to act legally and ethically. Understanding the difference and applying those principles is what sets an organization above the rest.
Natasha
February 14th, 2007 at 8:20 am
Are there any comments on how Europe and Asia based companies are evolving to accept corporate messaging supervision? While US businesses and employees have come to accept messaging supervision as a corporate right, I have not seen the same elsewhere, where there is either a stronger privacy issue (certain countries in Europe) or where litigation is not forcing this kind of behavior (Asia/Pac). Thanks,
February 20th, 2007 at 6:33 pm
I assume the surveillance is done by a computer that looks for keywords, similar to the programs that scan resumes? It’s hard for me to imagine company “spooks” reading everyone’s email. The sheer volume would make that job impossible.
Although it seems accepted that companies can read employees’ email, I wonder what made this such a common practice, and one that few people object to? After all, it wasn’t common practice to listen in on phone conversations (was it?), and once a typed business letter went in the envelope, no one opened the envelope to read the letter inside. Of course, carbons were kept, but I don’t think anyone routinely read them in a typical corporation.
Email surveillance seems to be yet another aspect of our changing attitudes toward privacy. For a generation accustomed to sharing cell phone conversations with total strangers who are behind them in the grocery line, it may not be a big deal. I am not so comfortable with the ethics of this practice, unless companies are indeed forthcoming to their employees that it goes on.
Pat
February 22nd, 2007 at 8:05 am
Pat,
Messaging surveillance is a common practice, depending on industry. For example, financial services companies in the US must, according to regulation, have systems in place to monitor employee email. Messages are typically rated by risk factors such as employee group, whether the message is internal/external, keywords, destination domain and so on. And these companies do have people who review flagged messages. This is a by-product of litigation.
Other examples include companies that want to protect intellectual property or personal health information from leaving the organization.
As for privacy, companies should be up-front about this and there are different degrees of acceptance. In the US, people have come to accept that employers have the right to view corporate email, this is not (yet) the case in many other countries. Also, the difference between electronic messaging and your sealed letter example is one of volume and practicality. While it would not be possible to scan all letters mailed out of a company, it is feasible to do so for email. Further, since email can easily be resent by the recipient, it can potentially do more damage to an organization.
Paul
March 19th, 2007 at 1:34 pm
I recently addressed this issue .
March 20th, 2007 at 9:36 am
This subject is quite polemic, but in my opinion and experience it goes far beyond e-mail practices. Counting on a policy to protect information can really reduce/avoid risks for the company in many ways. Within this policiy, e-mail practices is just an element to be consideres.
From the very beginning, employess have to be aware that their company e-mail account is a working tool provided by their employer. Since it is its property, it has the right to review it from time to time, although it can differ from country to country depending on local laws.
Awareness of employees’ responsibility either to protect information or to adequately use this tool has to be made by constant communication campaigns publishing the policy and the best practices in e-mail usage. The campaign should also address the need to keep a healthy server avoiding its saturation because of the abuse in the use of the e-mail.
But to be successful in this awareness, employees should have access to Internet and, therefore, to their personal e-mails, so they can receive and send personal stuff from there. It is important that company applyes the adequate blocking systems to website where employess could distract from their duties. There are still some companies that restrict access to Internet to their employees which can go against the objective of having responsible employees, what requires a certain dose of freedom.
At the end of the day, it is always better to make awareness and having employees buy the concept of why their collaboration is crucial than just forbidding doing this or that.
Erika
May 9th, 2007 at 8:53 am
Seems that my previous post and link were truncated. I recently addressed this issue on my blog:
http://www.commakazispeek.com/blog/2007/03/09/were-frogs-in-a-pot/