The problem of monitoring employees' online activity to safeguard against corporate humiliation is providing IT managers with a growing headache. Recently, companies such as Orange, Ford and Royal & SunAlliance have disciplined staff for inappropriate use of email, and have suffered unwelcome publicity as a result.
There is a need to guard firms against virus attacks and inappropriate use of emails, such as the sending of pornographic material. However there is also a need to comply with legal rights to privacy under the Data Protection Act and the Human Rights Act. The extent to which firms may monitor their staff remains unclear until it is tested in the courts. However, some experts are recommending software monitoring tools to provide a balance between the need to monitor and the need to respect privacy.
The Regulation of Investigatory Powers (RIP) Act 2000 gives employers the right to monitor staff emails, as long as there is a legitimate business reason to do so. Lawyers are still unsure whether this will conflict with rights to privacy, and they are unclear about which would have precedence in law. However, most agree that informing staff if they are being monitored is a sensible precaution, and that staff should be told what constitutes permissible activity.
Gareth Evans, a security advisor with digital security company Cyrano, said that even the most basic software controls could save companies from some problems. Blocking software from firms such as SurfControl, Websense and Elron Software block lists of sites or content that senior managers decide are not suitable.
Text-blocking software blocks key words, and companies can tailor these systems and add keywords as they please. However, whole sites can be inadvertently blocked if one word, such as 'sex', is deemed to be prohibited. For this reason words should be chosen with care:Â an online form that asks users to identify whether they are of the male or female sex could be blocked unless systems are sensibly set up.
Elron's email monitor, Message Inspector, reads text contextually as well as looking for specific words. The software can halt problematic emails, or given file types can be blocked to specific departments.
Software like Content Technologies' PornSweeper can be used to block pictures that contain a high proportion of skin tones;Â useful in preventing the dissemination of pornography.
Shortly after the RIP Act became law, e-commerce minister Patricia Hewitt said employers have the right to monitor communications without employees' consent.
The EU's Telecommunications Data Protection Directive permits the interception of data in order to provide evidence of commercial transactions, criminal offences or unauthorised use of a telecoms system.
The DTI asserts that companies have the right to monitor telecoms systems in order to detect viruses. It said that employers could monitor routinely in cases where a member of staff is absent and gaining consent is impractical. It added that companies are entitled to monitor calls and emails for quality-control purposes and to check whether they are relevant to the business.
David Smith, the government's assistant information commissioner, emphasised that companies are still obliged to maintain their employees' rights to privacy. Smith acknow-ledged the need for monitoring, but said that firms should look for an automated way to carry it out.
As IT managers negotiate the email minefield, automated censorship might prove to be the best way to safeguard companies' reputations while respecting employees' privacy.
