Last week, millions of viewers tuned in to watch the debate between US Presidential Candidates, Hillary Clinton and Donald Trump. The verdict was that Clinton dragged Trump by the roots of his hair and showed him what it means to be prepared for office. In other words, this round went to Clinton. However, one issue against Clinton that keeps surfacing like a bad skin rash is the scandal around Clinton’s exclusive use of her personal email account for transacting State business in the four years that she was Secretary of State.
Why is this a big issue? Well, if you ask her opponents it means that she cannot be trusted and she has something to hide. Clinton’s explanation summarised is that it was more convenient to just use her private server and email account. When all the political layers are peeled off, the bottom line is that Clinton broke the law and went against her employer’s internet/email policy.
For several reasons including state security, confidentiality and archiving for posterity, the Federal Records Act requires that government business be transacted through official accounts and communication be preserved on government servers. For whatever reason (she says it was the convenience of carrying only one device), Clinton and her aides chose not to comply with the rules. For someone who had previously spent a number of years in the White House and whose ambition to the top office is probably decades old, it is difficult to reconcile why she would skirt the law in that manner. But these are debates and speculations for another day.
One would expect that the United States government, or any other government for that matter, would have a policy on internet use, emails, CCTV etc. But what about your everyday employer? Is it necessary for them to have an internet policy? The quick answer, of course, is yes. From the employer’s perspective an internet policy is necessary for reasons of security and productivity, at least. Whether it is monitoring the internet sites visited by employees, the amount of time they spend on non-work related internet activities and social media or the monitoring of activities via CCTV to prevent theft or for added security, there are many reasons why an employer would want to regulate employee use of the internet. In addition, there is the threat of system breaches, loss of information, and system crashes that can take place when an employee visits an unauthorised Internet site. The time and money required to rectify such situations could have dire financial implications for the company. And, of course, there is the small but very important matter of brand identity. Your company’s email address is part of its identity and any correspondence going out with an email account related to your company must meet certain standards and must not bring disrepute to the company.
On the employee side, I think the most worrisome aspect of an internet/CCTV policy is the protection of their right to privacy. Do they check that right at the door of their employers? Not exactly, but the law is all about the balancing of rights. In every circumstance, and in considering a company’s internet/email/CCTV policy, regard will be has to the need to balance the personal rights of the employee with the rights of the employer. In the employer/employee relationship, there are established common law duties on both sides. For the employer there is a duty to pay for work done; to provide work to be done; and to maintain trust and confidence. For the employee, fidelity, a duty to obey lawful and reasonable orders, and maintain trust and confidence. Trust and confidence is a mutual obligation on both sides. It is expected that both sides will act reasonably and respect the rights of the other party. That means, for this matter, that employees will devote their time to the work that they are paid to do and not misuse company facilities and information, and employers will monitor the activities of employees only to the point that is necessary to protect their business.
So what should a company take into consideration when drafting a company internet/email/CCTV policy? Here are a few guidelines:
A balance is required between the legitimate rights of employers and the personal privacy rights of employees; any monitoring activity should be transparent to employees and the extent of any monitoring must be clearly communicated to them; employers should consider whether they would obtain the same results with traditional measures of supervision; and monitoring should be fair and proportionate with prevention being more important than detection.
Policy documents should cover: Potentially dangerous material and who bears liability for any damage caused; obscenity, pornography and hate-inciting material; offensive material and chain emails; misleading information especially as it represents the employer; and Personal use. Some employers also have BYOD (Bring Your Own Device) policies that allow for some personal activities in the workplace but also control what information can be transferred between devices and how.
Whether you are a big employee or not, it is important to have rules that guide the use of the internet in your workplace and have those rules properly communicated to your employees.