Comments on: Are your managers spying on employees? http://www.hrtechnews.com/are-your-managers-spying-on-employees/ HRMS, Internet Monitoring, Payroll Software, Time and Attendance, and more Thu, 04 Aug 2011 15:58:56 +0000 hourly 1 http://wordpress.org/?v=abc By: JParr http://www.hrtechnews.com/are-your-managers-spying-on-employees/comment-page-1/#comment-8763 JParr Wed, 29 Apr 2009 19:50:23 +0000 http://www.hrtechnews.com/?p=1360#comment-8763 Jon: If your company owns the contract, then you have the right to read the hosted e-mail. If individuals sign up for their own accounts (e.g. free Yahoo accounts) then, no, you don't have the right to read the e-mail. Best practice is to have a boilerplate acceptable use policy stating that the company has the right to monitor all communications, and that company business is required to be performed on company-approved e-mail systems. If you have a contract, e.g. with G-Mail, this serves for both e-mail archiving (FRCP rules for e-mail retention) as well as provides the company with the ability to monitor that traffic. If you are using a free service, even if the company set up the account, the terms not as clear cut. Jon:

If your company owns the contract, then you have the right to read the hosted e-mail.

If individuals sign up for their own accounts (e.g. free Yahoo accounts) then, no, you don’t have the right to read the e-mail.

Best practice is to have a boilerplate acceptable use policy stating that the company has the right to monitor all communications, and that company business is required to be performed on company-approved e-mail systems.

If you have a contract, e.g. with G-Mail, this serves for both e-mail archiving (FRCP rules for e-mail retention) as well as provides the company with the ability to monitor that traffic.

If you are using a free service, even if the company set up the account, the terms not as clear cut.

]]> By: JParr http://www.hrtechnews.com/are-your-managers-spying-on-employees/comment-page-1/#comment-8709 JParr Wed, 29 Apr 2009 00:16:09 +0000 http://www.hrtechnews.com/?p=1360#comment-8709 Having an acceptable use policy is imperitive -- in this situation, it should have prohibited the use of personal e-mail for company business (requiring the use of company resources for company business), as well as limiting the use of personal e-mail altogether. That said, these actions are appropriate and would probably have yielded the same findings: - Monitor incoming / outgoing e-mail from the CORPORATE mail system - Monitor web activity using a proxy server - Make a forensic image of the employee's hard drive, and look for cached e-mails and other items such as sensitive documents that the employee would not normally need to store locally. Most people, through ignorance or ego, will take the easiest path until they know they are being monitored. Once they suspect they are under scrutiny, they take more devious approaches to hide their activity, but this can be prevented by taking a "business as usual" approach, and working with IT to build the case against them. Having an acceptable use policy is imperitive — in this situation, it should have prohibited the use of personal e-mail for company business (requiring the use of company resources for company business), as well as limiting the use of personal e-mail altogether.

That said, these actions are appropriate and would probably have yielded the same findings:
- Monitor incoming / outgoing e-mail from the CORPORATE mail system
- Monitor web activity using a proxy server
- Make a forensic image of the employee’s hard drive, and look for cached e-mails and other items such as sensitive documents that the employee would not normally need to store locally.

Most people, through ignorance or ego, will take the easiest path until they know they are being monitored. Once they suspect they are under scrutiny, they take more devious approaches to hide their activity, but this can be prevented by taking a “business as usual” approach, and working with IT to build the case against them.

]]> By: Jon http://www.hrtechnews.com/are-your-managers-spying-on-employees/comment-page-1/#comment-8689 Jon Tue, 28 Apr 2009 19:32:07 +0000 http://www.hrtechnews.com/?p=1360#comment-8689 How about an email system that is hosted off site? We subscribe to a web based email system (similar to hotmail or gmail). Would monitoring the use of such a service constitute a violation of privacy? Jon How about an email system that is hosted off site? We subscribe to a web based email system (similar to hotmail or gmail). Would monitoring the use of such a service constitute a violation of privacy?

Jon

]]>