Employee Monitoring - a hot topic for 2007

Tonight I’m again debating the subject of Employee Monitoring at a CISO dinner. I’ve already posted some thoughts on this subject. But I’ve noticed quite a lot of interest and debate now being generated as CISOs and journalists begin to consider the impact of new technology from Chronicle Solutions that enables any organisation to mount blanket surveillance on their employee’s communications.

The quintessential issue is just how far we should go in exploiting this unprecedented capability. Because it has tremendous potential for business efficiency but it can also trample all over your employee’s human rights.

Most responsible organisations will only examine staff emails as part of a formal, authorised security investigation. There should be no random fishing for potential wrongdoings. But security investigations can be broad in scope. And once you have the capability to search across all staff communications there is a clear potential for scope creep. You’re not restricted by a need to request access to each individual user’s emails.

And when you look at what’s actually going on in any organisation, you’ll find an awful lot of disturbing things that you wished you hadn’t seen.