Employee monitoring - has Big Brother arrived?

The subject of Employee Monitoring is currently at the forefront of my mind as I polish up my notes on for a talk on this subject at a CISO dinner tonight at the London Capital Club. I’ve been thinking deeply about this issue for a long time. Not that I’m any kind of dangerous radical or extreme conservative. In fact I’ve always aimed to strike a healthy balance between the interests of the individual and the needs of an increasingly heavily regulated business community. And I know I’m not the only one thinking about these issues. A few years ago I aired a few comments on the breakdown of the boundary between business and personal lifestyles in Computer Weekly and was immediately contacted by Dr Peter Skyte, leader of Amicus, the top white collar union. I was impressed to be able to discuss some of these issues with a union leader with a good understanding of IT. Too often we associate trade unions with the Industrial Age, but they also have an important role to play in the new Information Age.

Things were much simpler in the old Industrial Age workplace when every aspect of business life was standardised, separated and synchronised. Employees did business in a dedicated building during set hours. Outside of that it was no concern of your employer how you spent your time. Now it’s all mixed up. People simply grab the nearest communication channel to conduct personal or business transactions at any time, any place, anywhere. You can’t easily separate business and private activity. But we do have to monitor and archive the communications activity on our business networks for three good reasons. Firstly, to keep out any bad content that might be damaging or illegal. Secondly, to detect and immediately stop any unauthorised access or leakage of confidential information. And thirdly, to meet the increasingly demanding legal and compliance requirements, which might for example require all customer communications and staff emails to be reconstructed many years hence.

Technology is not a constraint these days. The devices available today are extremely powerful and easy to install. You can buy a tiny box called netReplay from Chronicle Solutions, plug it in to your network and it will immediately begin scanning and recording the web traffic and emails of tens of thousands of users. The real issue is not capturing the information but figuring out just what is sensible to record and how best to manage the process. No responsible organisation wants to snoop on their employees’ behaviour. In fact you can’t do this without also complying with a raft of complex and occasionally contradictory legislation concerning human rights, privacy, data protection and communications interception. Just keeping up with this legislation and framing the “acceptable use” policies is starting to become a full-time job in itself. The real problem today is not keeping up with the mass of communications coming into and out of the organisation, it’s controlling the policemen and securing the monitoring equipment. Because anyone can now play Big Brother at work if they want to.

Join the conversation

3 comments

Send me notifications when other members comment.

Please create a username to comment.

David You raise many interesting points here. I see there being three golden rules around how such monitoring should be implemented. 1. The organisation should devise policies and procedures that are appropriate to the situation. These will be different for a police force compared to a bank compared to a local government department. 2. The policy and procedures should be properly and fully communicated to staff. 3. The system should be used as planned; if you don't monitor and enforce, then misbehaviour becomes accepted practice. Also the usage of monitoring systems should be monitored. So if you feel it is the right thing for your organisation to scan for downloaded pornography periodically, then tell staff that is what will happen and what the consequences may be. And then do it. It is rightly a sensitive area, but monitoring does improve behaviour and does allow you to catch people doing really bad things. CCTV has shown us that. See http://nickkingsbury.blogspot.com/ , and www.chroniclesolutions.com
Cancel
It was an interesting talk you gave at the dinner earlier tonight and good to speak with you afterwards. I forgot to give you my mobile number 07785 773122. Let's meet for a drink soon, Merlin
Cancel
i think it's not a spoffish things to use employee monitroing software nowadays.The software is widely applied,it help to keep en eye on employee online activities and keep them on task.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close