Simon Corwin was one of the most liked guys around the office. He spent his day sitting in his room, quietly doing his work, and he was always willing to help out when asked. Although not a big drinker, he often joined the group for Friday afternoon drinks at the local pub.
So it came as a great surprise when one day he was called into the manager’s office and fired for abusing his internet privileges.
“It’s always the quiet ones,” muttered Sally Jenkins, one of the IT people who was on the periphery of Corwin’s sacking. It was one of her filter programs that picked up the transgression and flicked it to her manager, Bill.
“So, what did he actually do?” Bradley McGrath asked.
“I don’t know. The security program automatically passes all transgressions to Bill. Basically, there are certain key words and phrases that it searches for, and if any of them are found in an e-mail, the program automatically makes a copy for management to look into.”
For a moment, Brad was shocked at what he thought was an invasion of his privacy. But the law was on the company’s side. E-mail was legally regarded as company property, not as a personal right. He had heard stories about people getting into trouble for sending out reminders about lunch to other staff members or happy birthday notes from family members being screened out by programs.
Usually these offences just earned the culprit a reprimand, although Brad did know of one employee who was eventually dismissed after his fourth or fifth warning. And, in many ways, it was better that a computer was doing the scrutinising. He had heard of places where people randomly read e-mail from colleagues to check it for incorrect use.
But, as far as he knew, Corwin had never been in trouble before.
“Was it pornography?” he said, duplicating the question that everyone asked when they heard about sacking and the internet. Sally just shook her head. “Don’t know. I would have look at the file to find out, and that is hardly worth the risk. Whatever Corwin did, he’s gone. Forget it.”
A couple of days later, Brad was chatting with the office union representative, Jack, and happened to mention how much Corwin was missed around the office. To his surprise, Jack hinted that it might not be as permanent a departure as everyone had thought.
“We have waited to get our teeth into a fight over this e-mail issue,” the union representative said. “And this is the perfect case. For too long, we have had to put up with these draconian laws. I mean, e-mail should be just like the telephone. We all know we shouldn’t use it for personal calls and the like, but there has to be some leeway. Besides, employers are getting staff to work longer and longer hours, blurring the boundaries between home and business. If I need to send a message to my wife, or e-mail my congratulations to a friend, it is actually more convenient and more productive for me to do so from work. After all, management is expecting more and more from everyone, hours are getting longer and responsibilities are getting heavier. Between you and me, office internet privileges are a perk of the job. I mean, just because half the senior management don’t know how to send an e-mail does not mean we should be ignoring the obvious benefits of the electronic superhighway. Besides, these programs are too restrictive. Even Clyde got caught the other day.”
This time Bradley was amazed. Clyde was one of the most fastidious employees in history. “It seems some bright spark added love to the list of flag words in the e-mail security program. Clyde happened to mention that he loved a proposal and the system blocked the message. You should have seen his face when the boss called him into the office. During that exchange there were words uttered that I thought Clyde would never have heard of.”
Brad cut in: “But there are some justifiable reasons for monitoring e-mail, apart from the possibility of defamation and other legal issues like confidentiality, harassment and the rest. Did you see some of the jokes Darren used to send around before the new policy came into effect? Besides, what about the dangers of computer viruses? I mean, a single letter can shut down the office and a virus can cost millions.”
“Agreed, but that is not what we are talking about,” Jack said. “In principle, an e-mail should be treated the same as a letter or fax. Does your boss insist on reading every letter or fax you write during the working day or listen in on every phone call you make? Sure, there are technical issues, but these do not necessarily involve the violation of an employee’s right to be trusted.
“The bottom line is that any system can be abused. What is important is to set the guidelines and determine the difference between abuse and a justifiable perk. Speaking of which, who do you reckon will win the footy on Friday? I am about to phone my tips through. Won almost $60 last time.”
Later that night, as Bradley was mulling over what the union official had said, he wondered just what Corwin had done to get the sack. He decided to go and see Corwin and finally managed to ask why he had been fired.
“It’s a funny story. You know I make fishing rods as a hobby? Well, I had been playing around with this new idea for a different kind of tackle and had shared my thoughts with a few people on one of those e-mail discussion group things.”
“I get it, you spent too much time chatting online and not enough time working. That’s why they sacked you.”
“No, I always logged on in my lunchtime or after hours. Which was acceptable under the company internet policy. Where I went wrong was when one of the guys offered me money to build him one of the new tackles. I should have switched him over to my home account then and there, but he was only one guy and it was too much hassle to change it. Besides, it was easier to log on while I ate my sandwich rather than do it at night when I was tired.
“Anyway, it kind of snowballed. It never really took up much work time. Besides, how often did I take a full lunch hour? I reckoned they owed me a couple of minutes here and there.
“Still, it constituted a breach of company policy in that I was apparently using company resources for personal gain. As far as senior management was concerned, I was running my own business from my cubicle and that was a sacking offence.”
What is the difference between what Corwin did and Jack’s submitting his weekly footy tips over the phone on a Friday lunchtime? They both earned money from their activities. Does the fact that Corwin was working during his lunchtime constitute “non-working” time and modify the conflict of interest? How can it be proved that Corwin made money from his endeavors and therefore made personal gains from the e-mail? Are e-mail and the internet different from older-style communications? At what point is the privacy boundary crossed?
Proposed solution #1
William Blayney is an IT specialist with a national not-for-profit organisation.
As part of his duties as systems administrator, he monitors e-mail in a large organisation through the use of trawler programs.
I should make it clear at the outset that I am not a lawyer. Were such a case to develop where I work, I would discuss the issues with management and legal representatives before taking any action. It is primarily a legal issue. Were Simon’s rights as an employee violated by his sacking? Simon himself seems to have accepted his fate, and this would result in a happy ending for all concerned.
Without knowing whether this is an accurate assumption, it is difficult to comment on the specifics of the case.
Tackling the questions:
1. What is the difference between what Corwin did and Jack’s submitting his weekly footy tips?
Footy tips, like office Lotto draws and selling chocolates for a school fund-raising venture, would fall into the category of social entertainment.
Simon’s checking of his e-mail and responding to his “hobby” business from work and using work resources raises different issues.
2. Does the fact that Simon was working during lunchtime constitute “non-working” time and modify the conflict of interest?
Even though Simon worked during his lunchtimes this establishes a precedent that the company cannot allow. A problem of e-mail and the internet is that it is difficult to determine whether a person is working on personal or company business.
3. How can it be proved that Corwin made money from his endeavors and therefore made personal gains from the e-mail?
Unless there is a direct link referenced in one of the e-mails, then it is difficult to see how this is provable. Given Simon’s acquiescence and the company’s action in the first place, I would assume this to be the case.
4. Are e-mail and the internet different from older-style communications?
In principle, e-mail and the internet should be no different. However, the ease with which they can be monitored makes them more susceptible to intervention than conventional communications are.
You cannot create a program to operate in the background and check the content of every hard-copy communication. It is an inefficient use of time, it would detrimentally affect the operational side of the business and it would be an expensive option in terms of time and money and opportunities involved.
With electronic communication, programs can be set up to detect key words, and random samples of a week’s work can be generated after the material has been sent. A computer program might cost money to buy but it does not get sick leave, holidays or superannuation, and it is always ready to work on weekends. You need someone to monitor the results and to implement any disciplinary actions or other outcomes, but these duties can be incorporated into an existing role.
In principle, online and conventional communication should be treated in the same way. The problem is in the policing of policies.
5. At what point is the privacy boundary crossed?
This is a question for the lawyers. There are factors other than individual privacy to be taken into account. E-mail and internet access can lead to insecurity in an organisation’s network and can be used by unscrupulous people to gain illegal access to restricted information.
If employees accept that there is no privacy in work e-mails, if there is a clear and definite policy about what is and what is not acceptable, then situations such as Simon’s should be rare.
We need to change people’s thinking about e-mail and the internet. As with all innovations, the implementation of this technology will have teething troubles and there will be a time lag as people’s operating methods adapt to the changes introduced by the new technology.
By establishing clear and enforceable guidelines, situations such as the one outlined in the case study can be prevented.
Proposed solution #2
Helen Dodson is an adult-education trainer who is enthused by the introduction of new technology in the workplace. One of her most popular courses involves teaching computer skills to mature Australians
he use of the internet and e-mail has raised, and will continue to raise, many questions on employees rights to privacy. Despite the fact that they are using their employer’s equipment and the employer is paying for their access to these facilities, many employees consider e-mail and internet access to be private.
In some cases, the use of individual logons and system passwords may give a mistaken perception that these communications are secure and personal. However, such elements are more often used for network security rather than to allow employees to send personal messages.
Communication in the workplace always raises the issue of supervision. The problem is not a new one: it has been experienced with the implementation of other technologies such as mobile phones, faxes and even photocopiers.
From a legal perspective, the concept of privacy in the workplace differs from the reality. There is no general constitutional or common-law right to privacy in Australia at the moment. The Federal Government has introduced new National Privacy Principles that are to come into effect in December 2001, and that will cover areas such as personal information that is included in e-mails as well as access to servers and Web logs.
However, to discuss this case study in the light of the regulations would require someone with a more extensive legal background than my own.
In cases such as Simon’s, and even after the new guidelines, the key factor is the establishment of rules. Good practice demands that employers clearly communicate the “conditions of use” and permitted practices to employees.
Most e-mail is not secure unless it has been encrypted or encoded. Perhaps, if employees thought of e-mail as the equivalent of an electronic postcard that anyone can read, then there would be fewer concerns about privacy. Most network software logs e-mails, if only to detect viruses. These logs normally include information such as the e-mail addresses of the sender and recipient as well as the time and size of the transmission.
Some organisations will not log content, but the content may be stored on Web servers or back-ups. Indeed, it is important to keep in mind that even after an e-mail is deleted by an individual user, it can often be recovered from the back-up or program logs.
System administrators have the capacity and, currently, the right to view communications sent over their networks. As an organisation has responsibility for its networks and for protecting the information housed there, it also has the right to determine how these services are used.
So, what should a basic policy be like?
- It must be accessible to all staff and management, and there should be a formal acceptance of the policy by all users. In other words, there should be a signed and traceable acknowledgment of the policy held on record.
- The policy should explicitly state what is and what is not acceptable. Some organisations worry about looking draconian or making their policy document too long. But by clearly defining acceptable use, you are protecting yourself and your company.
- The policy should be readable and should clearly state not only the policy but how the organisation will enforce it. It should include the monitoring processes, the repercussions and the nature of back-ups and related materials.
- The policy should explain why these procedures are in place. Explain the possibility of hacking and the necessity for system security.
No policy should remain static. Information technology is an ever-changing field and a policy will need to be reviewed and probably updated on a regular basis. When changes are made, staff should be made aware of them and they should again sign their acceptance forms if there are substantial variations in the policy.
It should be noted that an effective e-mail policy does not mean intrusive, systematic and continuous surveillance. Instead, it is better to create an environment in which employees feel that their basic privacies will be protected provided they operate according to the stated policy.
Balancing an organisation’s legitimate interests against staff expectations will be a continuing issue. Only by the use of a clearly stated policy and good practice can electronic communication become as commonplace and accepted as other forms of communication.
The real question is, what will they come up with next?