Privacy Issues: eBusiness

Privacy Issues Surrounding eBusiness Procedures
by Kurt Rodenhizer, MS, MBA, June, 2007

The topic of privacy as it pertains to online communications and e-Business can focus in two areas: 1) Internet based B2C activity or 2) Employee rights vs employer privileges to information access. This key concept review will focus on the latter.
Privacy is defined as the ability of an individual or group to keep their lives and personal affairs out of public (or corporate) view. Along with the widespread proliferation of communication options at work (e.g. phone, Internet and email/IM) comes the temptation to use the electronic resources to conduct personal activities. Employees now work in an environment full of temptation to surf the Web, shop online, play games, download music, watch videos, etc. In a 2002 study by the computer security Institute, 78% of polled enterprises reported abuse of Internet access privileges by workers including downloading pirated software, shopping and inappropriate use of e-mail. Another survey determined that 62% of workers go online for personal reasons at least once a day, while 20% do so 10 times a day. Employers interested in monitoring activity like this can be viewed as invading employee privacy, but there is certainly justification as to why companies need to implement some controls over employee personal activities.

Significance:

Protecting the corporation while respecting employee privacy is a challenge. As reviewed in the article “eMonitoring In The Workplace; Privacy, Legislation, And Surveillance Of Software,” the authors (Nord et. al.) suggest employers have the right to measure employee productivity and monitor for leaks of company information (including the spreading of defaming opinions). The debate between employee rights and employer privileges has become a hot topic and can be expected to become more complex. Fueling the debate is the degree of invasiveness, especially when considering surveillance may include monitoring the number of keystrokes per period of time, listening to all phone calls and voice mail activity and performing database collection scans of all email and IM.

Recent surveys have found that a majority of employers monitor their employees. They are motivated by concerns over litigation and the increasing role that electronic evidence plays in lawsuits and government agency investigations. Compliance in the Sarbanes-Oxley era is a critical concern. The recommended practice for the employer is to establish clearly understood security policies. These policies can be communicated via employee handbooks, memos, and in contracts. The primary piece of legislation defining employee privacy can be found in the electronic Recent surveys have found that a majority of employers monitor their employees. They are motivated by concerns over litigation and the increasing role that electronic evidence plays in lawsuits and government agency investigations. Compliance in the Sarbanes-Oxley era is a critical concern. The recommended practice for the employer is to establish clearly understood security policies. These policies can be communicated via employee handbooks, memos, and in contracts. The primary piece of legislation defining employee privacy can be found in the electronic communications privacy act or ECPA. The ECPA contains 3 exceptions that favor the employer:

1. If the employer owns telephone, e-mail or Internet services. They would be more protected from employee privacy suits.

2.The ordinary course of business exception allows employers the right to monitor business communications to assure quality control prevent sexual harassment and unauthorized use of equipment.

3.The third exception is called consent exception and applies to actions taken by the employer.

The bottom line is that if an employee works for a private company who owns the equipment being use, the employee does not have the right to use the equipment or the work time to conduct personal activity or slander the company they are working for.

References:
eMonltoring in the workplace: Privacy, legislation, and surveillance software.G Daryl NORD, Tipton F Mccubbins, Jeretta Horn Nord Communications of the ACM 49:88, 72-77.

February 18, 2008 - Posted by eprocessdevelopment | White Papers | | No Comments Yet