Q

How to ethically monitor an employee's e-mail

Learn why companies who plan to monitor their employees' e-mails should have a acceptable use policy.

Can companies ethically monitor their employees' e-mails?

If a company wants to monitor their employees' e-mails, they need to get all employees to sign an acceptable use policy prior to their employment.

This agreement / policy should state that the employee understands that the equipment is for company use only, that all activities can and will be monitored, and the employee understands and agrees that there is no expectation of privacy when it comes to the use of company computing equipment. In addition to this, the employees agrees to follow all company computing policies that are published on the Web site http://xxxxxx.xxxxx.xxxx.com and that they understand that these policies will be updated from time to time.

There are a number of cases out there where employees have successfully sued companies for invasion of privacy. Each state has its own privacy laws and this wording solves the problem in all states.

The following banner is suggested by CERT Advisory, so that every time a user needs to log on to his computer he is presented with this info and by clicking "OK" he is accepting the responsibility of what the banner states and understands that he should have no expectation of privacy.

"This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.
In the course of monitoring an individual improperly using this system, or in the course of system maintenance, the activities of authorized users may also be monitored.
Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials.
This explicit warning strengthens a legal case that can be brought against an employee or intruder, because the continued use of the system after viewing this type of warning implies that the person acknowledges the security policy and gives permission to be monitored."
This was first published in August 2005

Dig deeper on Information Security Policies, Procedures and Guidelines

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close