Today business is being conducted electronically because internet access in every organization has become a business necessity. The internet, social networking, email, websites, forums, wikis, blogs, and instant massaging are the essential tools that an employee uses to communicate, collaborate and to do research work. But, these resources could be misused for private and illegal activities.
As we all know the majority of all employers monitor employee arrival and departure time. Almost every organization, cash has been handled accurately. The majority monitor accuracy and quality of there employees work. Each and every employer expects maximum productivity from there employees. The employers think that the monitoring is not unreasonable; monitoring is commonly accepted as a business requirement. Still large number of organizations they do not monitor the manner in which the workers use there computers. The improper use of computer tools can have serious threats for an organization.
In a computer base business environment lost of productivity won't be the only issue that an employers face how much time do they spent for none related activities? For instance, how much time were employees surfing the internet? What do they do during there time online? Play games, look for the perfect partner? How many none related emails that they got and send? By doing numerous none related work they waste valuable the time of the employees' and network bandwidth of the company sometimes, employees get internal confidential information and data and use them for illegal purposes. Therefore, the monitoring in this regard should be highly considered.
Personal surfing has become a nuisance for employers. Employees utilize computer tools for there leisure and pleasure within the normal working hours. A survey revealed that in an organization the lost time of an each employee is around 2.5 hour per worker. With the use of the number of work force and the hourly pay rate the total employee cost of cyber lacking could be estimated and it was a considerable amount. One of the security company, Sophose disclosed 60% of its uses accessed the social networking site, Face Book during the working hours. And that more than 25% of its uses accessed the site more that 10 times each day during working hours [Employee Computer PC Activity Monitoring Solution]. Around the world approximately there are fifty million Face Book users per day. And this number is increasing by 200,000 per day. How many cyberlackers are there in your organization and how much do they costing? The other important matter to be taken to consideration is Intellectual Property Theft (IPT). Interconnected computers and mobile instruments provide new opportunity for people for access and steal data. These data could be conveyed to a laptop or a flash drive. Carnage Mellon University's software engineering institute has found 75% capital IPTs were done by internal machines in the staff. In recent case a research chemist has being admitted to stolen $400 Million worth of property data from his former employer DUPOINT [Employee Computer PC Activity Monitoring Solution].
Fraudulent often has access to very confidential information which can be misused by the employee or sold to a third party. It is stated that HSBC customer personal accounts were stolen up to $500,000 after the HSBC employee passed on data in to a criminal associate. [Employee Computer PC Activity Monitoring Solution].
Employers hold some form of legal liability and accountability for the actions done by there employees. According to the institute of e-policy, a considerable percentage of employers were prosecuted by courts due to improper use of electronic mail and web based technologies [Employee Computer PC Activity Monitoring Solution].
Therefore, monitoring employee activities is not a universal remedy to the above problems discussed. Introduction of Effective monitoring with an electronic policy could be implemented as a part of a risk management strategy.
Computer Monitoring and Electronic Monitoring is rapidly to growing readably in world business. The technologies have become more powerful and easy today. It is inexpensive to install and maintain. Therefore, the rate of electronic monitoring in developed countries has increased considerably. In United States in 1999 the percentage of employer who electronically monitor there workers was 67%, in 2001 this number has increase to 78% by 2003 - 92% of employers were conducting some type of work place monitoring [National Work rights Institute]. This rapid growth of monitoring could be destroyed any sense of privacy as we know in American work place.
In Srilanka the government embarked ambitious program that establish email and internet all government sector organization in 2003. Under this program they are equipped with a computer and a wide access to online environment has raised numerous privacy related questions for both employers and employees. In particular issues of email and internet usage and employee monitoring in the work place is an important matter to be taken in to consideration. And also issue of electronic surveillance in the work place has an impact on employee privacy rights.
There are four categories of usage in organizations. Sending and receiving email, accessing and posting documents on the World Wide Web (WWW), sending and retrieving computer files which is known as File Transfer Protocol or FTP and joining electronic discussions such as news groups' internet related chat groups. Email is a widely used internet service although many users are active in all categories. We could see two interest parties exist in an organization and two competing interests in the employment context. The employers' right to conduct business in a self determination manner and the employees' privacy interests or the right to be let alone.
For employer and managers, employee monitoring is a necessity. It has been argued that email and internet monitoring in a work place are the most effective method to ensure a safe and secure working environment and to protect employees too. In addition to that, some argue with that monitoring may boost efficiency, productivity, customer service and allow more accuracy to evaluate employee performance [DeTienne, 1993]. Different types of monitoring systems could be implemented by the managers in there particular organizations. In a computer based work place employee key stroke speed and accuracy is commonly monitored by the employers. Other electronic devices such as video surveillance which detects employee theft and employee safety. Spying is a detective tactic. When there is suspicious activity within the organization, they use systems for tapping of phone calls, the frequency of phone calls and Badge system to locate the employee within the working hours.
It is argued as to whether employee monitoring is advantages to the employee. Advantages could be identified a few in number, comparing to the number of disadvantages. Electronic monitoring is beneficial for the employee because it provides impartial method of performance evaluation and prevents interferences of managers' feelings in an employee review. Data information collected by the electronic system offers uniform and accurate feedback on the past performance. Therefore electronic evaluation system would be the best performance appraisal based on the quality and quantity and accuracy of an employee's actual work, rather than manager's opinion. Where there are computers and electronic monitoring is available it provides flexible in-work locations convenient. Working hours by allowing employees to telecommunicate or use system available from the employer
The advantages as well as the disadvantages are important to employees because advantage is helpful to employees' disadvantages due to monitoring crates negative influence to the benefits of an employee. Some of the employers do monitoring by using law cost methods for better productivity and a good customer service. But the employers, those who really use modern methods to exerting control and power over employees. Electronic technology which uses for monitoring has made it easy of collecting private-data information that could be used negatively against the employees' character or behavior and to take unfair decisions to harass the trouble maker and the union organizers within the organization. Fairness in how monitoring is implemented has to be considered. Whether the standers are reviewed as reasonable, the information collected should be work related and important for the employees quality of work life of day-to-day life and not other than anything else [Levy. M, 1994].
In this computerized world, where information and data are the most valuable consumer goods. Personal data is the life of the new economy when the process of information exchanges. For some businesses information is money and for this reason they buy and sell information derived from personal data. In the same way for some governmental and military organizations information and data are for their security purposes, for this reason, they manipulate personal data and information in the name of safety and public security. In both cases we could see that an individual or groups do not have always ability to control the flow of there personal information and data and are unable to determine for themselves when, how, and which personal information should be shared with others.
Although information technology is related to privacy violation, that the privacy is not a new issue. It is not computes invade privacy but people who have the tendency in many ways to invade the privacy of others. Presently privacy problem seems become even worse, and information technologies such as network database, digital and tele cameras, microphone transmitters and monitoring hardware devices and software programs. The aim of these technologies to select different kind of data information for various purposes. However sometimes personal information and data is maintained without the permission of the individual and personal data travel on the super high way offering invaluable information and details to various parties from marketing companies to government agencies.
Creation of electronic surveillance and monitoring in an organization, create unnecessary stress and pressure on them. Under these conditions heavy workloads and repeating functions leads them to social isolation and loss of job satisfaction. Under this type of working conditions a study revealed, that monitored employees suffered from physical and psychological health problems [Levy, 1994].
Employers today, depending the business they do, generally conduct monitoring in there organizations in order to increase productivity and customer care. Most of the employers initiate electronic monitoring which results devastating to employee privacy. Employee monitoring systems frequently record personal communications while at work. Internet monitoring is very invasive especially in a computer environment. It would be easier to communicate through internet than on there office telephone or email. Most invasive of all is video monitoring. These hidden video cameras installed in every were of the work place or factory such as locker rooms and bathrooms and there stoles. Some employers don't know when and what they are being monitored or watched. Some employees know that they have a standard employer who reserves the right to monitor anything at any time. While other employers do not know whether it is there email, voicemail, web access or hard drive or whether they are being monitored at all. Therefore, it is clear that the privacy at the work place is at a risk. Therefore, before initiating a program of monitoring employers carefully should consider effective solutions other than monitoring.
Business field should have properly trained managers who are capable to deal with sensitive employee subjects. Supervising staffs can set conduct guidelines, address concerns, mediate complaints as well as monitor deal with those employees that choose to abuse company resources.
Business should always conduct as in-house assessment to identify whether electronic monitoring is even necessary.
Management should speak with employees regarding the productivity problem. Employee may suggest alternative ways to solve the problem if monitoring is chosen; employee may participate designing the monitoring program.
If monitoring is conducted the scope must be as narrower as consistent with achieving the particular objective.
If the company chooses to adopt electronic monitoring, notice should be given in advance of any monitoring. This notice specifically state what would be monitored and when this would occur.
Computer ethics deals with the balance between employee rights and employer interests and development of an effective employer use policy. On a practical basis any computer based organization can draw upon a code of ethics or policy should include the following theories
The Law - which include moral principals include with negative consequences for disobedience.
Code of practice - guidelines for employers to work within the organization.
Professional Ethics - Guidelines to employers/ managers to work within the organization.
Personal Ethics - Values that influence actions of the individual
Monitoring mechanism is very important to employees for many reasons. Failure, to inform and advice the employees that the computer based activities will be monitored maybe a violation of employee privacy rights according to the certain judicators. If the employees have been notified that they are being monitored they will be compelled to prevent from breaching the AUP (Acceptable Use Policy). Furthermore undisclosed monitoring would bring negative impact on employee moral.
Therefore following steps could be taken to formulate a acceptable use policy - (AUP).
An AUP should be communicated to staff of the organization in writing
Permitted and prohibited activities should be setout for the usage of e-mail, internet and other applications.
Specify the disciplinary actions that will be taken for the disobedience for the AUP.
Employer should notify that they are being monitoring and when and what will be monitored.
Although both employer and employee should stick to this AUP, there may be particular that could be unannounced monitoring is taken place. But such action should be taken, only after a legal advice. It is advised that an AUP should be supported with worker educational programs too and in these educational programs it should be discussed on the following topics.
The necessity of an AUP?
That compliance should be compulsory
The conditions applicable in the AUP
The consequences to disobedience
The extent of monitoring
Who should consult with any questions about the AUP
In this manner employer and employee relations could be established and maintained, industrial peace and the privacy rights of the employee will be secured to create a computer based environment which would enhance production and productivity. That would lead to economic development.
The educational program will not only educate the AUP to workers and ensure compliance; it may also introduce of good codes of practices within a social framework and entering them in to legal process. In the contrary, it may provide a defense against law suits by enabling an employer or an organization to demonstrate that all responsible steps were taken to ensure that the work place is free from harassment and all efforts were taken to provide maximum possible protection for employee privacy rights and to maintain the workplace privacy rights of the employees in the organization.
Taking in to privacy violation, in the information society it is important to discuss about the right of privacy to some extent. Communication privacy includes privacy of email, teleconference, voice telecommunication and postal mail. Information privacy determining the purpose of use and communication of personal information with others. It consists of rules including legislation and industrial codes concerning with the collection, providing data on request, scatter about selective information or personal data such as credit information and medical and governmental data information and records. With regard to computer ethics, communication and data communication privacy are the main concern.
Method of privacy violation in the data communication and technology sector could be classified in to the following categories,
Intrusion: wrongful entry of acquiring procession of property belongs to another and by extension, violation of privacy.
Misuse of data information: illegal use of information for unauthorized activities
Interception of information: unauthorized access to private information by a third party to a private communication.
Data matching: data combined, linked and compared from two of more unrelated databases to create new information. The purpose of data matching is to regain statistical information, or create computer profiles. This data matching is used for instance, by security agencies to discover wanted criminals, terrorists or missing persons or by tax agencies to find out illegal earnings and tax defaulters.
Data mining: the collection of masses of data into one or more data bases in order to get new information and knowledge that was previously hidden and unidentified. It is used in direct marketing, allowing marketers to combine various criteria taken from databases to focus on a specific target group.
According to the above possible methods of privacy violation, databases, networks do a major role therefore, what can be done to protect individual personal privacy? Some of the governments have tried to protect personal data through special legislations or privacy guidelines.
In 1998 OECD (Organization for Economics Corporation and Development) ministers adopted the declaration on the protection of privacy on global networks in order to ensure the respect of important rights, build confidence in global networks, and prevent unnecessary restrictions on transborder flows of personal data.
UK parliament published the data protection act of 1998 which protects the personal data of an individual (Stored in either digital or paper form) from unreasonable or illegal use.
The Australian Federal Government the OECD guidelines with privacy act in 1988.
The US privacy legislation seems to be a special one but more recently the US privacy legislation has supplemented two major laws on the use of personal data. One is the privacy act of 1994 and the other one is the computer matching and privacy protection act of 1998.
It is very clear that old common laws do not really cover the area of work place privacy in many countries. Therefore, a gap exists between the times when a new communication technology is created; new laws have to be designed by the state legislature to cover the new technologies and to protect the work place privacy as well.