Advances in information and communication technologies have provided significant advantages to the organizations that use them. Perhaps not surprisingly, these powerful new capabilities have also led to the growth of new forms of employee misconduct. Unfortunately, some of the employees who enjoy easy access to Internet features such as the Web, chat groups and e-mail will find themselves lured into spending considerable amounts of working time on pursuits that are, to put it delicately, not central to their job responsibilities. In this article, FOCUS will examine some of the problematic behaviours that have developed in the wired workplace and appropriate employer responses.
At the least serious end of the spectrum is the use of digital communications for purely personal matters. Productivity may suffer as the universe of distractions expands. More worrisome even than wasted work time is the possibility that computers will be used to download offensive, discriminatory material, such as pornography, which can then be sent around the office via e-mail, or be viewed by groups of employees.
When this type of conduct takes the form of an ongoing pattern of employee behaviour, in which employees regularly view sexually explicit web sites, forward lewd jokes on the office e-mail, or install sexually explicit screen-savers, the result may be a poisoned work environment. This in turn could lead to the lodging of a formal complaint of harassment by one or more employees and, ultimately, a finding that the employer that has tolerated this state of affairs is liable for the harassment. Depending on the nature of this material, criminal activity may also be involved.
Finally, there is the issue of abuse of the organization’s computerized information. This includes the unauthorized disclosure of confidential information, such as personnel data or business strategies. There is also the risk of damage to or destruction of office files by viruses or other forms of sabotage.
One response to the problem of workplace computer abuse is to monitor employees’ use of computerized communications. This raises concerns about the privacy rights of employees, and the impact on workplace morale of an overly aggressive monitoring policy. Consequently, employers should be wary of overreacting along these lines.
Employers in a unionized context must contend with possible challenges through the grievance arbitration process and the legal precedents in the arbitration case law. While, it would appear that, in Ontario at least, non-unionized employers face little in the way of legal obstacles to pursuing a program of communications monitoring, even these employers must consider the cost of such a course of action in terms of workplace morale, and should bear in mind the lessons that the arbitration case law offers.
While arbitrators have yet to deal with this form of monitoring, the cases on other forms of employee surveillance deal with essentially identical issues. What these cases show is that arbitrators will uphold a program that balances the legitimate interests of the employer in deterring misconduct with the equally legitimate interests of employees in protecting their privacy from unreasonable intrusion. In other words, the employer should have reasonable grounds for believing that its interests are at risk of being harmed before implementing a monitoring program, and should conduct the monitoring in a manner as non-invasive of the employees’ privacy as possible. For example, a program that is restricted to monitoring the time, origin, destination and length of an employee’s e-mail is preferable to one that scrutinizes the content of the transmission as well.
Any monitoring program should be set out in a policy on the use of the organization’s computerized resources. This will ensure that employees understand that they cannot reasonably expect as much privacy while at work as they can on their own time. (See “Office e-mail: no reasonable expectation of privacy” on our Publications page.)
Another strategy is simply to cut off Internet access to employees. This has reportedly been done by Ontario’s Ministry of Corrections in response to a complaint by a female employee that male colleagues were downloading pornography from the Web. Where this step is seen as too drastic or unworkable, employers may consider installing programs that block access to sexually explicit web sites. This type of software, originally developed for parents wanting to restrict their children’s access to pornographic material, is now increasingly being sold to businesses.
COMPUTER AND INTERNET USE POLICY
Employers wishing to minimize abuse of the new technology should give serious consideration to establishing a comprehensive policy on the use of the organization’s computerized resources. This policy would serve as the basis for the employer’s response to misconduct involving digital information and communications. Employers should ensure that their employees indicate they have received and read the policy, and that they are periodically reminded of its existence and advised of any revisions made to it.
- Guidelines regarding Internet access, including
– why the company has Internet access;
– which employees are authorized to use the Internet;
– the types of communications which can and cannot be sent over the Internet (e.g., no confidential or sensitive business information);
– acceptable parameters, if any, for personal Internet use (e.g., lunch hours, no browsing of sexually explicit sites);
– the type of material that may be downloaded (e.g., no pornography, other offensive or illegal material);
– the conduct expected of employees who engage in chat groups (e.g., that they should act as the company’s “ambassadors” and carefully review any contributions, given the large potential audience);
– an explanation that software (if any) has been installed to block access to certain types of web sites.
- Guidelines regarding the appropriate use of computers, such as
– their use for business-related purposes only;
– that employees may access only information related to their job responsibilities (e.g., no access to confidential business information or personnel files);
– information regarding the installation of “firewalls” (if any) in the system to protect sensitive information.
- Information concerning a monitoring program, such as
– notice to employees that e-mail and Internet use may be monitored;
– an explanation of the purpose of the monitoring (e.g., to ensure a harassment-free environment);
– a description of the extent of the monitoring (e.g., that the content of e-mail is not examined);
– an explanation of the means and frequency of the monitoring (e.g., software that maintains a “history” of computer use by employees).
- Notice to employees of the disciplinary consequences of unauthorized or improper use of computerized resources.
AFTER COMPUTER-RELATED MISCONDUCT
When an employer becomes aware of possible computer misconduct, an investigation should be conducted. Until the matter is settled, the person suspected of improper computer use should be denied access to the company’s computers. Where appropriate, the computer itself should be taken out of service and kept secure until it is determined whether it may be used as evidence. The systems administrator should be contacted as soon as possible to ensure that the information at issue is “preserved”, and to keep track of persons who may have used the computer involved in the suspected misconduct for the purpose of making a written statement.
At an early point in the investigation, the employer should determine whether the alleged conduct does indeed amount to a violation of company rules. This determination should be made with reference to the organization’s policy on computer and Internet use. If it is determined that misconduct has occurred and relates solely to internal company matters, the appropriate level of discipline should be imposed, again having regard to the policy.
However, the offending conduct may extend beyond concerns of the employer alone. If the employer believes that some form of criminal offence, such as the distribution or possession of child pornography, has been committed, it is advisable to contact the proper authorities as soon as possible in the investigation in order to determine whether illegal activity has occurred.
Crimes on the Internet draw considerable attention in the media. If an employee is suspected of this kind of criminal activity, it may be advisable for the employer to retain the services of a media consultant to contain the negative fallout that may attend the revelation of computer crime by employees.In Our View
In addition to establishing a policy on computer and Internet use, managers should consider updating their policies on workplace harassment (discussed in the April 1998 issue of FOCUS – see “Workplace Harassment: A legal minefield for employers” on our Publications page) to account for the increasing popularity of the Web. The practice of viewing sexually explicit sites at the workplace can easily be perceived as leading to the creation of a poisoned work environment. Consequently, this type of conduct should be added to the list of activities that will be seen as constituting harassment.
For further information on this subject, please contact Colleen Dunlop at (613) 563-7660, Extension 222.