Most employees are so ill informed about electronic privacy and computer monitoring, they would be surprised to learn the contents of their organization's eMail system belong to the employer, not the employee. The establishment of a corporate ePolicy provides an ideal opportunity to educate employees about eRisks, eRights, and eRules.
Nancy Flynn, Executive Director of The ePolicy Institute and author of The ePolicy Handbook provides answers to common ePolicy and ePrivacy questions, along with recommendations for appropriate workplace behavior:
Q. Isn't it illegal for my employer to read my eMail?
A. No, it is not illegal. In fact, according to
the federal Electronic Communications Privacy Act (ECPA), an
employer-provided computer system is the property of the employer. As such, the company has every right to monitor all eMail traffic and Internet surfing that occurs on the company's system.
Q. What happens if a co-worker sends me an
obscene or offensive eMail message? Am I going to lose my
job because of someone else's action?
A. You cannot control other employees' actions, but you can control your own. If you receive an offensive eMail message from another employee, take the following steps: (1) Do not forward, delete, or reply to the message. Leave it in your electronic mailbox for management review. (2) Report the incident to the human resources director. Management will handle the situation from there. (3) Do not fall prey to temptation. Even though other employees may be violating eMail policy, it is important for you to adhere to it, as well as the organization's Internet and software usage policies.
Q. I use eMail to stay in touch with my kids during the day.
They check in with me after school via eMail, and they know to use eMail
in an emergency if they cannot reach me by phone. Do I have
to tell my kids to stop eMailing me?
A. Probably not. Most employers recognize some personal eMail use is warranted. While an ePolicy may clearly state the company's eMail system is reserved for business use, the policy probably allows for brief communication between work and home. And, at almost all companies, eMail may be used to communicate in the case of personal emergencies.
The type of personal communication that is typically prohibited includes any correspondence that pulls you away from your job for extended periods of time. Generally prohibited is the posting of personal messages, such as advertising a garage sale, soliciting a charitable donation, or campaigning for a political candidate. An employer who wants to limit eLiabilities also will outlaw messages, personal or business-related, that are in any way offensive, menacing, or discriminatory.
Q. Why can't I bring my own software from home into the office?
If I paid for it, and it will help me do my job, what's the problem?
A. When you purchase software, you aren't actually buying the software itself. You are purchasing a license to load the software onto one computer. It is illegal to load software that has a single user license onto multiple computers. The term for this is softloading.
In addition to being ethically wrong, softloading puts the company at risk on a number of levels. You could carry a virus into the office via your software. If illegally duplicated software malfunctions, you will not be able to access technical support through the manufacturer's help line. And, if the software police come calling and find illegal software on your workstation computer (or other employees' computers), it is the company, not the individual employee, who will be held liable.
Q. I know of two supervisors who are visiting
adults-only Internet sites. I've seen pornographic images on their
computer screens as I've passed by their offices. What should I do?
I know they are violating the company's Internet policy, but I'm afraid
I'll lose my job if I turn them in.
A. Well-written eMail, Internet, and software usage policies apply to all employees, managers and supervisors as well as staff. If you know of any employee who is violating company ePolicy, alert the human resources director. The information you provide should be held in strict confidence and checked out thoroughly. If a violation is unearthed, it is management's responsibility to take appropriate action.
Q. Will I lose my job if a malicious hacker
attacks the company's network and shuts us down for a period of time?
A. Ideally, your company has taken every precaution to avoid the type of denial of service attack that would shut it down for an extended period. To that end, it has conducted an internal eRisk assessment and put into place an eRisk management policy, assessed and shored up computer security capabilities and procedures, developed comprehensive eMail, Internet, and software policies, and devoted time and energy to employee education.
There is no way to predict when or how eDisaster may strike, or what impact an electronic crisis would have on the company and its employees. However, if all employees do their best to comply with the organization's written ePolicies, then the likelihood of an eDisaster occurring is greatly reduced.
Q. I've heard the term "social engineering"
associated with hackers, but I'm unclear what it means or how it
applies to me. Please explain.
A. When hackers prey on the naiveté of employees or the carelessness of employers in order to gain information about and access to a computer system, that is social engineering. Don't make it easy for hackers to access the company's computer system. Don't share your password with anyone. Don't post or keep lists of passwords in unsecured locations. Turn off your computer if you are going to be away from your desk for more than an hour. Unless you've been authorized to do so, do not divulge information about the company's computer system to any outsider, in person, on the phone, or via eMail.
Q. No one expects eMail messages
to be well-written and error free. With eMail, a typo is just a typo.
No big deal! So why should I adhere to the rules spelled out in the
company's eWriting policy?
A. Every message you write, whether electronic or on paper, is a reflection of the company's credibility and your professionalism. Your eMail correspondence is expected to be just as polished and professional as your written letters and proposals. Check every eMail message for accuracy, brevity, and clarity. Run each document through spell check. And adhere to the writing guidelines outlined in the company's eWriting manual.
Excerpted from The ePolicy Handbook by Nancy Flynn, ©2001.
Permission to reprint granted, provided the article is reproduced
in its entirety and www.epolicyinstitute.com is cited as the source.
Click here to read about The ePolicy Handbook.
©Copyright 2002, 2001, The ePolicy Institute™. All content is the property
of The ePolicy Institute. Visitors may reprint or repost content for
non-commercial use only, provided the following citation is included:
2002, 2001 The ePolicy Institute, Executive Director Nancy Flynn,
The ePolicy Institute™
2300 Walhaven Ct., Suite 200A
Columbus, OH 43220
614/451-3200 (phone) 614/451-8726 (fax)