Hopefully by now everyone has an established policy on Acceptable Internet Usage and Social Media, and all employees understand that they have no true right to privacy in the workplace when using Company owned electronic resources. If you haven’t already addressed these issues, it’s time that you did.
Most companies advise employees they will be monitoring internet and computer usage to verify that the equipment is not being abused for personal or illegal use. However, according to the National Conference of State Legislatures, seven states so far require that employers not only monitor this usage but also report certain activity – child pornography – if they find it in their workplace. (For a summary of these requirements, and to see if you have these obligations, visit the website for the National Conference of State Legislatures
It’s not surprising. According to www.healthymind.com, 25% of all search engines are pornography related, and 70% of all internet pornography traffic occurs during the 9am – 5pm workday. With over 100,000 websites dedicated to child pornography, there’s more than a slight chance that some of the traffic taking place across company bandwidth is of this variety.
Arkansas, Illinois, Missouri, North Carolina, Oklahoma, South Carolina, and South Dakota have each enacted laws requiring computer technicians or Internet service providers to report child pornography if they encounter it in the scope of their work. Failure to comply with these laws can result in legal action. Click herefor state specific information.
It’s important to know that even without specific laws in place, employers can still be held liable for what their employees are doing on their time. In the 2005 New Jersey case of Doe v. XYC Corp., the court upheld that the employer was liable for crimes committed on their property involving the pornographic images of an employee’s 10-year old stepdaughter. The court determined that the employer had a legal obligation to investigate the employee’s activities and to take action to stop the activity.
So what do you do?
1) Create your Acceptable Internet Usage Policy, if you don’t already have one. Check it to be certain it explicitly states that the employer has the authority to monitor employee usage of all computers and employees should have no expectation of privacy when it comes to any of the company’s electronic equipment. Be specific as to what types of sites are forbidden, even if employees are allowed to use the web for personal use during designated times.
2) Communicate this policy and train employees on proper use of the Internet. Make sure that they understand the implications that violation of the policy can have on the company.
3) Develop a plan with IT to monitor Internet use. Randomly monitor employees’ use, and have a system in place to specifically monitor the use of an employee suspected of violating the policy.
4) Take action when a violation occurs. If the violation also breaks the law, do not hesitate to contact law enforcement officials.
Remember, having a policy in place is not enough. An employer’s strict policy regarding Internet, email, and social networking activity provides little protection once the employer knows of an employee’s illegal behavior. If you are an employer in a state with reporting requirements, you have immediate obligations. All employers must be aware that turning the other way is not an option when employees break the law, especially when it is on Company time.
Submitted by: Paula Agee, SPHR; Senior Consultant with IntegrityHR, Inc.
