Management: Is the IT Department Spying on You?

By CIOinsight  |  Posted 05-03-2006

According to the "2005 Electronic Monitoring & Surveillance Survey," published by the American Management Association and the ePolicy Institute, electronic employee monitoring is on the rise. Roughly 76 percent of all companies monitor workers' Web site connections, and 36 percent track content, keystrokes and time spent at the keyboard. Half of all U.S. companies store and review employees' computer files, and 55 percent review e-mail messages.

Although the IT department is most often responsible for the monitoring, they're not the only ones, says Liz Beckhardt, a consultant and former product manager for IBM Corp.'s Lotus QuickPlace, a collaboration software package. "IT just wants to make sure that people aren't uploading huge amounts of data. Managers want to see what their direct reports are actually doing." Once Lotus QuickPlace became popular, Beckhardt says, several Fortune 500 companies pressured IBM to create universal logins that would give managers access to their underlings' workspaces—without their knowledge.

That kind of snooping can have disastrous effects on a company, says Jeremy Gruber, legal director for the National Workrights Institute, in Princeton, N.J. "First of all, monitoring programs create a very stressful environment in the office, which often results in high turnover and job dissatisfaction." It also erodes the level of trust between employer and employee, resulting in decreased productivity.

And then there's the other side of the argument: that employee monitoring is necessary to protect the company from litigation and ensure that employees behave responsibly. "To the extent that employees are sending inappropriate jokes or photos that can create a liability to the corporation, management has clear responsibility to keep that from happening," says attorney Randolph Kahn, founder of Highland Park, Ill.-based information and compliance management firm Kahn Consulting Inc., and author of Privacy Nation (AIIM, 2006). However, Kahn also admits that snooping happens more often than necessary. "The idea of looking just for the sake of looking is inappropriate, and not uncommon."

Some companies make their monitoring policies clear to all employees, including the IT department. "We do not read employee e-mails unless given official permission from human resources or our office of business practices. But when there is an official complaint or irregularity we must investigate," says Timothy Koh, manager of human strategy and planning for Caterpillar Inc., the $36 billion construction and mining equipment manufacturer. "Sarbanes-Oxley requires us to have such policies in place, and we tell our employees from Day One that e-mail belongs to the company and we have a right to monitor it."