bCentral Home
Your Online Business Center

I spy

The pros and cons of staff surveillance

By Matthew Stibbe

Back in the long ago before balding and the writer's bug took hold of me, I ran a software company. In those days a high speed internet connection cost as much as a second-hand Ferrari and we were among the first to see the downside of internet abuse.

At first I was an idealist. I didn't want to be able to monitor what my employees did online or track their emails. Like a lot of techno-hippies, I believed that information wanted to be free.

Times change and as Groucho Marx said, "these are my principles but if you don't like them, I have others." And so, this bulletin is all about spying on your employees.

Times are changing

It was the reality of what happened when people misused the internet that changed my mind. I had employees in tears because they had received offensive but anonymous messages. Idiots emailed racist and sexist jokes to everyone. There were allegations of downloaded porn and pirated music and software.

Why spy?

Quote�There are growing legal implications for employers.�End Quote

If anything the situation has got worse because many of the bad things people do online are now associated with security risks like viruses and spyware. Besides the personal pain that this misbehaviour causes, there are growing legal implications for employers:

What if an employee inadvertently defames someone or binds the company to a damaging contract by email?

What if someone takes you to an employment tribunal claiming a hostile working environment?

What if you are busted for allowing software or music piracy?

Then there are equally-pressing productivity and reputation issues:

Do you want your employees downloading porn on work computers? It'll probably happen. The majority of internet porn traffic occurs during office hours.

A single message could do enormous PR damage. Just think of the infamous Claire Swire saga.

How much productivity can you afford to lose to 'cyber slacking' - employees browsing the net on company time?

Surveillance options

There are a number of things that you may want to consider:

Blocking or tracking individuals' access to certain websites

Automatically filtering email to prevent people sending confidential or embarrassing material to outsiders

Scanning hard disks for illicit material

Keeping email logs and archives so that old emails can be examined

All of this is possible using commercial tools, including Microsoft Internet Security and Acceleration Server 2004, but there are legal and ethical constraints.

Legal restrictions

There are several laws that regulate how you monitor your employees.

The Data Protection Act 1998. If you monitor information and link it to individuals you have to apply the act. The Information Commissioner has produced a sample code of conduct in respect of employment data (pdf download) which sets out (among other things) the need for the monitoring to be carefully considered and clearly communicated in advance.

The Regulation of Investigatory Powers Act 2000 covers the interception of communications on private networks, such as monitoring internet and email. Again, if you are going to do this, prior notice is required. Covert surveillance is very rarely legal.

A question of policy

Quote�It was a struggle to get the balance right ten years ago and it still is.�End Quote

Lawyers advise that you should have a well-communicated policy and explain what you are doing and why. This also makes sense from a practical point of view because the possibility of scrutiny will cause ne'er-do-wells to think twice.

ACAS has a very helpful guide to writing an internet and email policy. In most cases, a lawyer's advice is also necessary. These days they should have boilerplate policies that you can use as a starting point.

In my case, I had to write my own policy from scratch because it was a new problem. Looking back, I'm not sure how effective it was without the possibility of surveillance to back it up. On the other hand, monitoring is intrusive and undermines trust for the majority of decent staff. It was a struggle to get the balance right ten years ago and it still is.


Sign into Microsoft Small Business+ for free web-based training and software support.

sign in
Security information

Find a local Microsoft Small Business Specialist to help with your IT needs

Microsoft Small Business SpecialistMore info >

What do you want your PC to help you with?

What do you want your PC to help you with?







Free business newsletters - subscribe now

Our free newsletters are packed full of business advice and ideas - plus all the latest news

Security information

Get the latest bulletins and updates direct from Microsoft