Larger companies have started to hire third-party firms to monitor what's said about them in the blogosphere and on social media sites, but in many midsize and small companies, this duty could fall to IT.
Will IT managers resist this expansion or chalk it up to just doing their jobs? Florida Institute of Technology's Workman doesn't envision much pushback. "I see them doing it, but I don't see them being completely comfortable with the practice," he says.
How do you feel about being asked to monitor employee behavior? Would you rather not do it, or does it simply come with the IT terrain? Share your thoughts here.
Employee monitoring done right
Experts recommend these steps to protect your company and yourself if you're asked to monitor employees:
* Have a formal Internet usage policy in writing that spells out what employees are and are not allowed to say or do via e-mail and on the Web, including blogs and social networks.
* Explain the rationale behind the policy (that what employees say electronically can expose the company to legal risk, for example), state specifically what is being monitored and how, and lay out the consequences of violating the policy.
* In addition to having new hires read the policy, conduct ongoing training and awareness programs to educate and remind employees.
* Establish clear procedures to follow when IT discovers violations, including who should report the violation and to whom, how it should be documented and who will confront to the violator.
* Ideally, IT, legal and HR should be involved in developing and enforcing the policy. Legal, in particular, should provide guidance on the handling of electronic evidence related to any potential criminal charges or a civil lawsuit. (If your company does not have in-house legal counsel, it should hire an outside attorney with experience in employment law, IT and e-discovery.)
* Remember that you're being monitored, too. Although the IT staff may not realize it, many companies also monitor everyone in the IT department, including executives, says Larry Ponemon, founder and chairman of the Ponemon Institute, a data privacy and security consulting firm. "[IT staff] might be surprised to learn ... that someone is watching the watcher," he says.
Sign up for Computerworld eNewsletters.