Changing Technology: Monitoring Employee Computer Usage

David Ray – Grant Thornton, LLP

The employee of a Calgary oilfield service company wanted to spend the day with friends so he called in sick. During the course of the day photos were taken of their “excursion” and posted on Facebook. A co-worker, who had to pick up the extra work because his colleague was off sick, saw the photos on Facebook and reported it to the boss. The “sick” employee was disciplined and had to make up for his day off.

There are 150 million people on Facebook and the web site reported that people 30 years and older are the fastest growing demographic. The web site also reported that the average user has 100 friends connected to their site. Many companies, including my own, have chosen to ban access to Facebook and other social networking systems on the company internet. Employers and employees are discovering that social networking websites are blurring the lines between public and private access. Employers are facing new challenges on the privacy issues of accessing the web sites and employees are finding that posting information on sites like Facebook can be much like putting it on a billboard.

Employees can be disciplined for conduct even after work hours where the conduct is prejudicial to the best interests of the employer and even casual comments on blogs can provide the employer with grounds for discipline. In October, thirteen Virgin Atlantic cabin staff were fired for participating in a critical discussion about their employer on Facebook.

There has also been discipline against teachers for comments made on Facebook and in one case a teacher was disciplined for comments made about the mother of one of his students. Some teachers’ associations have recommended against their members allowing students to become “friends” on Facebook mainly because of the access the students will have to personal information about the teacher and potential repercussions for comments made by the teacher on the site. Some boards of education have either banned this type of communication with students or asked teachers to remove their profiles completely from any networking site. With social networking sites any racy photo or damning comment can be copied by “friends” and becomes public access even when the owner sets up the appropriate privacy settings.

Employers need to monitor employee usage of workplace technology to ensure integrity and protection from viruses and other threats. There is a darker side to social networking sites, even outside the well known cases of pedophilia and bullying and terrorism experts say that Islamic radicals have harnessed the power of social networking as another device to produce more jihadists. The employer also wishes to avoid liability in the event that there is a problems resulting from misuse of the system and their failure to be in a position to show that technology was properly monitored. Courts and arbitrators have held that employers have a right to prevent inappropriate use of computer systems and that employees have little expectation of privacy in e-mail messages or work performed using those systems. Courts have held that employees in a non-unionized work site have even less expectation of privacy than a unionized work site but do not completely abandon their right to privacy.

Employers should have a policy putting employees on notice of the reason for electronic monitoring of computer systems including email and internet usage. The policy should provide employees with guidelines on appropriate use and most employers allow for limited personal use in recognition that some personal e-mail or access to appropriate sites may not affect productivity or cause risk to the technology network. The policy should also notify employees of the consequences for unauthorized use (usually discipline up to and including termination). Employers should also ensure that the policy is properly communicated with tools such as sign off annually and at the time of hire or pop up reminders when employees sign onto the system.

At least 25% of employers admit that they use a review of social networking sites to research job applicants although the number of employers using them is probably closer to 75%. Employment search firms say that social networking sites can give insight into a person’s ethics, personality and behaviour patterns. Accessing the social networking site of an employee or applicant for employment is obviously collection of personal data and it may even contain medical information. There are no court cases on point as yet, however, there is a strong argument that the posting is publicly accessible and therefore there is implied consent on the part of the person posting. Implied consent would allow the employer to collect, use and disclose the information without invading the privacy of the individual. Where appropriate privacy settings have not been set on the web site by the individual the employer can assume that it is meant for public access. The employer should also keep in mind that a court or arbitrator will also look at the reasonableness of the access .to the personal information to ensure that there is not an unreasonable invasion of privacy.

New technology has provided both a danger and benefit for the employer but there are no clear guidelines from courts or arbitrators outlining grounds for discipline of employees for misuse of new social networking tools. There are also no guidelines for the employer’s use of those tools for background checks. Social networking sites result in a constant interplay between the employee’s duty of loyalty to the employer and the employee’s expectation of privacy.