The September 11th issue of the Wall Street Journal carried an article titled "At Many Companies, Hunt for Leakers Expands Arsenal of Monitoring Tactics." What caught my eye were the two lead paragraphs which I reproduce here verbatim:
"Tom Bowers, a security manager for a big pharmaceutical company, got a tip earlier this year that an employee had accessed sensitive drug data for which she didn't have clearance.
Mr. Bowers searched the employee's computer, using recently purchased software that tracks file transfers and Internet use. He found she had sent confidential drug-manufacturing data outside the company. The employee was fired. "We have suspected for a long time that this type of activity was going on, but [until buying the software] we had no way to track it," Mr. Bowers says."
In case you are surprised that this type of monitoring goes on, don't be. And, expect more of it.
You may think that by citing this article, I am against such monitoring. Quite the contrary. I'm against it only if you, the employee, is not informed and reminded (regularly) that this practice is going on AND that it is normal practice that applies to ALL employees, including the President.
In other words, as an employee who is paid for the time you spend on behalf of your employer, the company has rights to everything that you do and create. It is more than likely that you agreed to just that and in writing when you were hired. This means that your employer can monitor everything that you do within reason. By "within reason" I mean that they can't invade your privacy such as placing video cameras in the men's room.
There are two approaches to this legal snooping by your employer. Reactive or Proactive.
The Reactive approach is exemplified by the Wall Street Journal article. In that case, the employee was suspected of and then caught doing an illegal file transfer. Such deliberate acts can never be prevented. However, they can be minimized. This is where the Proactive approach comes in.
The Proactive approach is where a company fosters an environment of honesty, compliance and responsibility. It is an environment created by example from senior management down. It is an environment where unethical behavior (not necessarily illegal) is not tolerated. It is an environment where proper behavior is taught and reinforced. And yes, it is an environment where behavior is monitored and actions have consequences.
The Reactive and Proactive approaches must be properly balanced. One without the other will not work. If applied correctly, all employees will know what is expected, act appropriately as a matter of course and, last but not least, know the consequences.
On a final note, while the article talks about the use of software programs to monitor compliance, it does not mention what software was being used. Here also, the program must support both the Reactive and Proactive methods. One suite of software that touches both is from a company called Orchestria. Check out what they have on their web site but don't forget to do some comparison shopping before you buy.