Ongoing workplace surveillance projects

I'm engaged in three ongoing projects on employee monitoring (workplace surveillance). For more information, please email Andrew Schulman.

(1) Employee Monitoring Notice Practices: this is a follow-on to the Privacy Foundation's widely-publicized report on the extent of employee monitoring. We found that about 1/3 of the US online workforce has its email and/or web surfing under continuous surveillance by employers. (An update to the report will be made available in July 2002, reflecting, for example, Websense's expansion from 8.25 million covered "seats" at the time the report was written, to 12 million seats in 2002.)

The next obvious question is, do the employees know about the monitoring? What are employers telling them? What are "best practices" in this area, i.e. that might be part of future legislation requiring employers to notify their employees of monitoring? The study is based on close reading of dozens of real-world internet usage policies, from both the private and public sector (including federal, state, and local governments), and on interviews with HR and IT representatives at major employers. The goal of the study is to educate the public, press, and legislators about both the current practice (what, generally, do employers really tell their employees about monitoring?) and desired standards (what should they be telling them?)

(2) The Cost of Employee Personal Web Surfing at Work: The vendors of employee-monitoring products are frequently quoted in the press, and relied upon by legislators, with figures measuring the cost to US businesses of personal web surfing at work. For example, the largest vendor of employee-monitoring software, Websense (San Diego, CA) says that US businesses lose $63 billion each year to personal web surfing by their employees. While there have been literally dozens of different figures quoted in this area, there does not appear to have been an impartial study that attempted to measure the scope of personal web surfing at work, and thereby determine whether this explanation for workplace surveillance is justified. The goal of the study is to get some solid numbers into the debate, so that the vendors are not the sole source of "hard" information.

(3) Email in the Courts: The vendors of employee-monitoring products frequently cite (and articles on the workplace in the press frequently repeat) a handful of court cases which ostensibly demonstrate that corporations can lose millions of dollars because of a simple raunchy email by an employee. A preliminary look at a few of the cases which are cited over and over -- including 1997 Morgan Stanley and R.R. Donnelley cases concerning racist "jokes" sent over email, a Chevron case involving sexist "jokes" in email, and a Microsoft sexist-email case -- appears to indicate that the cases have been seriously mis-quoted and mis-understood. A detailed study of all such cases (there are probably about a dozen) should be undertaken. The goal would be to assess frequently-made claims that employers must monitor the email of their employees because of potential vicarious liability. It is likely that the study would find instead that workplace-surveillance vendors are in effect encouraging employers to avoid dealing with racial/sexual harassment/discrimination problems, by eliminating email which merely reflects (but which may serve as legal evidence of) these problems.

Also see:

Computer and Internet Surveillance in the Workplace. A paper on employee monitoring, originally given at a privacy conference in Hong Kong.

Business & Technology of Email Surveillance. PowerPoint slides from a presentation given in Sydney, Australia.