Big Brother, Your Boss
A handful of years ago, Richard Bliss got a call from a woman with a grievance. She had just lost her job, and she said that Bliss and his company at the time, Allegro, were the reason. The woman may have let her feelings get the better of her when she yelled, "You run a terrible organization!" But she was right about one thing-Allegro had gotten her fired.
Bliss develops email-monitoring software that enables companies to oversee their company email accounts. Allegro had identified a virus attached to an email the woman had sent; following standard procedure, Bliss notified the company. As luck would have it, the infected file was the woman's resume, which she had sent out to a rival firm. When her boss found out-through Bliss's software-the woman got the boot.
This story is less unusual than you may think. Increasingly, employers are checking out their workers' online activities. According to a survey commissioned by Proofpoint, an email security company, 38 percent of American corporations regularly monitor the contents of their employees' outbound email, and more than a quarter of all companies have fired employees for violating email policies. In many cases, an employer's interest extends not just to email, but also to Web browsing at work. In fact, even after-hours Web activity can land an employee in hot water: Once it's online, your private life is no longer private.
And just because a company doesn't announce its monitoring policy doesn't mean it isn't going on. Only two states-Connecticut and Delaware-require employers to notify workers if they're being monitored. What that boils down to is, there's a decent chance your emails are being read by someone at work-and that you have no idea it's happening. "Unless you've got a friend at your company who works in human resources or IT who's willing to clue you in on your employer's monitoring tactics, there's no way to know for sure if-or in what ways-you're being watched," Bliss says.
It isn't sheer nosiness that makes companies monitor their employees; in some cases, it's good CYA policy. For instance, a company might use an email monitoring program to prevent disclosing sensitive information: To keep credit card or Social Security numbers from accidentally appearing in emails or attachments, monitoring software could be set to watch out for long numbers. "This isn't about the snoopy boss," says Keith Crosley, Proofpoint's director of corporate communications. "If it becomes public knowledge that a company sent out 10,000 customers' credit card numbers over email, well, that's some pretty bad PR."
Still, it's clear that in some cases, companies use monitoring to find out things their employees would just as soon keep hidden. "'Financial risk' is the official reason companies give for monitoring email," says Bliss. "They're not going to say that they're doing it to catch someone having an affair-but when it comes to ethics, they do need to be mindful." He points to a sexual harassment suit against Chevron in the mid-'90s, in which four women claimed they had faced a barrage of offensive emails, containing everything from suggestive comments about their bodies to straight-up porn. The oil giant settled the case for $2.2 million-money the company could have saved if it had been monitoring emails in the first place.
Clearly, if you're sending out a resume or a love note from work, it makes sense to avoid company email and use your personal account instead. But simply using Gmail or AOL isn't necessarily a defense against employer snooping. Under the Electronic Communications Privacy Act, anything created on company equipment is company property-and that includes the personal emails that you send from work. "Employees have no right to expect privacy, even if their employer tells them they're not being monitored," says Nancy Flynn, founder and director of the ePolicy Institute, an organization that helps employers limit electronic risks. "An employer has a right to monitor everything that happens on their system. And it's all 100 percent legal."
"It's like with high school," says management expert and business author Ruth Haag. "A school can search your locker because, in reality, it's their locker."
It's not just email use that's getting employees in trouble online. As blogs, social networking sites like Facebook, and message boards become increasingly popular, they're also garnering closer scrutiny from employers. From an employer's point of view, anything an employee says online is a reflection of the company-a philosophy that puts a premium on discretion. In one high-profile crashand- burn, Bear Stearns banker Richard Marin kept up his personal blog last year while two of his hedge funds headed precipitously south, writing of his attempts to "defend Sparta against the Persian Hordes of Wall Street." The New York Times publicized the blog-and Marin got his walking papers a day later.
But it isn't just the fat cats who get noticed. From The New York Times Company to Boeing, plenty of high-profile companies have fired or disciplined employees for their activities on blogs, Facebook, and MySpace. In fact, termination for online activity has become so common that it now even has its own verb: "dooce." The term comes from blogger Heather Armstrong, who claims to be the first person fired for her online activities. "Dooce" is the name of her blog.
Take the case of Bill (not his real name), a 24-year-old media and outreach strategist who was working for a media consulting firm in Washington, DC. His employers always knew he had a personal blog-in fact, when he applied for the job, he provided them with a link. "They thought it was great," Bill says. "They told me they liked my insight, and when I accepted their offer, they told me to keep it up." He did.
Like more than half of U.S. companies, Bill's employer had an Internet-use policy that covered blogs, social networking sites, and message boards; when he came aboard, he read it thoroughly. "The policy basically was: Don't talk negatively about clients, and confidential things must stay confidential," Levin says. "I thought I was being very careful to follow the rules." But in January, he made a major misstep, posting opinions about a public figure whom his employer had previously identified as a possible future client. Within hours, Levin was called into his boss' office and told to take down the post immediately. He did-but it was too late. "They told me they had to fire me," Levin says. "I was in shock. I was baffled. I still don't think I did anything wrong." But in the eyes of his employer, he'd wrecked a future deal with a prestigious client.
How do you stay out of trouble? The best tactic: Read your company's Internet-use policy, and adhere to it strictly. There's no such thing as being too cautious. "I continually stress to people: If you wouldn't want the whole world to read the contents of an email, don't send it," says Crosley.
Blogging and posting to message boards during the workday is best avoided altogether. As far as what you do at home-proceed carefully. In fact, the best policy for observations about the workplace is to keep them offline. "Posting content about your boss, your company, or your coworkers is what's most likely to get you into trouble," Flynn says. "Never write anything work-related unless you have permission from your employer first."
Bill the blogger learned his lesson the hard way. "With the Internet, you're always on the record," he says. "I know that now."
Four Simple Rules for Staying Safe at Work:
1. Read-and reread-your employer's Internet-use policy. Know it. Love it. Adhere to it.
2. If it makes you cringe to think that the entire world might know the contents of an email, don't send it.
3. Don't post anything on your blog about your company, your coworkers, or your boss. No exceptions.
4. Set boundaries for the kinds of emails you'll send from work: messages to your mother are likely acceptable. Forwarded jokes to your former roommate can wait.
MBA Jungle, August 2008