Monitoring employee behaviour in digital environments is on the rise, with 60 percent of corporations expected to implement formal programmes for monitoring external social media for security breaches and incidents by 2015, reports Gartner. The analyst firm says many organisations already engage in social media monitoring as part of brand management and marketing, but less than 10 percent use these same techniques as part of their security monitoring programme.
“The growth in monitoring employee behaviour in digital environments is increasingly enabled by new technology and services,” says Andrew Walls, research vice president of Gartner. “Surveillance of individuals, however, can both mitigate and create risk, which must be managed carefully to comply with ethical and legal standards.”
“The problem lies in the ability of surveillance tools and methods to produce large volumes of irrelevant information,” says Walls. “This personal information can be exposed accidentally or become the target of voyeuristic behaviour by security staff.”
The popularity of consumer cloud services, such as Facebook, YouTube and LinkedIn, provides new targets for security monitoring, but surveillance of user activity in these services generates additional ethical and legal risks.
There are times when the information available can assist in risk mitigation for an organisation, such as employees posting videos of inappropriate activities within corporate facilities.
However, there are other times when accessing the information can generate serious liabilities, such as a manager reviewing an employee's Facebook profile to determine the employee's religion or sexual orientation in violation of equal employment opportunity and privacy regulations.
There are a number of important issues that also need to be considered, he points out. While automated, covert monitoring of computer use by staff suspected of serious policy violations can produce hard evidence of inappropriate or illegal behaviours, and guide management response, it might also violate privacy laws.
In addition, user awareness of focused monitoring can be a deterrent for illicit behaviour, but surveillance activities may be seen as a violation of legislation, regulations, policies or cultural expectations.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.