In March 1996, American Libraries featured a piece about a librarian at the University of California/Irvine whose supervisor intercepted her e-mail while she was absent on medical leave. As a result of this, UC’s Office for Academic Computing began a review of e-mail privacy on the nine-campus system. This article and UC’s reaction prompted my research into this topic.
A number of American companies now have written policies declaring sovereign power with regard to electronic communications. It is important that companies be up-front about the existence – and intentions – of such policies. It would also be helpful if employees were aware of just how far down the road technology has gone. Corporate computer systems may automatically save and store data for a number of years, partly to ensure against data loss if a system crashes. Who would want to randomly review or divert an employee’s mail ? Since many such policies have come into existence as a result of litigation, the natural assumption is that Security or Legal Departments would be responsible for the diversion of e-mail. However, research indicates that Information Systems and Human Resources are the most likely reviewers.
Why would Information Systems be looking at employees e-mail? While network administrators have to monitor e-mail storage to ensure it is not having an adverse effect on network performance and to control communication costs would this necessitate their reading the content of what, in effect, is a letter? Computer files could be (mis)handled in a variety of ways, some of which may fail to differentiate between personal messages and confidential material.
Why are Human Resource departments reviewing e-mail messages? Surveillance may be used in appraisal – checking on an employee’s abilities by listening in to her/his phone calls is not unknown (although in some states it is illegal to eavesdrop on phone calls even when made on a company-owned phone). Might e-mail surveillance be used as an evaluative tool also? While the “1984” aspect may be alarming, might such a practice improve a company’s productivity, make employees more accountable, and raise their performance? Should such of activity be regarded as the company’s right to control, monitor and evaluate its personnel?
Inspection of websites of academic institutions revealed that most of these, both sides of the Atlantic, have an acceptable use policy (AUP) of some sort. Such policies do not refer to e-mail alone but most contain advice about e-mail. They stress that e-mail is not completely private nor secure and that, due to occasional security breaches at sites across the Internet, it may be seen by a system hacker. AUPs are considered in relation to privacy, reasonable use, academic integrity and harassment.
Institutional harassment policies extend to the networked world and the sending of e-mail or other electronic messages which unreasonably interfere with anyone’s education or work at the organization is in violation of the intended use of the system and may constitute harassment. Inclusion of e-mail harassment in wider harassment policies stresses the fact that all institutions have rules for acceptable behaviour and extend these rules to encompass procedures governing the use of information networks.
In developing an AUP an organization should ideally do so in a democratic fashion, using a group of the interested and representative. Every account holder needs to respect and protect the rights of all others in the community and on the Internet; to act in a responsible, ethical and legal manner, in accordance with Acceptable Use Policy, the missions and purposes of the organization and laws both local and national.