P1: c-146Everett-Church
Everett-Chruch-1 WL040/Bidgoli-Vol III-Ch-08 July 11, 2003 11:46 Char Count= 0
CONSUMERINTERNETPRIVACY 101rose to 63%, with 47% monitoring e-mail (AMA,
2001).
The rise in monitoring tracks with the rise in poten-
tial problems that can flow from providing access to the
Internet. Along with the ability to work more efficiently,
companies are now finding themselves held responsible
when bad things find their way onto employees’ desktops.
In the same AMA study, 15% of the companies surveyed
have been involved in some kind of legal action concern-
ing employee use of e-mail or Internet connections. In
several noteworthy cases, companies have been held liable
for sexual harassment-related claims from harassment oc-
curring over employer-operated message boards, employ-
ees leaving pornographic images on computer monitors,
employees distributing sexually explicit jokes through of-
fice e-mail.
In response to these concerns, many companies have
installed filtering mechanisms on their e-mail traffic look-
ing for unacceptable language. Other companies have im-
plemented software that blocks pornographic Web sites.
Still others have opted for the low-tech approach of im-
plementing zero-tolerance policies regarding the use of
office computers for anything inappropriate.
Unfortunately, in some instances, these measures have
resulted in confusion or wound up creating problems for
both innocent and not-so-innocent people. For example, it
was widely reported in 1999 that 23 employees of theNew
York Timeswere fired for trading dirty jokes over the of-
fice e-mail system (Oakes, 1999). Yet in other cases, recip-
ients of unsolicited e-mail have opened the fraudulently
labeled mail and been subjected to a barrage of porno-
graphic images and salacious Web pop-up ads (Levine,
Everett-Church, & Stebben, 2002).
Because Web monitoring logs and filtering systems
may not be able to differentiate between Web pages
viewed accidentally and those viewed purposefully, inno-
cent workers can (and have) been left fearing for their
jobs. For these reasons, companies are beginning to adopt
internal privacy policies that help set better guidelines
and establish reliable procedures for dealing with trou-
ble when it arises.Employee Privacy Policies
In most circumstances, there are few legal restrictions on
what employers can do with their own computers and
networks, up to and including monitoring of employee’s
communications. Although some firms quietly implement
employee monitoring policies and wait to catch unsus-
pecting employees in unauthorized activities, many firms
give notice to their employees that they may be monitored.
Still others require employees to relinquish any claims of
privacy as a condition of employment.
Increasingly, however, companies are recognizing the
negative impact of paternalistic monitoring practices on
employee morale. So to engender trust rather than inspire
fear, increasing numbers of firms have begun providing
their employees with privacy statements in their corporate
employee handbooks or by publishing policy statements
on internal Web sites. According to the AMA’s 2001 survey,
four out of five respondent firms have a written policy for
e-mail use, and 77% for Internet use, 24% have trainingprograms to teach these policies to employees, and an
additional 10% plan one (AMA, 2001).
As noted earlier with regard to the European Union’s
Data Privacy Directive, companies with operations in the
EU are already familiar with the mandate to provide data
subjects—in these cases, employees—with information
about the company’s data-gathering and usage policies.
Although there is currently no U.S. equivalent to these re-
quirements, a growing number of firms are proactively
recognizing that a well-defined set of privacy policies and
practices can avoid misunderstandings and can even pro-
vide the basis of a legal defense in cases where companies
are accused of failing to act on claims of Internet-based
sexual harassment.Developing an Employee Privacy Policy
The creation of a privacy policy for internal use in an or-
ganization can be as simple or as complex as the orga-
nization itself. Most companies collect information from
their employees in the form of personnel records. Firms
may also collect personal information from customers or
clients. An internal privacy policy should address accept-
able practices with regard to each type of information
maintained by the company.
A good internal privacy policy should define what stan-
dards of behavior are expected of those who have respon-
sibility over the data held by the company—including
both employee data and the personal data of a company’s
customers—and should inform employees about the con-
sequences of noncompliance. Additional topics that can
be covered in a privacy policy include procedures for re-
porting breaches, procedures for allowing employees to
access and correct their own personnel records, proce-
dures regarding access to proprietary records such as cus-
tomer lists, and procedures for auditing compliance and
for training employees how to comply with the company’s
guidelines.CONSUMER INTERNET PRIVACY
Before the Web existed, companies gathered whatever
information they could get about their customers from
a variety of sources, such as real estate transaction
records, credit bureaus, court documents, and motor ve-
hicle records. For many companies, among the most elu-
sive, and hence the most valuable information—what you
are interested in buying and exactly when you are ready to
buy—was largely unavailable. Occasionally a clever mar-
keter could devise an algorithm or a statistical model that
might be used to infer some purchase preference from
the tidbits of information that might be gathered about a
customer from scattered sources. The Internet has made
such information gathering much more commonplace.Browser Privacy Issues
Many of the average computer user’s online activities re-
volve around the two most popular Web browsers, Inter-
net Explorer and Netscape. Browsers continue to evolve
and improve, especially where privacy and security issues
are involved. Even the most recent versions have some
fundamental privacy problems that arise not by accident