Workplace Privacy as an Ethical Issue and Employee Internet Monitoring Policy

Words: 1349 Pages: 5

Ethical Issue

Rationale for Selecting the Dilemma

The dilemma of workplace privacy affects all employees regardless of whether they work with computers and the Internet. I chose this topic because employers monitor workers’ internet and device activity very often, and there is a lack of policies surrounding this issue. For example, managers can read corporate emails, close websites without explanations, and look at workers’ screens to see whether they are working at any moment.

Justification for Choosing the Three Principles

I selected the principles of confidentiality, publicity, and universality to discuss the common problems that may arise from employee monitoring. Confidentiality refers to people’s responsibility to protect data. Companies that collect information should keep it safe and not share it with others without consent, except for situations where employees engage in criminal activity. Publicity describes the issue of unclear corporate policies to workers, allowing the business to punish people without an apparent reason. Lastly, universality discusses the duty to avoid biases when analyzing data.

Evaluation of Research Supporting the Matrix Actions

Research on workplace confidentiality underlines the lack of legislation and ethical discourse. Bhave et al. (2020) argue that laws about workers’ privacy are recent and limited, offering some degree of protection to workers. The rules discussed by EPIC (n.d.) show that employees are responsible for protecting their own data and being mindful of using corporate networks for their private conversations. Overall, all parties should have duties and rights in this case to ensure information safety.

Table 1: Workplace privacy when using the Internet

Stakeholders	Employees have a duty to…
Confidentiality	Respect the privacy of themselves, their colleagues, and non-employees when accessing the internet at their workplace.
Publicity	Understand the policies of their company and follow them when accessing the internet.
Universality	Adhere to the company’s policies while using any of their work devices and accounts, regardless of whether they are monitored or not.
Stakeholders	Employers have a duty to…
Confidentiality	Protect the data they collect from employees and any data they access from monitoring workplace networks (Zickuhr, 2021).
Publicity	Act upon collected data according to laws and company policies known to all company employees.
Universality	Follow the principles, report misconduct instances without bias, and do not overstep the boundaries of the policy (Zickuhr, 2021).
Stakeholders	Non-employees receiving or sending data to employees have a duty to…
Confidentiality	Protect confidential data when accessing the internet.
Publicity	Adhere to ethical principles of safe internet use.
Universality	Recognize the right of companies to apply their policies as well as their own rights to know the limits of these policies.
Stakeholders	Visited websites have a duty to…
Confidentiality	Protect the data collected from or input by users from data breaches and unethical use (McParland & Connolly, 2020).
Publicity	Feature content that is consistent with the ethical and legal principles of their government (McParland & Connolly, 2020).
Universality	Act within the law without prejudice (McParland & Connolly, 2020).

Organizational Policy

Overview

The policy describes workplace privacy standards and employee activity monitoring when using company devices and operating in the corporate network. The policy points are developed to ensure that all stakeholders are aware of their rights and responsibilities when exchanging information in the corporate system and using company-owned property to access the Internet. The policy covers the purpose of these activities, the scope of each stakeholder, and the specific actions that must be taken or avoided when accessing the Internet or using company-issued devices and accounts.

Purpose

This policy aims to ensure that employees engage with communication, internet use, and workplace devices responsibly. If an accident occurs, the standards for collecting and analyzing data are outlined in this document to provide a framework for an investigation. Furthermore, the policy aims to provide a transparent description of what information can be accessed by management and authorities, as well as the rights all parties have in relation to the collected data.

Scope

This policy applies to all company employees, including management and all executive positions. Moreover, it applies to non-employees, such as contractors, vendors, partners, and individuals with access to company-owned devices or accounts, as well as accounts and devices connected to and used within the company network. The standards cover communication between the persons mentioned above and third parties that occurs with the use of technology and accounts connected or belonging to the company network.

Non-communication activities, such as browsing, exchanging, sharing, uploading, and downloading files, are also included. However, this policy excludes information exchanged in any format between employees or non-employees not connected to the network and not using corporate devices connected to the network.

Users who engage in activities described above using their personal accounts on corporate-issued devices are not subject to the procedure. If they are not connected to the network, the capacity available to the company is not within legal and ethical standards. Those who use their corporate accounts on personal devices also fall under the scope of this policy to the extent of available features (for example, the use of the corporate email address).

Policy Points

Website Monitoring

The IT Department will monitor the activity of all stakeholders when they use the Internet on accounts connected to the corporate network. When using corporate accounts on company-issued devices, browsing, email, messaging on corporate platforms, and file exchange using corporate software will be recorded.

The information will include the employee’s IP address, date, time, protocol, and the site’s or platform’s name and address. If files are shared or uploaded to the network, their content, date, and upload time will also be documented. Employee identification will be attached to each instance of used information.

Offline Activity Monitoring

No offline activity will be recorded if the stakeholder uses a corporate device, regardless of whether the employee is connected to the company network. Thus, stakeholders are not subject to screen recording, use of web cameras, voice recording, local file inspection, external drive inspection, or activity outside of work duties performed without accessing the Internet. Workers will connect to the company network when working from the office and use software for remote access from other locations.

Monitoring Reports

Each stakeholder is entitled to review the reports of their activity. Employees may request access to a general or detailed statement by emailing the IT department. The Security Officer of the IT department may review reports routinely and investigate any incidents related to security concerns or unethical internet behavior.

The Security Officer’s duty is to bring this information to the Security Response team in cases of violation, including the name of the stakeholder, website, and necessary details about the incident. Third parties can access these reports with the consent of the stakeholder identified as the user or an official request from the Human Resources representative, following the general policy on unethical behavior.

Internet Filters

Browsing performed in the corporate network will be limited – several websites that do not align with the company policy and legal activity expectations will be blocked. These website types and platforms include:

Sexually explicit/adult material.
Gambling.
Illegal drugs.
Intimate/sexual products.
Dating.
Peer-to-peer file sharing (“piracy”).
Social networks.
Websites are determined as fraudulent and phishing.
Websites with offensive, hateful, and violent content.

Internet Filter Changes and Exceptions

The IT department may alter the list of websites containing inappropriate content to include or exclude them according to the previous point’s list. HR representatives will review each change proposal and consult with the department on the final decision. Employees may request to unblock certain websites if their professional duties require them to access these platforms. Stakeholders may also request websites to be unblocked if they believe they are miscategorized.

Data Storage and Safety

Data collected as a result of monitoring will be stored for up to 180 days after the date of recording. After this period expires, the data will be corrupted and deleted without the ability to be restored.

Sanctions/Enforcement

Suppose a stakeholder accesses a blocked site on the corporate network or engages in an inappropriate or offensive activity in a recorded file-sharing or communication. In that case, they may be subject to disciplinary action. These sanctions range from official warnings to termination of employment.

References

Bhave, D. P., Teo, L. H., & Dalal, R. S. (2020). Privacy at work: A review and a research agenda for a contested terrain. Journal of Management, 46(1), 127-164. Web.

EPIC. (n.d.). Workplace privacy. Web.

McParland, C., & Connolly, R. (2020). Dataveillance in the workplace: Managing the impact of innovation. Business Systems Research: International journal of the Society for Advancing Innovation and Research in Economy, 11(1), 106-124. Web.

Zickuhr, K. (2021). Workplace surveillance is becoming the new normal for US workers. Washington Center for Equitable Growth. Web.