When it comes to privacy it can actually be quite hard to find the right balance, especially if you are an employer.
Away from work you would think that getting privacy was a simple affair but recent, and extensive, coverage of the actions of GCHQ and the NSA have shown that even governments can get this very wrong. Whilst I’m sure many of us would like to think that our governments are doing what is necessary to keep us safe, there is also a line that shouldn’t be crossed. When nations intrude too far into their citizen’s lives in the name of national security, all hell will break loose. And indeed it has lately.
When it comes to privacy within your own business, matters are not necessarily any easier though. Sure, you get to make the rules, subject to certain laws and regulations put in place by the government, but you aren’t the only one who has to then follow them.
As an employer you have a responsibility, and maybe even a legal obligation, to ensure that everyone who works for you is also following the privacy rules, especially those mandated by legislation. Should any of your staff ever be caught flouting privacy regulations then the last thing you will want is them presenting a legal case alleging that you never explained the rules to them.
Therefore it is very much down to you as an employer to ensure that you either train all your employees on privacy matters yourself or have policies and controls in place that guarantee that your management teams implement the same.
Of course privacy laws must be obeyed as a matter of course but you’ll also want to implement rules and regulations for your own particular operation. Beyond regulatory requirements, privacy issues can also affect the security of your own organisation.
For that reason you may wish to retain the right to perform various types of searches that some employees may find contentious if they are not aware of them in advance (the laws on this vary from country to country so check your jurisdiction before implementing!). That is why it is essential that you have new employees read your privacy policies as soon as they commence working in your business. It would also be advisable to get them to sign something so that you can later prove that they are aware of what you can and cannot do, as well as any other privacy matters that you wish them to adhere to.
For example, depending upon the nature of your business, you may wish to have the ability to monitor what your staff are doing on their computers. This could include the type of web sites they visit, along with a record of whether they are accessing certain sites during their own time or when they are actually being paid to work.
You may also want to be able to monitor all their communications, whether that be via email, on social networks or by any other means. Again, the law on this varies around the globe so get legal advice before embarking on such a strategy.
With the increasing popularity of BYOD you may also want to be able to check the electronic devices that your employees bring onto the premises with them. If so, make sure you make that clear from day one so that no-one can take issue when you access their devices to check that they are not divulging company secrets or operating in a way that you may deem to be insecure and, thus, a potential threat to your organisation.
As you can see, there could very well be circumstances under which you need to invade a staff member’s privacy in order to ensure that they are doing the jobs you are paying them for in a secure and compliant manner. Thats perfectly acceptable (check your local laws) if done in the right way. Just make sure your employees know that you can do this ahead of time.