Monitoring Employees’ Online Activities, Survey Indicates Inconsistent Approach

The explosion of social media usage on sites such as Facebook, Twitter and LinkedIn has caught many by surprise. Facebook alone counts more than 250 million active users.

This has caused many organizations stress as they have sought to determine what, if anything, they should do to limit employee use or at least educate employees to the risk. And numerous risk areas have been identified, including disclosing proprietary information, exposing corporate computers to viruses, and inappropriate photographs that could cause embarrassment to the company. News reports indicate that some organizations have banned access to these sites at work. The United States Marines are but one notable example.

To help determine what is being done by employers, the Society of Corporate Compliance and Ethics and the Health Care Compliance Association conducted a survey among compliance and ethics professionals in late August 2009. Just under 800 responses were received from individuals at for-profit (both public and private), non-profit and governmental institutions. The results indicate that there is far from a consistent approach either to policy making or monitoring of employee behavior. While some companies have set out a specific policy for their employees’ online social networking activities, half have not. Monitoring tends to be passive more than active, despite the fact that one quarter of respondents reported that their employer has had to discipline an employee for activities on Facebook, Twitter or LinkedIn.

Off-duty online activity. What an employee does online outside of work remains largely his or her business. Fifty percent of respondents report that their company does not have a policy for employee online activity outside of the workplace. Of those companies that do have a policy, 34 percent include it in a general policy on online usage, and just 10 percent specifically address the use of social network sites.

Most organizations lack monitoring system. Mirroring the lack of a usage policy, roughly half of the respondents report that their companies do not have an active monitoring system in place. Fifty-three percent report that their company either doesn’t monitor, hasn’t had an issue or has a passive system in place—they act when they are apprised of an issue. An informal monitoring process was reported by 8 percent of respondents. Where there is monitoring, it tends to be the provenance of the security department (23 percent), rather than compliance (2 percent). Another 14 percent of respondents don't even know who handles monitoring, or if anyone does.

Despite the lack of formality in processes, companies are finding themselves needing to discipline employees for online behavior at social networking sites. Twenty-four percent of respondents report that an employee had been disciplined in their organization for activities on Facebook, Twitter or LinkedIn. Interestingly, the percentage was much higher for the not-for-profit sector (33 percent) than for the for-profit sector (13 percent). And, once again, demonstrating a lack of development of processes in this area, 37 percent of respondents do not know if there has been an incident leading to discipline in their organization.

Lack of formal processes is a concern. As is often the case with technology, the use of it tends to grow faster than the systems to manage its use. While social network usage has exploded, only about half of companies have put in place policies to govern employee activity.

While the data indicates that many organizations have had to discipline employees for improper activity online, the fears may outweigh the actual risks. A survey asking about discipline regarding improper email usage would likely yield much higher numbers. Nonetheless, the lack of formal processes for monitoring the usage of social networks could mean that there is much going on that organizations are as of yet unaware. In the long term, that may lead to more rigorous policies and procedures for managing social network usage.

Source:Facebook, Twitter, LinkedIn and Compliance: What Are Companies Doing?, a survey conducted by the Health Care Compliance Association (www.hcca-info.org) and Society of Corporate Compliance (www.corporatecompliance.org), released in August 2009.

Reprinted with permission. © CCH