Company Computer Policy & The Law ?

[PeterGriffin]

I created a company computer policy awhile back and made sure all of our employees read understood and signed the policy. I now have an employee that is using the computer for personal use (IM's mostly) and installing programs which is against the policy. I confronted her about this and now she is saying that it is against the law to monitor what she does.

Are there any specific website that state laws that will reinforce the notion that I can monitor emails, chat sessions, or anything else that is broadcasted across my company network?

Please help and thanks

You'd probably have to site your specific state laws.

Why does she think you're monitoring her? If you're monitoring your company's network and you notice traffic going over it from applications that are not allowed and you track them back to her PC . . .
Same w/ installing applications, you can monitor the PC and not her. Forbidden applications can be noticed during routice upgrading etc . . .

To give you an example, Co. X had an employee using it's PC against Co. X's policy (which had been read and signed by the employee). Co. X monitored traffic on known ports of applications that were forbidden by Co. X. Co. X backtraced where the traffic was coming from and made paperwork. Co. X also had one Helluva Help Desk employee () who would be used routinely to "upgrade" certain PC's when needed. Helluva Help Desk employee made note of certain applications that were being used and in meantime, also made a backup copy of a certain employee's HDD incase the power went out and that certain employee needed it's save Freecell games.

Long story short, a certain employee was given their walking papers for the PC abuse.

Recommended reading....

http://www.gahtan.com/alan/articles/monitor.htm
http://www.smrh.com/publications/pubview.cfm?pubID=123

My opinion....

It is your company's network, simple as that. You as manager/owner can require any employee to cease and desist their Internet activities at any time, especially given the user has read, agreed to, and even signed your acceptable use policy.

Assuming the policy was not signed, she might have had a potential complaint against administrative action and monitoring of her Internet activities. However, once this document was signed, she gave up those rights under a legally binding agreement that should be enforcable in most states.

You can also easily say she is creating a security risk for your company by using non-authorized Internet services. For example, she could open an infected message and spread a virus or trojan to your network, thus compromising your company's ability to effectively operate.

Hope this helps,
Robert Richmond

[phenious]

is it in the agrement that you are going to monitor what they are doing? also it could be dependent on what you are doing... you can always go to her desk on any given day snd say hello. I am here to check to see if you are abidding by the terms you aggreed to. Then boom ya got her. Dont give her time to uninstall anything just open up that start menu and start pointing things out. Also... I would re-write the policy agreement so you can do this remotely. I still think your in the clear. They are company PCs.

-: phenious :-

[bailey]

you have every right to monitor everything that is done on the companyies computers and network, and the right to adminster the rules to what extent you want to.
it is the privite properity of the company and they must obey the rules. or take a hike.

I believe there was a state that saw it not the company's right to actually see e-mails and communications, but it was okay to monitor the traffic.

[phenious]

on that note, monitor the port AIM uses to connect... log all IPs that use it... use that as info against them. Just more evidence.

-: phenious :-

[davidamarkley]

The state laws have more to do with confidentiality, than they do monitoring. I mean, an Anti-Virus monitors(well, it should) every file that you do anything with. A firewall intercepts traffic to and from anything connected to it. So, even though, because of confidentiality, you cannot look at her AIM logs(unless it's a legal matter), and you can't read her emails, you CAN monitor traffic on ports, which IP is using different ports, and you can go and use "her" computer, because it IS your company's computer, NOT her personal property. Besides, what do you think pr0n scanners do at work?? They monitor every website that the user visits, history, favorites, word searches, etc. And that IS legal as long as it's known by the employee ahead of time. So, in other words, what she's saying wouldn't stand up in any court(even considering how corrupt they are now).

She signed her rights of using the computer freely to the restrictions on that agreement. If she is not abiding by the agreement, she is subject to whatever punishment stated in said agreement.

David

the network was set up for work only, not to be "chatting it up online" with her friends. As far as i know there is not law prohibiting you from monitoring the activity on your network. Its all about watching whats coming in and out. She is creating a risk to your network by signing on to aim.

any way you can block the ports? what kind of network set up you have going?

[davidamarkley]

You might check out PortBlocker from AnalogX

To block AIM connection, block port 5190 for outbound TCP connections.

David