Downloading Issues

views updated

Downloading Issues

Downloading issues are the risks and liabilities to which a small business may be exposed as a result of providing Internet access and e-mail service to its employees. Many companies provide Internet access to employees for legitimate business purposessuch as conducting researchand find that such access improves productivity. But connecting employees to the Internet also brings up a number of potential problems for small businesses. "In ever increasing numbers, employers are providing employees with access to voice mail, e-mail, facsimile machines, cellular telephones, the Internet, intranets, laptop computers, and integrated computer networks," Lisa Berg wrote in South Florida Business Journal. "While the productivity benefits of an electronic workplace are undisputed, companies must take steps to guard against the enormous risks associated with it."

Many of the potential problems associated with employee Internet access involve downloading of information. For example, employees may download copyrighted software, offensive material, or files that are infected with harmful computer viruses. The small business may be legally liable for damages resulting from claims of copyright infringement, racial discrimination, or sexual harassment based on such downloads. Another potential problem in granting employees access to the Internet is personal use that detracts from productivity. According to Debbie Kelley, writing in The Gazette (Colorado Springs, CO), 85 percent of employees use computers at work for fun. "Problems arise when personal activity on the work computer affects employee productivity," Kelley writes. "Websense Inc., a San Diego based seller of Internet-filtering software, estimates that Internet misuse in the workplace costs American companies more than $178 billion annually in lost productivity. That translates to more than $5,000 per employee each year."

A rapidly increasing number of companies are responding to such risks by monitoring their employees' online activities. According to a survey cited in Training, 54 percent of companies monitor their employees' Internet connections, while 38 percent monitor their employees' e-mail. "Monitoring is essential," software company CEO Ray Boelig told Sarah Boehle in Training. "Organizations need to look at the proper use of their assets." At the same time, however, wholesale monitoring of employees' communications can cause a different set of problems for small businesses. For example, employers can be held liable for invasions of privacy under the Electronic Communications Decency Act of 1996. Furthermore, employers who develop a reputation for excessive monitoring of employee communications may have problems attracting and retaining today's valuable tech-savvy workers. Finally, it takes time to monitor employees communications, time that could be used in any number of more productive tasks.

RISKS ASSOCIATED WITH EMPLOYEE INTERNET USE

In his book Clicking Through: A Survival Guide for Bringing Your Company Online, Jonathan Ezor mentioned several risks companies might face as a result of employee Internet use. These risks include liability for copyright infringement resulting from downloads of proprietary documents or software; criminal liability for online gambling, fraudulent acts committed online, or downloads of illegal materials; exposure to sexual harassment or racial discrimination charges based on downloads of offensive materials; and breaches of company confidentiality or security.

Internet users have an implied license to copy the information for the purpose of viewing it on their computer screens. But this implied license applies only to a single user and a one-time use. Many people, failing to understand this condition, save copyrighted documents or software to a hard drive and reuse them without permission. In addition, some Web sitesknown as pirate sitesroutinely display and distribute information for which they do not hold copyright. A small business's employees might download proprietary software from a pirate site and mistakenly believe that they are allowed to use it. Since the rightful copyright owners have little legal recourse against the pirate sites, which are often operated by poor students, they may instead choose to enforce their rights against larger offenders, like businesses. Small businesses can be held liable for copyright infringement if illegal software is found on company computers, or even if employees use network PCs to play pirated music or watch pirated movies, and the monetary damages can be substantial.

Small businesses may also be exposed to criminal liability resulting from employee Internet use. One such risk involves online gambling. Ezor noted that online casinos are commonplace, which may tempt employees to place bets using company machines during work hours. As with other types of gambling, a wide range of state laws and local regulations apply to this practice. Small businesses may be held liable when employees break these laws. In fact, regulators, casino debt collectors, and affected family members are likely to make the company the target of lawsuits rather than the individual employee.

There are several other ways in which employees' online activities may expose a small business to criminal liability. For example, the company may be implicated if an employee commits stock fraud by posting insider information or misleading data on investment Web sites. Likewise, the company may be responsible if an employee uses the Internet connection to conduct electronic commerce and makes false claims about the products sold. Employees may also use workplace computers to acquire documents or images that are illegal to produce and possess. Examples include child pornography, military secrets, bomb-making instructions, or data encryption algorithms (which cannot legally be sent overseas). Many people are not aware of the distinctions between legal and illegal materials, so downloading from the Internet may put employees at risk of arrest or imprisonment. Furthermore, as Ezor pointed out, companies may be under a legal obligation to report an employee's illegal online activities, regardless of whether doing so might make the company liable to prosecution as well.

Another set of potential problems surrounding employee Internet use involves sexual harassment and racial discrimination. One employee may claim that the material downloaded by another employeeand perhaps distributed via e-mail to other employeesis offensive or degrading. Such material might include pornography, racial jokes, or political cartoons. The company can be held liable if the viewing or distribution of potentially offensive material by employees is allowed to create a hostile working environment for other employees. In 2000, several large companies were embarrassed by news reports of employees accessing adult Internet sites during business hours. This situation has led many other companies to enact policies restricting downloads of questionable materialand to take increased disciplinary action against employees who violate such policiesin an attempt to stave off potential charges of workplace harassment.

As Berg explained in South Florida Business Review, employee Internet use can also expose small businesses to breaches of confidentiality and security. For example, employees may download software or documents that introduce viruses to the company's computer network. In addition, online connections and e-mail communications may make confidential data and trade secrets available to computer hackers. Finally, employees' Internet communications could potentially expose the small business to charges of defamation if they appear to represent the company when stating controversial personal opinions online.

CONTROLLING THE RISKS OF DOWNLOADING

Experts recommend that small business owners develop policies regarding employee Internet use. In her article, Berg noted that companies should not only establish comprehensive policies regarding employees' Internet usage, but also obtain employees' written acknowledgment of the policies before offering them Internet access or e-mail accounts. Ezor suggested that employers begin by outlining the various business purposes to be achieved by granting employees Internet access. These purposes may differ depending on each employee's role in the company. For example, one employee msay only need to send and receive e-mail, while another may need to surf competitors' Web sites. Next, the small business owner should decide whether or not to monitor employee Internet use and, if so, what Web browser to provide. Many Web browsers are available, and they differ widely in the level of oversight and control they offer. Finally, the small business owner should establish consequences in the event an employee runs afoul of the company's policies. The types of punishment should vary depending on the specific offense and the extent to which it exposes the company to liability.

There are a number of software tools to make enforcement of an Internet usage policy easier for small businesses. Web monitoring software is widely available from such industry leaders as Elron, Net Partners, and SurfControl. These packages allow companies to limit, filter, and monitor the materials employees access on the Internet. Some systems print periodic reports of the sites visited by employees, while others scan for certain words in e-mail messages and domain names. Before starting to monitor employee Internet usage, however, it is important for small business owners to establish guidelines regarding inspections and inform employees about the company policies. Otherwise, employees may challenge the monitoring of e-mail or computer usage by claiming the employer has invaded their privacy. It may be helpful to inform employees in advance that the company offers Internet access for business purposes and reserves the right to monitor the use of its computer system.

As more and more companies have chosen to monitor employee e-mail and Internet usage, increasing numbers of workers have begun to challenge such policies. According to the Business Week article, some employees question why employers monitor their electronic communications if there is no cause to believe that their performance is suffering. Other people argue that American workers are spending more time at the office than ever before, and that occasional personal use of company computers is a small price for businesses to pay for the increased productivity this trend has brought. Finally, some people note that excessive monitoring tends to make employees less committed to the company, because they feel that management does not trust them. Strict monitoring policies may also alienate talented young potential hires with valuable computer skills. "The exact kinds of people companies want to attract are the kinds they will turn off with these Internet policies," Chris Christiansen of IDC stated in Business Week.

Small business owners must find a balance between the potential risks of improper Internet usage by employees and the potential drawbacks of a strict Internet usage policy. "Turning a blind eye to occasional personal use is acceptable and can even improve employee morale," Lauren M. Bernardi wrote in Canadian Manager. "However, other employees may resent the amount of time a co-worker wastes on the Internet if it is excessive. Try to balance those competing interests. Be reasonable [in monitoring] and do only what you need to do to protect your organization from liability."

see also Internet Security

BIBLIOGRAPHY

Bernardi, Lauren M. "The Internet at Work: An Employment Danger Zone." Canadian Manager. Summer 2000.

Berg, Lisa. "Employers Must Guard Against Electronic Workplace Abuses." South Florida Business Journal. 5 May 2000.

Boehle, Sarah. "They're Watching You: Workplace Privacy is Going, Going." Training. August 2000.

Ezor, Jonathan. Clicking Through: A Survival Guide for Bringing Your Company Online. Bloomberg, 2000.

"Workers, Surf at Your Own Risk." Business Week. 12 June 2000.

                                Hillstrom, Northern Lights

                                  updated by Magee, ECDI