SECURITY CLINIC: Legal tangles in the Web

SECURITY CLINIC: Legal tangles in the Web

Many organisations argue that existing legislation fails to offer meaningful solutions regarding employee misuse of e-mail and the Internet, employer versus employee rights and general electronic information management and responsibility. While the laws themselves may be clear, the practice is not and the issues are yet to be worked through in the courts.

Viruses, breaches of confidentiality, legal liability such as sexual harassment and racial vilification claims, copyright infringement, damage to reputation, spam attacks and degradation and loss of network service are real possibilities. Managing these alongside the privacy and HR concerns of employees can be challenging.

A 1979 Act forbids listening to, recording or intercepting messages carried on a telco system without the sender's consent. The Act may give workers grounds to challenge employers who monitor their e-mail and Net use.

Many employees are accustomed to using business telephones without being monitored, and carry these expectations over to using e-mail and the Internet. At the same time, employers are becoming increasingly aware of the economic and legal ramifications of unchecked online communication in their business.

The changing face of business also contributes to the debate as it is no longer viable to enforce a 9 to 5 job regime. Changing family structures and a competitive global economy demand flexible (which usually means increased) working hours and employees often have little choice but to conduct some personal business during their hours at work, either over the phone or on the Net. Organisations take a range of stances, from no personal e-mails and no personal surfing, to allowing such things as Internet banking and personal e-mails because work takes up more hours of the day than it used to.

On the other hand, employees need to be aware of the limitations of current legislation in dealing with the specific issues generated by e-mail and the Internet. Monitoring a phone conversation and securing an enterprise network are two entirely separate things. e-mail and the Internet can pose more risks than other forms of communication such as phones or mail. Inappropriate e-mails, corporate fraud and spam attacks can hit companies quickly and without warning.e-mail and Internet use can also impact on the obligations employers have to provide a safe work place. The distribution of pornography, threatened legal action against the company, or a work mate's dismissal for accidentally breaching confidentiality are not conducive to a harmonious workplace.

While protecting and educating employees on e-mail and Internet use and adhering to privacy concerns is a priority, businesses need to secure their network against very real Internet and e-mail threats. A CSI/FBI Computer Crime and Security Survey reported 97 per cent of responding organisations had experienced employee abuse of the Internet. IDC estimates the cost in lost productivity incurred by an employer with 1000 employees could be as much as $US96,000 per year. This does not take into account e-mail-related issues or other external threats such as viruses.

A recent Internet and e-mail audit of the NSW Premier's office revealed an employee spent five out of 10 days surfing pornographic sites, wasting resources and posing potential legal problems.

Chevron Corporation, in the US, was ordered to pay $2.2 million to four female employees to settle a lawsuit in which the women claimed they were sexually harassed with e-mail jokes.

Locally, car-making giant Holden dismissed up to seven workers for misusing its e-mail and Internet technology to download pornography.

As e-mail and the Internet become an everyday part of business, the application of existing law - and perhaps the law itself - needs to evolve to address security consequences. Until this occurs, organisations must take the initiative to adequately protect their business and employees by establishing secure Internet and e-mail usage policies. Yet they are struggling to even know what laws are applicable. The channel needs to provide this information, along with the consultancy services to implement the policies to meet both legislative and business requirements.

Alan Schaverien is managing director of Content Technologies, Asia Pacific. e-mail him at

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments