|
Previous Breakfast Forum Reports
April 2010 - TUPE March 2010 - Parliamentary question time February 2010 |
 |
Introduction
We may laugh at politicians who are being made fun of on such sites as YouTube and Facebook (the famous clip of Gordon Brown picking his nose; President Obama and Hilary Clinton farting – although the farts in question are false and have been added on to the clips – a compilation of George Bush blunders or the “Am I the only person who doesn't like David Cameron?” campaign on Facebook).
However it could be a member of your staff or even yourself who is the target. Modern technology means that mobile phones can be used as cameras to film anything. Incidents that happen in the office and should stay in the office are captured and published on the internet to reach a worldwide audience never to be deleted. This can breach the dignity of colleagues and possibly threaten security, not to mention the damage that can be caused to an organisation’s reputation.
Information that may have absolutely no foundation in fact can be instantly disseminated globally in the mere click of a mouse. In April 2009 Damian McBride, special advisor to Gordon Brown was forced to “resign” after conducting a notorious email campaign with Derek “Dolly” Draper. The campaign proposed smearing Conservative MPs and was unmasked by political blogger and author of the Guido Fawkes website, Paul Staines. As a result of the pair’s indiscretions, the Prime Minister’s judgement was seriously called into question for making such an unsuitable appointment to his press office. Following an investigation into the scandal Sir Gus O’Donnell (Head of the Civil Service) moved swiftly into action strengthening the Civil Service Code and making the dissemination “of inappropriate material” an automatic sacking offence.
The technological revolution means that we as employers constantly have to update and change our policies. ACAS mounted a campaign in November 2009 saying cyber bullying and internet abuse affects one in 10 people. However, the Advice leaflet on Internet use and e-mail policies has not been revised since 2006. The code is still focusing on internet issues, yet the problem has grown much wider with the ever increasing popularity of blogging and social networking sites such as Facebook and Twitter.
1 The legal and HR position – Tony Bertin
Why is the problem important?
HSE management of stress
This states that every employer shall make a suitable and sufficient assessment of:
the risks to the health and safety of their employees to which they are exposed whilst they are at work; and
the risks to the health and safety of persons not in their employment arising out of or in connection with the conduct by him of his undertaking.
If you let a culture of bullying take hold, with photos and electronic postings, you may be in breach of H&S regulations, with criminal and civil sanctions. It is no longer necessary to prove negligence as now they are strict liability offences. We are not yet aware of anyone being prosecuted for cyber bullying at work, but it may yet happen.
Discrimination of violating her dignity, or of creating an intimidating, hostile, degrading, humiliating or offensive environment for her, (b) he engages in any form of unwanted verbal, non-verbal or physical conduct of a sexual nature that has the purpose or effect of violating her dignity, or of creating an intimidating, hostile, degrading, humiliating or offensive environment for her, or
These actions can infringe the Sex Discrimination Act but also apply to all forms of discrimination.
"(a) on the ground of her sex, he engages in unwanted conduct that has the purpose or effect
(c) on the ground of her rejection of or submission to unwanted conduct of a kind mentioned in paragraph (a) or (b), he treats her less favourably than he would treat her had she not rejected, or submitted to, the conduct".
In the case Moonsar v Fiveways Transport, Ms Moonsar was employed by Fiveways as a data entry clerk. She shared an office with other male members of staff who, on three occasions, downloaded pornographic images onto a screen or screens in the room where they were all working. Ms Moonsar was aware of what was happening although the images were not relayed directly to her. Her subsequent evidence before the tribunal was that she made no complaint at the time because she valued her job and did not want to lose it. The Employment Appeal Tribunal upheld her claim that viewed objectively, the men’s behaviour could be regarded as degrading or offensive to a woman. It was therefore potentially less favourable treatment to a woman than a man and qualified as sex discrimination.
Protection from Harassment
The Protection from Harassment Act 1997: S1 - A person must not pursue a course of conduct:
(a) which amounts to harassment of another, and
(b) which he knows or ought to know amounts to harassment of the other.
An employer is responsible for vicarious liability for acts of staff, whether at work or outside. With cyber bullying and social networking, as an employer you have to be aware of what goes on at social events after work. You need to know about staff being harassed outside work as well as at work.
Reputational damage with customers – Bringing the employer into disrepute
Waitrose staff revealed what they think of their customers (“Mad ugly pikeys”) on Facebook, while dozens of Tesco staff posted insulting comments about their customers on an internet forum site.
This sort of action can damage business, not just with customers but with staff. Blogs can become centres for disaffection for companies.
All this proves that companies need IT staff and also policies that work together to control this type of activity.
Data security
It can be easy for staff to download a company’s customer base before leaving a job, or downloading sensitive or confidential information on a telephone or memory stick. These are issues with which employers have to deal and should form part of the policies on confidentiality.
2 The technical issues – Martin Tanner, ADM
Whatever monitoring tools you have in place, it is also essential you have policies first. Large companies may have staff to monitor internet and email activity, but SMEs do not and often cannot.
The monitoring tool is used for evidence to back up policies
Also to look at productivity of employees (how much time are they spending not working?)
Web filtering
A large number of SMEs do not use any filtering tools – between 60 and 70%. Filtering can be done by individuals, by groups, for small and large networks. You can decide how detailed you want the information to be of what employees look at and when.
If an employee complains of not having enough time to do his/her work, it may be worth checking how much time he is spending on websites or non-company emails.
Filtering also protects your employees. You can be certain undesirable sites or areas are not being accessed. It is not failsafe, however. One site called Madona.com which was not filtered was actually a porn site. Equally if you have a ban on gambling sites, someone wanting to check their lottery ticket on Monday morning can still access that information via the BBC site.
What employees look at can affect others: staff in a despatch department looked at porn sites and female couriers complained and said they would refuse to deliver to that department.
A company may have the right monitoring tool, but without the right policies in place, it is very difficult or impossible to enforce action.
Some may claim that looking at porn is an addiction that needs to be treated, and therefore would come under the Disability Discrimination Act, but most companies would agree that looking at porn would be a reason for dismissal. Kleptomania and alcoholism are excluded from the Disability Discrimination Act (DDA).
Audits can uncover all sorts of things. One company had nine PCs affected by many viruses. An audit uncovered that one of the directors had a gambling problem and the sites he went on caused the viruses to strike. Some filters are automated tools which do not require monitoring staff.
Email monitoring
Companies can set up email filters, which mean that IT administration can look at anybody’s emails. The legal position in the UK is that you can collect evidence to show what is going on but it is best to have a policy in place which tells people that emails are being monitored so everyone knows and no-one can complain. The position is different in mainland Europe and France in particular, where there is reluctance to access personal data. In some companies, this can only be done with the special authority of the chief executive for each case.
There must be some leeway about allowing staff to use email for personal use, especially in a culture of long hours where staff may need to send a message to family or friends to say they are going to be late, etc.
So what is reasonable use of an employer’s email or internet? Controls are there to protect people and policies are needed to keep staff safe.
There is still very little advice for employers because of the rapid changes in technology, particularly with social networking sites such as Facebook and Twitter.
Automated tools also exist to pick out specific terms. One type of abuse is typified by an employee who was sending crude emails to her boyfriend serving in Afghanistan. The problem was that this was done on company-branded emails displaying logos, etc. She was instantly dismissed.
Emails proliferate. One Norwich Union employee sent out one rude email, which was then forwarded again and again by all recipients.
Another problem can be the volume of emails between certain people, again affecting productivity.
The time spent monitoring can be an issue. In one case, one company decided to stop staff using MSN, but then found out that one of the biggest clients put his orders in via MSN.
Social networking
There are about 30 or 40 different networking sites, and the technology for monitoring these sites is not yet available, but it is expected it will be by the end of the year. This will probably do searches on certain words and terms.
The best known and largest is Facebook, which was founded in 2003 by Mark Zuckerberg, a student at Harvard, and some of his college roommates. It now has some 400 million active users worldwide. The networking site remains popular with the young and in particular university students, the cultural group for whom it was originally intended. Universally popular, it has been blocked in some countries including Iran and China, as of course has the mighty Google.
Here in the UK the University of Kent expelled a number of students who formed a networking group on Facebook to conduct a campaign of bullying against a librarian.
As we reported in our April Training Newsletter, according to the ACAS report Riding out the Storm – Managing Conflict in a Recession and Beyond, social networking sites have also played a part in the increase in industrial action and stoppages during the recession as workers become better organised and able to communicate.
Are social networking sites liable? They say they are not but the law may not necessarily agree.
Post meeting footnote:
On 14 May 2010 the BBC reported that Facebook has downplayed the significance of a company-wide meeting to discuss privacy issues on the site. “The blogosphere described the meeting as a panic measure following weeks of criticism over the way it handles members’ data. Several US senators have made public calls for Facebook to rethink its privacy safeguards. Earlier this week European data protection officials weighed in on the controversy and called privacy changes ‘unacceptable’. A number of high-profile users have also deleted their Facebook accounts after the site introduced a new feature that lets non-Facebook websites, or third parties, post the personal views of Facebook users without their consent....A report this week by the New York Times revealed that Facebook’s privacy policy has 50 different settings and 170 options [and] that the policy is longer than the US Constitution with 5,830 words.”
Website companies’ liability
If you operate a website to which the public can contribute, how do you avoid people posting racist or other discriminating comments? Is the website company liable? The answer is yes, because there are issues of defamation.
Web hosting companies also have responsibilities, if one of the sites uploads anything which may be offensive or subject to copyright owned by someone else.
It is important to have policies in place for those employees working in marketing who can upload information themselves.
Security of files and downloads
You need backup systems in case former employees try to hack into company websites.
Many networks have in place a facility to check whether information is being downloaded. It is impossible to ban downloads completely (need to download presentations for instance) but there has to be a monitoring tool to check whether anyone is downloading a large amount of information such as a customer database.
When laptops and mobile phones are lost or stolen, the technology exists to wipe everything from a mobile phone when it is next switched on. For laptops, a USB fob is like a key where all the information is encrypted. This is the safest method, as passwords can be cracked.
IT managers
Frequently the strategic importance of the IT manager is not sufficiently recognised by the employer as this position gives that person access to all areas on an organisation’s system; they will know all manner of confidential details such as pending dismissals or redundancies. When a senior member of a company’s IT staff leaves it may not necessarily be amicable, they can leave the company in the lurch, with no-one knowing what passwords, firewalls, etc. are in place, or they may even sabotage the system. Employers need to ensure they have a list of what they need to know, and a good disaster recovery plan.
Policies
There is little advice available to employers who are largely left to develop policies that serve the needs of their own businesses. The best help is still from ACAS, even though its comprehensive advice leaflet for employers Internet and email policies has not been updated since 2006 and does not cover the developments in social networking. ACAS does produce two excellent advice leaflets too, one for employers entitled What should I include in an internet and email policy and for employees Why is my employer bringing in an internet and email policy?
The European Commission (EU) does have a rolling programme begun in 1999 to promote safer use of the internet and on-line technologies. The latest Safer Internet Programme was renewed in 2009 and will run until 2013 with a budget of 55 million Euros.
Final words
Never put in print anything that you would not be prepared to show to a High Court judge.
