Workplace strategies for protecting confidential and proprietary property. Includes: Tracking and other IT surveillance tools, Telework/remote systems access policies and practices, Employee use of YOUR Information Technology Resources, Social Media, The Law, or ‘Getting “Dooced”’, etc.
8. Keystroke Monitoring
Keystroke monitoring may be permitted to manage
productivity but labour arbitrators have stated that other
means of monitoring productivity should be used if at all
possible
8
9. Surveillance may be permitted if:
(i) employees are given advance written notice of the
surveillance;
(ii) there is no less intrusive means of protecting the
company’s property; and
(iii) the surveillance is reasonable in scope
9
10. WHAT TO DO IF YOU DECIDE TO
IMPLEMENT EMPLOYEE SURVEILLANCE:
• Employees should be given notice on a frequent and
recurring basis in terms of how they’re being monitored
• Computer pop‐up warnings are a great way to implement
frequent reminders
• If you have a workplace computer use policy, check to make
sure it’s up‐to‐date and thorough; if you don’t have a
computer use policy, what are you waiting for?
10
12. WHAT TO DO ?
• make sure that your employees and contractors ALWAYS sign
properly drafted and enforceable Confidentiality Agreements
• if your employees have a computer at home, help them to
ensure that it is password enabled, email encrypted and
firewalled
• insist that your clients do their work through your company’s
internal network, or no amount of firewalls in the world will help
• Also insist on passwords and other security devices that your
employees may use
12
13. • if your employees have hard copies of company confidential
information at home, make sure that it’s a requirement that
it be kept filed in a locked filing cabinet except when being
used
• ensure that your employees (and their families) understand
that the offsite work area is for work purposes only
• when projects come to an end, employees should be
contractually responsible to return documentation to the
office for proper storage
13
14. • develop policies relating to the protection of confidential
information in a telework setting, and train your employees on
related security issues
• conduct periodic background checks to make sure that your
employees are actually following proper procedures
14
17. Important Tools For Protecting Your
Workplace & Technology
‐ Employment Agreements (non‐disparagement provisions;
agreement to be bound by company policies)
‐ Confidentiality Agreement (acknowledgement of continuing
duties post‐employment)
‐ Intellectual Property Agreement (acknowledgement of
assignment of IP to company; waiver of moral rights)
‐ Creation of various policies (Computer Use Policy; Facebook &
Blogging Policy; Harassment Policy; Privacy Policy
17
18. Best Practices Computer Use Policy
A best practices company computer use policy will always include the
following information:
‐ When the policy applies (to everyone, every time that they use the
company’s equipment and systems)
‐ Permitted uses & prohibited uses
‐ Consequences of improper use
‐ No expectation of privacy
‐ Compliance with licenses, laws and policies
‐ Where applicable, expectations regarding Open Source software
‐ Expectations of confidentiality and professional behaviour
‐ Non‐disparagement
‐ Ownership of intellectual property
18
20. Why Do You Need A Facebook Policy?
‐ Facebook has an 85% market share of 4‐year universities (your target audience for new
employees)
‐ The average amount of time spent by people on Facebook each day is over 23 minutes
‐ The fastest growing demographic of Facebook users is ages 25 and up
‐ Facebook operates in more than 75 languages, has over 550 million members, hosts over 15
billion photos on its site and people upload over 100 million more photos to Facebook each
day
‐ Every minute of every day, over 1,700,000 actions are performed on Facebook, from
comments, to messages, to adding photos, to status updates, to wall posts, etc.
‐ 2 million websites across the internet are integrated with Facebook and 10,000 more websites
integrate with it each day
‐ As Time Magazine said in its December 27, 2010 issue “Facebook has a richer, more intimate
hoard of information about its citizens than any nation has every had”
‐ However, Social Networking Sites can: (i) waste time at work; (ii) result in the disclosure of
company confidential information; (iii) damage an organization’s reputation; (iv) assist
employees who want to take part in “virtual harassment”; and (v) lead to breaches of
privacy legislation
20
21. Why Not Ban Facebook At Work?
For all of the potential risks of allowing Facebook use at work,
there are also good reasons to permit its use:
‐ Facebook is a fact of life for most younger employees, and
your organization may appear out of date and out of touch
without it
‐ Facebook can permit your employees and your organization to
network for business purposes, marketing and fundraising
‐ Facebook can assist HR with employee background checks
‐ Facebook can assist management with intelligence gathering
(ie. online ‘town hall’ meetings)
21
22. What About Blogging?
‐ As with Facebook, blogging can be an effective and
inexpensive means of company advertising
‐ Blogging can also provide a unique perspective on what it’s like
to work for a particular company, and can assist with recruiting
‐ As with Facebook and other social media sites however, it is
often unmonitored and uncensored. That can lead to a range
of blogging from opinion to well‐meaning rambling to
intentional harm
‐ As with Facebook and other social media sites, it can also lead
to misuse of company confidential information
22
24. What Should Your Social Media Policy
Look Like?
‐ It should contain a clear statement that employees should not engage in: (i)
disclosure of company confidential information; (ii) workplace gossip; (iii)
posting offensive or discriminatory language or graphics; (iv) disparaging
coworkers, management, the company, vendors, suppliers or customers
‐ It should make clear to employees that their use will be monitored by the
company and that it may intervene in certain circumstances (eg.
disparagement, discrimination, misuse of confidential information)
‐ It should require workplace bloggers to identify themselves by name and
not under a pseudonym
‐ It should require bloggers to make it clear that the views which they
express are theirs alone and are not necessarily the views of the company
24
25. What Should Your Social Media Policy
Look Like, con’t.
‐ It should require bloggers to tell the truth
‐ It should require employees to ensure that their activities will not interfere
with their work commitments
‐ It should require employees to confirm that their activities may be
suspended for a period of time if required (eg. In the event of a black‐out
period during a pending corporate transaction)
‐ It should require employees to confirm their understanding that a breach
of the policy may lead to the termination of their employment on a with
cause basis
‐ It should require staff who use social media for work purposes to use a
stand‐alone work dedicated account
25
27. The Law
• As held by the Honourable Mr. Justice Blair of the Ontario Court of Appeal
in the case of Barrick Gold Corporation v. Jorge Lopehandia and Chile
MInteral Fields Canada Ltd.:
“The internet represents a communications revolution. It makes
instantaneous global communication available cheaply to anyone with a
computer and an Internet connection. It enables individuals, institutions,
and companies to communicate with a potentially vast global audience. It
is a medium which does not respect geographical boundaries.
Concomitant with the utopian possibility of creating virtual communities,
enabling aspects of identity to be explored, and heralding a new and global
age of free speech and democracy, the internet is also potentially a
medium of virtually limitless international defamation.”
27
28. Getting “Dooced”
• www.dooce.com was Heather Armstrong’s blog
‐ She was terminated from her job for writing about her
workplace on her blog. Getting “dooced” has become
synonymous with getting terminated due to something that
you’ve written on your website
28
30. Manitoba Health Services
• Jeremy Wright, a Systems Administrator for Manitoba Health
Services, alleged that he was terminated from his job for
posting the following on his blog:
– Getting to surf the web for 3 hours while being paid: Priceless
– Getting to blog for 3 hours while being paid: Priceless
– Sitting around doing nothing for 3 hours while being paid: Priceless
– Installing Windows 2000 Server on a P2 300: Bloody Freaking Priceless
The Employer took the position that the employee had been
terminated for divulging company secrets.
30
31. West Coast Mazda v. UFCW
In this case, two employees posted offensive comments about
managers on Facebook after hours on their home computers.
They were ultimately dismissed.
The B.C. Labour Relations Board upheld the terminations as
their comments amounted to insubordination and a hostile
work environment. One of the factors which mitigated against
them was that they were key union organizers and had a
significant degree of influence over other employees.
31
34. Best Practices For On‐Line Recruiting
‐ Let the potential employee know that you plan to check them
out on‐line; obtaining written consent on the application form
can be helpful
‐ Don’t search on‐line until after the interview process
‐ 0nly search publicly available information
‐ Be cautious about what you retain and keep the information
secure. Destroy it 2 years after the hiring decision is made, or
sooner if it’s no longer needed for defensive purposes
34
36. Open Source Software
‐ Considering the needs of your workplace and industry, you
also need to weigh the value of using open source software
against the risks associated with not using it
‐ is open source software an issue for your company?
‐ do you need it?
‐ do you know if, when and where your employees are
using it?
‐ how might your IP rights be compromised?
36