MSA Investigations Blog

Computer Monitoring & the Workplace

Posted by Melissa Rodriguez on Thu, Jun 28, 2012 @ 04:52 PM

In today’s business environment, monitoring company-owned computers has increasingly become a standard practice. Computers play a critical role in day-to-day operations, and monitoring their usage is just one way employers can protect their business. From gathering information on web-browsing habits, to discovering evidence of illegal activity, including the theft of company property, computer monitoring can prove to be an effective tool to mitigate these areas of risk. With the help of a computer forensics professional, employers can gather supporting evidence that can either confirm or disprove any suspicions they may have.

A monitoring device popular with many employers is the “keystroke logger,” which is a type of surveillance software that is often used to ensure employees utilize work computers exclusively for business purposes. A keystroke logger is a software program that records the real-time activity of computer usage, including the keys pressed on a keyboard.

Workplace Privacy & Computer Monitoring - The Law

There is only one federal law that addresses the issue of workplace privacy, the Electronic Communications Privacy Act (ECPA) of 1986. The ECPA prohibits:

  1. Unauthorized and intentional interception of wire, oral, and electronic communications during the transmission phase.
  2. Unauthorized accessing of electronically stored wire or electronic communications. E-mail is considered electronic communication.

The ECPA contains two exceptions that allow an employer to circumvent portions of the law. The first exception is the system provider exception, which states that the law does not apply to the providers of an electronic service. Since employers own their communication services, they legally have the right to monitor them. The second exception is a consent exception which states, “an employer may intercept electronic communications if the prior consent of one of the parties to the communication has been obtained.” Many employers have their employees sign computer usage agreements which details their monitoring policies and ensures that the employer will be protected by the ECPA.

In addition to the ECPA, the Fourth Amendment to the Constitution contains right-to-privacy laws. Employers can legally monitor their employees based on “reasonable suspicion” or “legitimate business needs.”  Such monitoring can be deemed unconstitutional if employees are not informed of the monitoring practices occurring within the company.

Employees are afforded some measure of protection from computer and other forms of electronic monitoring under certain circumstances. Union contracts, for example, may limit the employer’s right to monitor their employees. Public sector employees also enjoy some minimal rights under the Fourth Amendment, which provides safeguards against unreasonable search and seizure.

Most employers grant a reasonable amount of privacy to their employees. Privacy at the workplace, however, continues to be a much heated debate, as U.S. courts have repeatedly ruled that the employee should have little or no expectation of privacy in the workplace.

Currently, employers have the right to monitor company-owned equipment at any time.  If an employer suspects that a company-owned computer is being used for illicit purposes by an employee to communicate with a competitor, in an attempt to divert business, key logging is a tool that can detect suspicious activity.

Melissa Rodriguez is a Senior Investigative Analyst at MSA Investigations.

Disclaimer: This article is not intended or offered as legal advice and has been prepared for educational and information purposes only.

Tags: computer forensics, e-discovery, fraud investigations, digital forensics, Email, Personal Computer