HomeLeadership

Privacy policies … they aren’t just for websites (first appeared in InfoWorld)

Like Tweet Pin it Share Share Email

For some reason, when technology enters the picture simple 80/20 economics flees the room. Here’s the latest example.

The FBI, rested now that the Clipper Chip controversy has faded, wants the cellular phone system to let them “…determine the location of a cellular phone caller within a half-second and almost instantly monitor the status of cellular-phone voice mail, conference calls and other wireless communications features,” according to the New York Times.

I’ll withhold comment on the public policy aspects of this issue. No matter how tempted I may be, I won’t give in and point out the huge potential for abuse in a proposal like this.

My goals are more modest: since prisoners teach each other how to build cellular scanners for 500 bucks, I’m wondering why the gummint (as President Reagan used to call it) can’t make do with this more economical technology.

You need to tell everyone in your company with a cellular phone about what follows: Anyone – criminals, private investigators, industrial spies, and the FBI – can easily build a cellular scanner. With it they can get voice mailbox numbers and passwords, and long-distance calling card numbers. Are you using cellular modems? Then they can get network logins and passwords, too.

That’s what the FBI could accomplish for about the cost of a color inkjet printer. I have a hard time believing the huge expenditures its current proposal would require will result in anything like a corresponding increase in effectiveness.

Personally, I’d rather reduce the deficit a bit more, thank you.

Some of you are probably getting pretty worked up about the privacy aspects of this proposal. Me too. Before you burst a blood vessel, though, stop and look in the mirror for a moment. You may just see the director of the FBI looking back at you.

No? Take a look at your company’s policy regarding the privacy (or lack thereof) of electronic mail and voice mail. Does it have an FBI-like tone? Many companies sanctimoniously proclaim these to be corporate resources, so employees have no right to use them for personal business nor have a reasonable expectation of privacy.

Well yes, they are corporate resources. Yes, companies can legally restrict their use to company business, and search through them at will. Opinion: companies need to distinguish between what they legally can do and what they ought to do.

Okay, I’ll climb off my high horse. Whether you agree with my position or not, if you haven’t created a written, well-publicized policy regarding employee expectations of privacy in electronic and voice mail, do so immediately. You need to draft it. Everyone up to the CEO needs to have their name on it. This is important.

What should be in it? First and foremost, you need to establish the company’s legal right to look through employee messages.

Once you’ve finished establishing the company’s legal rights, you should emphasize standard practice, which (in my awesomely humble opinion) should be this: Under most circumstances, employees have a reasonable expectation of privacy regarding the contents of their desks, interoffice memos, telephone conversations, and electronic and voice mail messages. Under some circumstances, though, the company may need to look through employee e-mail and voice-mail messages. A customer may call when an employee is on vacation, for example, and you just need to find a key memo or spreadsheet.

Why create an expectation of privacy? Two reasons. First, if the company treats employees as serfs or children in this context, it will have a hard time asking them to ask them to act as responsible, accountable adults in performance of their jobs.

Second, the lines between personal and business time have blurred. Personal business happens in the daytime. Employees take work home, and don’t charge the company for use of their personal desks and telephones. If a company asks for the latter, it shouldn’t complain about the former.