In a typical working day employees routinely use the internet for both work and personal activities. They use cloud-based business management tools and services on their work laptops and phones. They have their own smart phones by their desk, and communicate by email, phone, SMS or Whatsapp. They will have access to social media and increasingly are expected to use it as part of their work duties, by logging in to Facebook, Twitter or LinkedIn to contact clients and colleagues, accessing Dropbox or Google Drive for documents, or holding meetings via Skype. Technology is the centre of everything.
Employers should remind staff of the risks of accidental loss of data or devices. This is not just about keeping devices password-protected; a 2014 Cisco report suggests that 44% of employees share work devices with others without supervision and that 46% of employees transfer files between work and personal devices, often using unauthorised services.
Is your security policy up-to-date and does it warn staff of modern security risks – or does it still refer to 'floppy disks'? Does it deal with so-called 'shadow IT', the name for systems built and used by employees separate from those provided by their institutional and employer provided IT department? Do you have disciplinary procedures in place to deal with employees who deliberately misuse company data?
As for social media, if an employee uses it in the course of their employment, who owns the social media accounts? A number of court cases in the UK and US over the past few years highlight the problems of using, for example, LinkedIn accounts and the issues they pose over the ownership of company contacts.
Employers should have a social media policy in place but the policy should be proactive rather than simply covering what not to do. Companies need social media, so a successful social media policy should enable employees within a structured and communicated framework. It should cover how corporate social media accounts are used and provide guidance on how personal social media accounts should be used with care; there are plenty of cases of employees being fired for criticising their employer and their clients on Facebook.
Take note, however, of the unpredictability of being online. Microsoft's recent attempts to use an artificially intelligent 'chatbot', created to automatically respond to questions on Twitter, had to be removed within days of operation after it began to tweet nonsense and racist comments. If an artificial intelligence is capable of this, then imagine what a real life employee can do.
What about an employee who uses work devices excessively for personal matters? Companies seem to acknowledge that with employees having access to multiple mobile, connected devices and being available 24/7, it is inevitable that staff will access work devices for personal use. But to what extent can employers monitor such use?
Earlier this year, the European Court of Human Rights held that an employer who dismissed an employee for sending personal Yahoo Messenger chats while at work did not breach the employee's rights when reading his personal messages. The employer owned the device used to send the messages, so perhaps the ruling was not a big surprise. But many employees use their own devices, often known as Bring Your Own Device (BYOD), and some employers even encourage their employees to use personal, non-commercial apps like WhatsApp for work purposes. The line between business and personal mobile technologies is becoming ever more blurred.
Companies should therefore inform employees about how they will monitor activities at work. Employers should, however, be wary of straying into 'big brother' territory, like in the case of the Daily Telegraph newspaper which recently installed heat and motion sensors under desks to improve the office's energy efficiency, by tracking whether anyone was sitting at the table. The newspaper was criticised for employee surveillance and the sensors were swiftly removed.
Technology is becoming more of an intrusive factor in our work and, by extension, our personal lives. We can expect more claims against employers; already we see sickness claims relating to over-use of technology, from traditional RSI injuries to stress-related illnesses for making work demands over too many devices at anti-social hours. Employers must ensure that there are clear rules in place for all technology and move quickly to adapt.
Paul Haswell and Jolene Reimerson are technology law experts with Pinsent Masons, the law firm behind Out-Law.com