Employee monitoring under the radar
According to Edward Snowden, there is a nationwide debate on US and UK spy agency surveillance. However, everybody is silent about corporate employee monitoring as per the views of David Melnick, chief executive of WebLife Balance. David Melnick has expressed this view in an interview with the Computer Weekly. According to his views, this corporate employee monitoring should be given equal importance.
Melnick points out that the tension between the security and privacy should assume a high priority. It should be treated on par with national level security issues. These corporate entities have taken advantage of a weak US privacy law. They have forced employees to adhere to strict online surveillance policies. This has caused an outrage in the society. The Australian correspondent Misa Han, in a recent article in the Guardian, has furnished an example wherein she states that she had been forced into working for no pay as she had accessed Face Book during her working hours. This type of monitoring is very common on many US companies. They take the pretext of information security, corporate governance, and regulatory compliance as excuses according to Melnick. The data leakage prevention systems have enabled these practices. The European data protection authorities and the employee representative organizations at US-owned multinational companies have challenged such practices. The French data protection authority CNIL had brought these problems to the notice of Melnick.
This has inspired Melnick to search for an alternate approach to security and privacy. Employees are bringing their personal equipment to office and organizations are aware of this fact. The organizations also know that the employees use these personal devices to access official data. The organizations have tried traditional methods to curb this practice but to no avail. Companies should be able to monitor all activities on the corporate network without infringing on employee privacy. This would be possible only if the personal and official activities are segregated online. It is with these ideas in mind that Melnick founded WebLife Balance in 2013. There should be a secure tunnel for connecting to the internet via the corporate network. The browser should function in a virtual environment. Thus, you can achieve separation. This has a twofold benefit. Employees get their privacy. There is no compromise on cyber security as well.
This enables that web-based malware does not affect the official data. The IT departments do not give much attention to the flouting of rules by the employees. This is because of the extreme nature of the corporate network usage policies. This can create weaknesses that malware can exploit. Transfer of any official files is prevented between the corporate and private network. In this way, the employer can be sure that no official data is compromised with in any manner, Employee activities are not properly put under surveillance. This enables the company to take the defense that they were ignorant of the activities of the employee. This requires setting up of a virtual environment. This should be the route to the internet. The organizations should gradually move their official online activity into this channel.
By doing so, they enhance company productivity. According to Melnick, this situation can benefit both the employee as well as the company. The organization’s data protection capability can be improved by granting privacy rights to employees. However, he is of the opinion that companies have not yet reconciled to this fact. Companies have to think differently and should be able to make this cultural switch. This requires greater coordination among all the other departments of the company such as finance, legal as well as human resources. Employees as well as managers have to be imparted training so that they would be able to understand the nuances of this shift.
Employees should understand that on empowerment, they become part of the solution rather than that of the problem. WebLife now boasts of having a Fortune 500 pharmaceutical company as its client. Melnick has plans to take his company to the RSA Conference 2014. Melnick also has plans to collaborate with CNIL and other European data protection agencies to discuss their further plan of action.