It can often seem that security measures exist to stop people from doing things, or to try to catch them out if they do. Across organisations, an broadening range of mechanisms can be used to ensure staff are not breaking the rules - raising the increasingly important question - how can security needs be balanced with employee privacy?
The answer is not straightforward. All manner of techniques are available to system administrators, security managers or senior management, including Data Leakage Prevention (DLP) and Deep Packet Inspection, but also extending to simply using privileges to gain access to the content of employee emails.
Not only is the potential for abuse clear and present but also, the corporate environment is becoming more complicated. A person's smartphone may connect to the corporate guest LAN - does this make it fair game for monitoring? What about use of location information or CCTV, to help process efficiency or monitor for misdemeanour?
While no simple answer exists, we do have a good starting point - that is, why we have IT Security in the first place. The role of security is generally agreed as protecting the confidentiality, integrity and availability data assets but this role, too, exists for a reason, which is to protect the interests of the business and its stakeholders.
As well as the business itself (representing the shareholders), the organisation has a duty of care to all of its stakeholder groups - these include customers, suppliers and, indeed, employees. Of course this can cause conflicts from time to time, but getting this balance right goes to the heart of business strategy and, indeed, corporate governance.
Equally, stakeholder groups need to deliver on their side of the bargain, as captured in documents such as the contract of employment, acceptable use policies and terms of service. Organisations may not always get everything right - we only need to look at the recent controversy over zero-hours contracts for an illustration of how some will choose to cross the line.
In general however, organisations that want to have a good relationship with their staff already have the tools they need. We are all human, and sometimes need both the stick as well as the carrot - if it were otherwise, we wouldn’t need to put locks on the doors.
However it is more than possible to get the balance right, if the needs of different stakeholder groups are treated with equal merit. If employes are considered simply as a problem to be solved, then they are more likely to become one.