Last week I posted this poll on linkedIn, as promised this was a fun discussion :). Let’s start with the obvious, 60% believe it’s NOT acceptable for an employer to monitor their employees’ public social activity. Having said that, whether it’s OK or not, organizations are monitoring public social networks and at the end of the day if we want to keep our data private, we should be aware of what we are posting online.
But things aren’t as simple as they look (they never are :)). Even if an organization can technically monitor our public social activity, it’s another thing to store it offline, process it, or take action on it. Can the organization make decisions about me based on how I behave after work?! This can become a risk and liability to the company, it could easily backfire.
What about the other way around? Is it OK for employees to monitor their CEO or C-Level executives? Or kids looking at their teachers profiles?
Organizations will look for “Legitimate Interests” to monitor employees - like, Insider Threat, Brand Protection, and background checks. They may even hire companies to perform OSINT (Open Source Intelligence) on an employee or even partners. It’s SCARY how much information can be found on almost anyone - We share WAY too much!
So whether it is OK or NOT, here is my advice for employees:
- Ask your employer if they are monitoring your public social activity.
- Ask about employee privacy during the hiring process. Maybe the job is great but you don’t feel comfortable with the company culture.
- Be mindful of what you share. Here is a short video that can help with deciding on what to share:
My Advice to employers:
- Be Transparent! If you don’t tell people you are monitoring them, it could turn into a shit show… and you may lose good people. At least 60% won’t appreciate it (based on the poll).
- Get legal advice about what is “Legitimate interest”.
- If you are planning on “Storing the data or Processing it” then get legal advice - what if they deleted it and it’s not public anymore?
- Don’t jump to conclusions based on public activity, it may not be accurate.
- Use Wizer Security Awareness Training to train employees about privacy.
- Be Nice :)