Playing big brother could make a company unpopular with its employees, but that may be a necessary price to pay, a recent study suggests. North American securities firms that review employee electronic correspondence are able to significantly reduce their organization’s exposure to corporate risk, a survey by Toronto-based e-mail archiving software firm Fortiva Inc. indicates.
Sixty-three per cent of the companies polled said e-mail surveillance has improved their awareness of potential perils stemming from employee communication.
“Companies are starting to recognize the benefits supervising electronic communications can have within an organization,” said Paul Chen, CEO, Fortiva. Increasingly sophisticated archiving tools are making it easier for organizations to protect themselves from e-mail risks, he said.
These risks run the gamut – from industrial espionage and insider trading to sharing of pornographic material and even harassment, according to Rick Dales, vice-president, technical product management, Fortiva.
“Some employees might be making false representation to clients or promising investment returns that can’t be guaranteed,” said Dales.
The survey, which involved 100 U.S. and Canadian companies in the securities industry, found that at least 93 per cent of the firms have formal policies requiring e-mail surveillance.
All participants review employee e-mail, but only five per cent examine the contents of attachments and 52 per cent review instant messages. Fortiva further discovered that companies are spending an average of 12 hour per week for every 100 employees to review their electronic messages.
The practice of monitoring employee e-mail has gained traction in various industries over the past two years, according to a Toronto-based lawyer who specializes in information technology and intellectual property.
“Companies are not only promoting policies covering e-mail correspondence but are also engaging in electronic correspondence surveillance,” said Ron Walker, of Fasken Martineau DuMaulin LLP. Walker sited the two-year-old court battle between the Canadian Imperial Bank of Commerce (CIBC) World Markets Corp. and startup Genuity Capital Market Inc. – both based in Toronto.
CIBC has alleged that its former executives who set up Genuity were pirating CIBC employees. Evidence presented by CIBC in the ongoing cased included employee e-mail.
Walker said e-mail can also be used as evidence of inappropriate behaviour. For instance, he noted that in the U.S. Rep. Mark Foley of Florida resigned amid reports that he sent sexually explicit Internet messages to an underage male.
At least 26 per cent of organizations that checked employee e-mail correspondence terminated an employee based on information garnered from their surveillance operations, said Jeffrey Plotkin, security enforcement specialist, Pitney Hardin LLP, a New York-based law firm.
Plotkin, who helped Fortiva conduct the survey, said 12 per cent of the companies that searched through employee e-mail uncovered customer complaints that were not escalated or disclosed.
Fourteen per cent of the companies said they forwarded employee correspondence to a regulatory or law enforcement agency. While 83 per cent of the firms do not prohibit employees from sending and receiving e-mail, 79 per cent of the businesses feel they were preventing employees from engaging in correspondence that violates corporate policies and regulations.
The National Association of Securities Dealers (NASD) and the New York Stock Exchange (NYSE) have rules that mandate supervisory review of electronic correspondence or registered representatives with the public. “But there really are no clear guidelines concerning how the review should be conducted,” said Plotkin. He said he hopes the survey will reveal what the securities industry is doing to meet NASD and NYSE supervision requirements. “Despite lack of guidance, companies have been very proactive in making sure they meet regulatory requirements.”
The survey also revealed 64 per cent of the companies sample a percentage of all employee electronic communication, while 36 per cent only sample groups of users, such as brokers, advisors or executives. Sampling sizes vary from one to 50 per cent with the median being 10 per cent.
Walker suggests that companies intending to set-up e-mail surveillance programs must set clearly defined goals and tailor monitoring activities to meet these targets.
“Monitoring to enhance customer service is different from monitoring correspondence that may include inappropriate behaviour,” he said.
Dales of Fortiva said corporate e-mail surveillance comes under stricter government guidelines in Europe while North American firms usually require workers to sign agreements informing them about the company’s Internet and e-mail policies.
He added that using snooping on employee correspondence for malicious purposes would not be financially viable for any company.” “Firms don’t tend to use surveillance for malicious purposes because the time it takes to sift through e-mail constitutes a big investment.”