| FAQ What if I have an AUP policy regarding illegal | | | | sending these in future. At the same time, |
| images should I still communicate the introduction | | | | employees need to be aware that the continuous |
| of auditing and monitoring software? | | | | “unsolicited” receipt of offensive |
| While such software products are tools for | | | | material may require further investigation. |
| detecting the presence of obscene or illegal | | | | How does a company decide what action needs |
| images, their long term value lies in their potential | | | | to be taken if pornographic or illegal images are |
| as a preventative mechanism deterring | | | | discovered? |
| employees from storing, downloading, viewing | | | | The Case Management section of this document |
| such images in the first place. | | | | provides guidelines on the type of action that |
| In order for this potential to be realised, the | | | | should be taken following the discovery of |
| communication and education of employees is | | | | offensive images. Images are considered illegal if |
| essential. Employees need to understand the | | | | they involve a minor. In such cases, clients are |
| policies, the rationale or values behind the policies, | | | | advised to seek legal counsel which most likely will |
| the legal implications/ obligations and the | | | | result in contacting the police. |
| consequences of breach of such policies. | | | | However, ultimately the discovery of any |
| Therefore, continuous education and ongoing | | | | potentially illicit image material needs to be treated |
| communication are vital if such monitoring is to | | | | extremely seriously, since what one employee |
| serve as an ongoing deterrent. Appendix C | | | | construes as mildly upsetting may be viewed as |
| provides a sample communication informing | | | | extremely offensive by another. |
| employees about the introduction of auditing and | | | | I am concerned about the impact that viewing |
| monitoring software. | | | | such images might have on the employee |
| Is this an invasion of the employee’s right | | | | managing the system. What can be done to |
| to privacy? | | | | minimize the impact? |
| In most countries, all content on Company IT | | | | The selection of who monitors the system is a |
| Communication systems is considered the | | | | key issue and needs to be given due |
| property of the Company to which such | | | | consideration. The administrator must be |
| resources belong. From the time an employee | | | | someone who has both the IT capability and |
| joins a Company they should be clear that they | | | | emotional maturity to deal with potentially |
| should have no expectations with regard to | | | | objectionable material. IT and HR should work |
| privacy in their use of any of the | | | | together to select individuals with the right mix of |
| company’s IT or communication | | | | skills and maturity. |
| resources. This should be clearly stated in the | | | | Many companies decide to keep the monitoring of |
| company’s Acceptable Use Policy and | | | | such information at a management or senior |
| communicated as part of the initial induction. | | | | administration level until the monitoring system is |
| Where an Acceptable Use Policy may allow for | | | | widely implemented and its use and capability is |
| some personal use of the company’s IT / | | | | communicated and understood throughout the |
| Communication resources, employees still need to | | | | organisation. This communication and education |
| understand that ultimately all information contained | | | | should act as a deterrent, serving to reduce or |
| on such system is accessible on the part of the | | | | eliminate the presence of such obscene material. |
| Company. | | | | However, the HR/ IT Manager needs to be |
| What if images are sent to an individual | | | | continuously cognisant of the number and type of |
| unsolicited? How can it be ensured that an | | | | images viewed and consider the impact on the |
| employee’s reputation is not damaged | | | | administrator. Where necessary, the provision of |
| unfairly? | | | | an Employee Assistance Programme (EAP) may |
| To prevent this kind of situation a | | | | ensure that that impact on the employee is |
| company’s AUP policy should state what | | | | minimal. While the impact on the employee |
| an employee needs to do in the event of finding | | | | administrating the system may be upsetting, it is |
| or receiving obscene material either visual or | | | | happening in a controlled environment, where the |
| auditory. Typically, employees should report the | | | | individual has expectations of what they are going |
| receipt of such material to IT or HR immediately, | | | | to see. Contrast this to a situation where no such |
| this will prevent them being implicated in the | | | | monitoring is taking place and as a result such |
| solicitation of such information. The employee | | | | information is sent to an employee unsolicited by |
| should also inform the sender that such material is | | | | another employee. |
| offensive and that they should refrain from | | | | |