I find this sort of thing to be very troubling. I understand why companies try to protect themselves and I cannot say that I disagree with it….in concept. But there is a line that can be crossed and that bothers me.
“What I’m looking for is not so much someone sending out something intentional or volumes of info” inappropriately leaving the hospital, she says. “I’m looking at, is this a legitimate recipient?” Maybe an e-mail address was mistyped, for example, or one too many people was copied in on a spreadsheet with patient account numbers.
Such careful oversight is becoming more common. Many organizations, fearful that inside information can slip out through innumerable digital avenues, now govern precisely what employees can or cannot put into e-mails, instant messages, Web postings and even offline documents. But employers can’t hold their workers’ hands all the time — so they’re increasingly turning to software that tries to do it for them.
Offices have had strong computer controls for years, from inbound protections like antivirus programs to filtering technologies that block porn or Web e-mail sites. This new generation of software sticks its nose into even more of what people do all day.
For example, one communications-control vendor, Orchestria Corp., says its software could have prevented the CEO of Whole Foods Market Inc. from posting the rival-denigrating comments on Internet message boards that he later came to regret.
How so? Because Orchestria’s software can be set to notice when certain keywords — a competitor’s name, for example — are entered in documents or Web forms. The software can be set to block such actions or simply warn users that they’re breaking company policy.
This fine-grained, automated monitoring is moving beyond highly regulated industries like health care and financial services thanks to a spate of new rules from government and the credit-card industry. Organizations also fear customer-account data breaches, insider thefts and other public-relations nightmares.
“The driver is ethics and reputation,” says Joe Fantuzzi, CEO of Workshare Inc., whose software analyzes data-leakage risks. “Whether I’m regulated or not, I need to be seen as an ethical corporation. That affects my stock price, that affects whether customers are retained — whether there’s a leak or not.”
These messaging-compliance technologies are still young. The Radicati Group, a technology research firm, estimates the market will ring up $670 million worldwide this year and more than triple in size by 2011.
Radicati analyst Masha Khmartseva says the technologies have some problems, including a tendency to mistakenly block or hold up too many items even if nothing in them flouts corporate policies. If an innocuous message is erroneously deemed sensitive and routed through an encryption server, the recipient has to spend extra time logging in to that server to retrieve the message.
Also, systems that warn employees if it appears they are about to send something possibly untoward — say, the name of a product under development to a recipient outside the company — can produce an annoying stream of pop-up messages, Khmartseva notes.
But get used to it.
“Very soon, everything is going to be controlled,” Khmartseva said. “At least that’s the idea. We’ll see how it’s going to happen.”
Many of you are reading this blog from your office. It is quite likely that in many of those offices someone is receiving a report about your internet usage. They know where you went, when and for how long you were there.
As I mentioned above, I understand why companies want to protect themselves. I recognize their need to control information output and their desire to try and prevent employees from wasting time. Yet, there needs to be some understanding on behalf of the employee. Not everyone is trying to rob from the company. Not everyone is stealing time.