Big brother is watching you – but should they be?
In today’s world, few things are as valuable as data. Crunching information is how tech giants such as Google and Facebook have made their billions and became some of the most powerful corporates in the world. Securing this data through the practice of information protection is thus very essential for any business.
But, this often involves erasing the boundaries of employee privacy.
The Protection-Privacy Conundrum
Employee privacy has always been a touchy subject, but it has become even more pertinent as the importance of data has grown in business. Individuals are no longer allowed to access certain sites or undertake certain activities such as downloading things off the internet, lest they let the hackers in.
While most employees understand the need for information protection, sometimes, things can go overboard. Companies have been known to demand personal social media platforms for inspection or cut off employees from their cell phone in the name of information protection.
Some employees may begin to resent these restrictions, which in their eyes treat them as a child. One of the major fear of employees is that their tracked activity in the office may be used against them during performance reviews, such as when they are taking a small pause from work.
So, what can companies do? It is not viable to just put down information protections guidelines simply to cater to employees, losing good talent or productivity because of restrictive guidelines can also be problematic. Thus, businesses have the task of forming the middle path.
Designing Effective Information Protection
The key problem that leads to protection-privacy issues is that companies treat their IT strategy as one dimensional. They focus only on keeping the bad guys out and protecting their data. What they don’t realize is that such rules can cost the company in a number of ways, including by compromising employee privacy.
In order to be effective and more importantly, accepted by employees, information protection rules and regulations should have the following features –
Firstly, any information protection rules should ideally be drafted by an IT expert. This would ensure that the rules and regulations actually serve a purpose.
For example, if employee internet activity is under monitoring, there should be a simple explanation for it – websites are hotspots of malware, and if a person accidentally clicks on such a compromised website, immediate action is required to protect the business.
Rationality of rules helps individuals understand why employee privacy may be compromised in some situations.
Made in Collaboration
Information protection rules should not be created in a vacuum. They should be created with employee participation. This does two things. Firstly, it helps pool in ideas and strategies and thus helps in the best protection schemes to come up.
Secondly, such participation clearly shows that employees know what they are signing up for when the rules and regulations come into force. If participation is not sought, suggestions and contestations should be allowed before enforcing the rules.
Not Hinder Work
When rules are made in isolation or without relevant inputs from various departments, these rules have a great potential to hinder work. Blocking some websites might sound like a good idea to protect information and prevent distraction, but what if the marketing and research teams need to access those sites for their work?
Such rules will likely lead to unnecessary back and forth, and create employee resentment against the rules.
Keep Personal and Private Separate
Employee privacy needs to be considered by the information protections rules of the office. These boundaries, again, need to be negotiated in collaboration, and compromise may be required on both sides.
The ideal situation would be that employees enable their work computers and activity to be tracked, but that the company does not ever bring their personal activity onto the discussion board.
Procedures also have to be put in place to decide what will be done in case these boundaries create issues, such as when an employee puts up company data on a social media platform.
Lastly, it is essential that information protection rules show that the company is actually being protected against threats. This will help employees understand that sacrificing a limited amount of privacy can help their business and their jobs.
These results can be communicated in a number of ways and should ideally be accompanied by workshops and training in cybersecurity so that employees continue to follow the given rules.
Balancing protection and privacy can be a tough task in business, but the right set of rules and regulations made in collaboration, which are transparent in their functioning, can go a long way in keeping things positive for both the business and the employees.
Do you think that employees should forfeit their right to privacy at work? Or should companies come up with alternative ways to protect their valuable data? Let us know your thoughts in the comments below!