This blog was written by Smarsh founder and CEO Stephen Marsh. In Laura Petrecca’s cover story from the March 17 USA Today (“Feel like someone’s watching? You’re right“), I said that employees should operate under the assumption that they are being watched.

This sentiment alluded primarily to employee communications at the office, on corporate-issued devices or through corporate channels. And this is not a bad thing (for employees or employers). If you’re in an environment where this concept seems foreign, it’s natural to question or feel vulnerable. However, these sorts of controls are most often implemented to provide transparency and protect the employer, the employee and the company’s customers.

The highest concentration of our client base resides in the financial services industry, and most are governed by SEC and FINRA compliance obligations. These regulatory agencies require and enforce that members engage in the consistent preservation and supervision of employee communications. These rules weren’t instituted for nefarious purposes – they are enforced to protect investors.

Regulatory compliance obligations have accelerated the adoption of our communications archiving and monitoring solutions, and accelerated the innovation of monitoring tools working with alternate forms of communication, such as instant messaging and social media.

Employer AND Employee Benefits of Monitoring

Smarsh (like other segments of our customer base) is not governed by the SEC or FINRA, but we recognize a number of benefits from using our monitoring services as part of our overall archiving strategy. First and foremost, monitoring enables us to enforce and evaluate corporate policies designed to limit legal liability, mitigate reputational risks and safeguard the confidentiality of corporate knowledge or trade secrets.

To that last point, organizations experienced an average of 14.4 incidents of unintentional data loss through employee negligence over the past year.¹ Combined with broad governance policies and appropriate staff training, the supervision of corporate communication systems helps mitigate these instances.

Avoid legal action or minimize damages by uncovering and addressing policy violations (profanity, sexual harassment) early. The proactive archiving and monitoring of employee communications will undoubtedly provide a far less expensive option than the alternative if your company is sued or forced to produce records.

Your ability to mitigate company risk in electronic communications improves if monitoring is part of your overall archiving strategy. Archiving – meaning the central preservation of all messages in their original form, as well as the ability to index, search and produce messages – is critical to establishing the systematic integrity of your monitoring procedures. An archiving system should track all administrative actions taken within the archive, so that policy enforcement (i.e. visual inspections of keyword violations) and responses to violations are documented.

(There are a number of other services that integrate with an email archiving system and improve the ability to identify and mitigate risk, such as spam and virus protection, data-leak preventionand secure messaging or encryption.)

Employees are protected by these same monitoring procedures. The system should document every inspection of an individual’s messages, which could certainly be valuable in settling disputes or investigating claims. Another benefit of an archiving solution for the employee is the ability to quickly access historical emails – and the knowledge within – without dispatching the IT department on a time-consuming restoration mission.

Governance Policies and Employee Training are Critical

Those responsibilities – whether with social media, through more traditional electronic channels and using employer-owned devices (email, laptops, internet, mobile devices, fax machines, etc.) – need to be documented, broad and explicit. Employees should be well-informed of policy and the personal and business privacy/productivity expectations within.

Common sense and rational expectations have a place in this process. Most progressive work environments recognize that employees are going to check their personal email from time to time or use the internet to check a movie schedule or sports score. Employees also recognize that if their organizations are providing tools to accomplish a job, these tools should be used efficiently to solve the tasks at hand.

The communication of expectations will truly help employees understand why communications are monitored and accept the situation. The simple knowledge that policy enforcement procedures (like monitoring) are in place should also serve as a deterrent towards any intentional behaviors the policy is designed to prevent.

¹IDC. “Insider Risk Management: A Framework Approach to Internal Security.” August 2009.

²Online poll conducted by Sophos Research, 2009.