Global Crisis Management Series: This post is part 15 in a series concerning topics further elaborated on in Cleary Gottlieb’s Global Crisis Management Handbook—a desk reference for spotting issues and avoiding common mistakes when faced with a crisis. The current version is available here.
Have the right policies in place
- Ensure clear, readily accessible, and (where necessary) country-specific policies are in place indicating the permitted uses of company devices and other IT equipment, including messaging services. If you allow employees to use their own devices to perform work, make sure your policies adequately address issues of access in the context of investigations.
- Draft and make accessible to employees a policy concerning the purposes for which, when, and by whom, suspicious log data can be accessed, and implement and enforce acceptable and unacceptable use of IT work facilities policies.
- Evaluate policies regularly. Policies that allow monitoring of communications should be reviewed at least annually to assess whether they are the least intrusive means to achieve the stated purposes.
- Stay informed on updates in the law surrounding monitoring, and note that these rules also apply to the monitoring of electronic communications in the workplace.