French Supreme Court Decision Points Out Importance Of Using Monitoring Notices Wherever In The World You Have Personnel
I just read about a French Supreme Court decision made on October 10 (you can see a Google English rough translation of it here) that is significant to organizations who have employees in France, or anywhere worldwide for that matter, and the organization's employee monitoring practices.
Many of my clients over the years have run into problems with monitoring employee electronic communications...such as emails, Internet activities and so on...in many European countries; particularly France because of France's strict privacy laws that basically have historically allowed individuals to expect that their calls, network activity and so on cannot be monitored, or that they cannot be sanctioned for their associated activities, while at work. There have sometimes been problems even when login notices were routinely displayed indicating network activity is subject to monitoring. However, it has also been par for the course that employees within France have been immediately fired when caught viewing pornography.
This October 10 ruling may set a precedent. If you have personnel in France, you should talk with your legal counsel about how this impacts your policies and procedures regarding monitoring network activity. It is truly something information security and privacy practitioners within multinational organizations should think about and address. At the least, info sec and privacy pros should review their monitoring notices within their login banners and consider if it is time to update the wording.
In this particular situation, the French Supreme Court upheld a high school's decision to dismiss a teacher for looking at and downloading pornography from Internet sites from a computer within the school facilities.
In this case, in 2005, the fired teacher argued that the school had no right under France's privacy law to access his computer or inspect his hard drive, which is what led to the discovery that he had been viewing and downloading porn. At that time a a local labor tribunal rejected this argument.
Upon the fired teacher's appeal in 2006, the Montpelier Appeals Court also supported the school in their action to fire the teacher.
And now, upon yet another appeal, the French Supreme Court also agreed. Their opinion indicated that employers have the right to control and observe employee computer activities during work hours, and are only required to first warn employees, such as through monitoring notices upon login, before using automated surveillance and monitoring methods.
This would provide an example of the importance of using, everywhere in the world you have employees, those notices within the login banners that basically say something to the effect that, "This network and associated information assets and tools are property of the company. The company reserves the right to monitor activity on these information networks and systems. By pressing enter you indicate your understanding and agreement to this monitoring."
Of course the wording varies greatly from company to company, but that is the gist of these types of monitoring notice messages.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine