By any chance, does anyone know on here what the situation is with companies monitoring/restricting employees Internet surfing?
Where I work we will probably have to implement this in the near future, but I don't currently know what the rules are in Swiss concerning this level of monitoring.
There are no restrictions on monitoring as long as there is a disclaimer stating that internet usage may be monitored. Restricting internet usage is at company discretion and without notice. Email content monitoring is however not allowed.
Yes, I worked at a company who reserved the right to monitor email content. The primary objective was to archive all emails. They could also be retrieved and read if the company so desired.
So what constitutes monitoring. The potential actively monitor?
There was also a spam and profanity filter in place. Technically, if emails with bad language were filtered out, there is no limit to what could be filtered.
All places I have worked have disclaimers in place for surfing. Also it is generally against policy to surf for your own entertainment. There are a lot of webwashers and web filters in place.
It doesn't stop anyone, but I wouldn't go browsing through astalavista.
There are different things here. If you have a profanity filter in place this is an automated mechanism that reads the mail and checks it for bad language. It does not interrupt the flow of mail nor does it "open the mail" for reading. Furthermore it is not a person!
The relevant law (StGB 321 ter) starts with whomever ie a person. It does however also state that through a third party gives the possibility... which would imply if an engineer was to install the software they are liable!
Anyway the penalty is up to 3 years in prison or a fine.
If a company actually allows for reading via monitoring of mail then they are leaving themselves open for big problems - at least in Switzerland (and Germany and France and Hungary and Norway and...)
Ok thanks for all the replies. We are only looking at the web side of this...we already store and archive all emails, although currently we have plans to read/monitor the contents.
Now I guess the next question is...anyone got any recommendations for products/services to do the web monitoring?
Messagelabs is what springs to mind immediately for me, because we already use them for their virus/spam filtering. Anyone heard anything on their web monitoring product?
Does anyone else think it is funny to ask people who are possibly surfing the Internet at work... How to monitor people surfing the Internet at work???
Eire...fair point there but I work in IT, and this is research...does beg the questions of "who watches the watchers" though...
This has come from a request from uppper management, more with a mind of being able to tell users that we are monitoring, so we hopefully don't get any problems of users looking at sites they shouldn't do in work and offending others, therefore causing the company possible legal issues.
I don't think they will want to block anything in particular, rather act as a deterent.
If you just want to monitor (and potentially cache) then you have Squid and MS ISA to consider too - one free (IIRC) and one might be under licence if you're big on MS.
I realize this is a very old thread, but hopefully someone will see it.
I recently had an issue where my managers manager told one my colleagues to look at our email log for all emails sent to me over a specific period of time. He was looking specifically for an email about a cancelled order which I told him I did not receive. The order was for a computer cable. While my colleague could not see the actual email, he could see who all of the emails were from, the date and the subject.
He could also see everything that I sent or was sent to me (subject, to/from, date and time).
Is this legal in Switzerland? I was told it isn't.
I'd be surprised if such logs weren't legal. When i had an email issue with my domain, I asked specifically for my ISP to send me the logs to see if I'd missed anything important. Who told you it isn't legal?
I'm intrigued. Why is your boss getting exercised over a, what?, 20 franc cable?
The differance is that, in your example, it was your domain. This is a company, where information is supposed to be private. My understanding is that we can look at the logs to see if something happened. For example, a new user was added. But not to snoop on email, which is basically what this is.
As to why he had this done, he has decided he doesn't trust me. Everyone in my group agrees that this is irrational behavior. As you wrote, this is a 20 franc cable that was needed, but not urgently.
Checking the logs to debug email problems is common practice for sysadmins, usually this involves matching a know user sending an email at a specified time, particularly when a user complains that "I can't write to X" or "Y can't write me".
I would be surprise if this constitutes a privacy violation, since it is done "for the purpose of providing a service" or so to say. And in this cases the actual content of the e-mail is not relevant and not inspected.
Filtering is also common practice - think of antispam programs.
My last employer had a policy. Couple pages could be summarized as “You have no privacy; You are allowed reasonable personal use, but we will watch your every move”
That is not the case here. There is no debugging or issues with our email or sending spam. This was a supervisor not believing me and asking another person to search the logs for an email that doesn't exist simply because he wanted to.