Wonder what employees are really doing on those computers all day? A new court ruling shows that if they’re engaging in illegal cyber activities, you can show them the door. Just make sure you’ve shown them your cyber rulebook first …
Case in Point: Kipp Keller worked on the third shift as an electrician at an Indiana metal alloy manufacturer. One evening, Keller brought his personal laptop to work and connected it to the Internet to download newly released movies, including The Blind Side, Avatar and Inglorious Bastards.
The movie downloads clogged the company’s Internet pipeline, using 88% of the company’s total allocated bandwidth. The company’s IT director called the plant’s supervisor to say the Internet traffic jam was causing response-time problems for the service center.
They narrowed the problem down to Keller’s office. Upon investigation, they caught him at his desk with his laptop plugged into the company’s Internet. He allegedly closed the laptop and “got very red-faced and very nervous.” By then, Keller had already download 15 movies.
The company terminated Keller for violating its IT policy, which included rules pertaining to “theft or misappropriation of company property,” “misuse or failure to exercise due care for all tools, equipment or company property,” “any unauthorized entry into company property,” “interfering with others in the performance of their work,” and “engaging in personal work unless authorized.”
Keller filed aclaim, arguing that the IT policy did not specifically list “downloading movies on a personal computer” as an offense.
Result: An arbitrator sided with the company and a court agreed, upholding the termination. It said Keller admitted what he did violated federal law as generally stated at the beginning of each movie.
Additionally, Keller acknowledged he received and was trained on the company’s IT policy, which included a list of prohibited conduct but which clearly stated the list was “not all inclusive.” (In re Hayes Int'l and Steelworkers Local 2958, Arb. (Cohen), 8/10/11).
3 Lessons Learned … Without Going To Court
1. Have an IT policy. Make sure it lists a variety of prohibited conduct like “theft or misappropriation of company property.” But also make sure it includes language that the list is “not all inclusive” because no one could ever dream up all the infractions employees could engage in.
2. Conduct training. The court strongly weighed policy training in favor of the employer. The return on that investment of time was well worth it to stop this case in its tracks.
3. Monitor employees. Employees can be engaging in federal crimes putting the company at risk for liability. What organization needs to be the subject of that scary movie?