December 27, 2000, 5:04 PM —
WHEN A FEW OF HISemployees in the IS department at Sunrise, Fla.-based Ursus Telecom Corp. started trading an episode of the bawdy comedy South Park using Napster, the popular file-sharing application that has both rocked the entertainment industry and thrilled millions of users, the company's vice president of worldwide Internet services took action.
Having read stories of high-profile lawsuits filed against Napster, Chavez decided to avert legal trouble before it came his way: He banned Napster from PCs in the company's offices.
"I figured I'd better nip it in the bud," Chavez said. "I work for a public company. I answer to the board of directors. It's a matter of the public trust."
Fortunately for Chavez, the few employees who were using file-sharing technology didn't react harshly to the Napster ban. In fact, Chavez said his feelings were hurt more than anyone else's -- because nobody had sent him the infamous South Park episode. But for many CIOs, the issue of how to shape and enforce policies dealing with employees' personal use of company technology is no laughing matter. It's a problem that will become increasingly complicated as new technologies arrive, especially on the Internet.
Internet abuse in the workplace is nothing new. As soon as the Web hit corporate America, it raised issues such as declining employee productivity because of Web surfing and the prospect of workers viewing pornography and other objectionable materials online. But the battle to rein in the Web has reached a new ground. Evolving technology is forcing -- and will continue to force -- CIOs to reevaluate the definition of Internet abuse and their role in developing and enforcing policies designed to prevent it.
The latest innovation to give corporations fits is file-sharing applications, which can tie up bandwidth, introduce legal hassles and hinder productivity. But they are only the problem du jour. Tomorrow, it could be something else entirely. CIOs can maintain control no matter what the next day brings by taking several positive and specific steps to ensure that their companies' employee-use policies allow for reasonable personal use of technology without giving employees too much or too little leeway.
To do so, it is vital to merge risk management with empathy for employees -- especially in the case of IT workers who are already in high demand. "If I were heavy-handed, they could walk out the door and have another job the next day," Chavez says. People who spend 15 hours a day in the office will need to take care of some personal business while they're there, whether it's transferring money between accounts or making airline reservations. Allowing that use without condoning abuse is critical.