WARNING! Employees' Entertainment May Be Employers' Headache

Most employers have come to realize that personal use of the Internet at work by employees can decrease productivity, and that employees downloading inappropriate material can lead to hostile work environment claims. What many employers have not yet thought about is the potentially explosive problems facing them as the music industry continues its crackdown on those who illegally download and share pirated music files over the Internet.

Downloading music has become as common, and as easy, as circulating cartoons via e-mail. It, too, can be done with a few clicks of a mouse, with relatively little thought and with no expense to the person doing the downloading. The cost to the employer, however, can be great. Online piracy ' which can consist of the unauthorized uploading of copyrighted sound recordings or graphics that are then made available to the public at large, or the downloading of sound recordings or graphics from an Internet site even if the recordings are not for resale ' is considered a form of copyright infringement.

The music industry has taken a tough stance, recently filing copyright infringement suits against more than 500 individuals in just one day in February 2004. While, up until now, the industry has been targeting teens and their parents, it is only a matter of time until it begins filing actions against the employers whose employees are downloading at work – using the employer's computers and systems to make unauthorized copies of music or other media files. Indeed, the Recording Industry Association of America (RIAA) has already sent letters to thousands of companies, notifying them that their employees are using their computer systems to illegally swap music files. Lawsuits are, undoubtedly, the next step.

How it's Done Creates Additional Problems

As expensive as litigation can be, it's not the only problem caused by such activity. Other problems arise from the process itself, which necessitates that employees download peer-to-peer (P2P) file-sharing software onto their computers at work so they can then search for a particular copyrighted song or other file. The P2P software creates a connection between the employees' computers and those of other users of that software who have already downloaded a song or file. This, of course, provides an avenue of access to hackers and harmful viruses, as unauthorized files that appear to be music or media-related often contain viruses, bugs, links, scripts or other programs. Once downloaded, these ancillary programs can damage a company's entire network, and some of the P2P software can be configured to allow transfer of more than just music files. For example, it can be used to transfer files containing a company's confidential and proprietary business information, as a result of which, a company's highly sensitive trade secrets could be made public in the blink of an eye to an unidentifiable third party. It could also be used to transfer employee medical data which would cause HIPAA violations.

What Should a Company Do?

First Step

The extent of an employer's liability will typically depend upon the degree and sincerity of the effort that the employer put toward implementing measures to prevent this illegal activity. The first step, therefore, is to establish and disseminate a Technology/Internet policy that makes clear what constitutes online piracy and copyright infringement, that such activity is unlawful and is prohibited, and that clearly establishes that employees who violate the policy will be severely disciplined. It would also be wise to have the policy address computer use outside of the office that is in any way connected to the company, such as activity conducted on company-provided laptop computers and other electronic devices.

Second Step

Unfortunately, the reality is that most companies already have policies that prohibit such activity, but those policies are routinely ignored. Sometimes they are ignored innocently because many employees simply don't think about this sort of activity being in violation of the company's policy. Sometimes they are ignored deliberately because the Internet connections employees enjoy at work are so much faster than the connections the same individuals have at home. Music files that might take several hours to download at home (after being booted off a dial-up connection on more than one occasion) can be downloaded at work in mere minutes or seconds.

The second step, therefore, must be to provide training to supervisors so they know what conduct is prohibited by the policy, what to do when the policy is violated and understand the importance of implementing appropriate discipline in the event of a violation. Where possible, it would also be a good idea to train even non-supervisory employees in what type of activity the policy prohibits and why.

Third Step

Because it is so easy for people to fall back into bad habits, companies would also be wise to designate a point person who will answer employee questions regarding the Technology/ Internet policy and who will ensure compliance with the policy.

Fourth Step

To cut down on the need to discipline and monitor compliance, companies should install necessary protections to stop the information from reaching the employer's network in the first place. This action step also makes the network less vulnerable to hackers because it ensures that there are no open ports in a system's firewall.

Fifth Step

Despite all the precautions companies take, creative people always find a way around them. Companies should engage in periodic self-audits of the entire computer network to uncover unauthorized files, and should then delete all unauthorized copies of copyrighted material, commercial music, movie recordings, etc., which are rarely licensed for copying, downloading or transferring for personal use.

Conclusion

With so many problems facing today's employers, and with so many employment-related laws and regulations to watch out for, dealing with issues like file downloading often gets pushed down on the list of priorities, or overlooked altogether. Given the risk of litigation and potential loss of valuable corporate assets, however, it's an issue that should be high on the priority list.

Most employers have come to realize that personal use of the Internet at work by employees can decrease productivity, and that employees downloading inappropriate material can lead to hostile work environment claims. What many employers have not yet thought about is the potentially explosive problems facing them as the music industry continues its crackdown on those who illegally download and share pirated music files over the Internet.

Downloading music has become as common, and as easy, as circulating cartoons via e-mail. It, too, can be done with a few clicks of a mouse, with relatively little thought and with no expense to the person doing the downloading. The cost to the employer, however, can be great. Online piracy ' which can consist of the unauthorized uploading of copyrighted sound recordings or graphics that are then made available to the public at large, or the downloading of sound recordings or graphics from an Internet site even if the recordings are not for resale ' is considered a form of copyright infringement.

The music industry has taken a tough stance, recently filing copyright infringement suits against more than 500 individuals in just one day in February 2004. While, up until now, the industry has been targeting teens and their parents, it is only a matter of time until it begins filing actions against the employers whose employees are downloading at work – using the employer's computers and systems to make unauthorized copies of music or other media files. Indeed, the Recording Industry Association of America (RIAA) has already sent letters to thousands of companies, notifying them that their employees are using their computer systems to illegally swap music files. Lawsuits are, undoubtedly, the next step.

How it's Done Creates Additional Problems

As expensive as litigation can be, it's not the only problem caused by such activity. Other problems arise from the process itself, which necessitates that employees download peer-to-peer (P2P) file-sharing software onto their computers at work so they can then search for a particular copyrighted song or other file. The P2P software creates a connection between the employees' computers and those of other users of that software who have already downloaded a song or file. This, of course, provides an avenue of access to hackers and harmful viruses, as unauthorized files that appear to be music or media-related often contain viruses, bugs, links, scripts or other programs. Once downloaded, these ancillary programs can damage a company's entire network, and some of the P2P software can be configured to allow transfer of more than just music files. For example, it can be used to transfer files containing a company's confidential and proprietary business information, as a result of which, a company's highly sensitive trade secrets could be made public in the blink of an eye to an unidentifiable third party. It could also be used to transfer employee medical data which would cause HIPAA violations.

What Should a Company Do?

First Step

The extent of an employer's liability will typically depend upon the degree and sincerity of the effort that the employer put toward implementing measures to prevent this illegal activity. The first step, therefore, is to establish and disseminate a Technology/Internet policy that makes clear what constitutes online piracy and copyright infringement, that such activity is unlawful and is prohibited, and that clearly establishes that employees who violate the policy will be severely disciplined. It would also be wise to have the policy address computer use outside of the office that is in any way connected to the company, such as activity conducted on company-provided laptop computers and other electronic devices.

Second Step

Unfortunately, the reality is that most companies already have policies that prohibit such activity, but those policies are routinely ignored. Sometimes they are ignored innocently because many employees simply don't think about this sort of activity being in violation of the company's policy. Sometimes they are ignored deliberately because the Internet connections employees enjoy at work are so much faster than the connections the same individuals have at home. Music files that might take several hours to download at home (after being booted off a dial-up connection on more than one occasion) can be downloaded at work in mere minutes or seconds.

The second step, therefore, must be to provide training to supervisors so they know what conduct is prohibited by the policy, what to do when the policy is violated and understand the importance of implementing appropriate discipline in the event of a violation. Where possible, it would also be a good idea to train even non-supervisory employees in what type of activity the policy prohibits and why.

Third Step

Because it is so easy for people to fall back into bad habits, companies would also be wise to designate a point person who will answer employee questions regarding the Technology/ Internet policy and who will ensure compliance with the policy.

Fourth Step

To cut down on the need to discipline and monitor compliance, companies should install necessary protections to stop the information from reaching the employer's network in the first place. This action step also makes the network less vulnerable to hackers because it ensures that there are no open ports in a system's firewall.

Fifth Step

Despite all the precautions companies take, creative people always find a way around them. Companies should engage in periodic self-audits of the entire computer network to uncover unauthorized files, and should then delete all unauthorized copies of copyrighted material, commercial music, movie recordings, etc., which are rarely licensed for copying, downloading or transferring for personal use.

Conclusion

With so many problems facing today's employers, and with so many employment-related laws and regulations to watch out for, dealing with issues like file downloading often gets pushed down on the list of priorities, or overlooked altogether. Given the risk of litigation and potential loss of valuable corporate assets, however, it's an issue that should be high on the priority list.