If you've been following the online tech world, you may already know that one of the fastest growing Internet applications is instant messaging (IM). It may have started with teenagers perfecting the ability to have eight simultaneous "chats" going with eight different friends in eight windows, but it has matured into a business application that brings security and legal concerns with it.
According to Jupiter Media Metrix, Inc., approximately 54 million Americans now use IM including 13 million who use it at work. I suspect that many employers are unaware that their employees use it at work.
In case you're not familiar with IM (which probably means you don't have any teenagers at home), it's Internet software that lets you have real-time conversations online. You type. I see what you type almost instantly on my screen. I type a response. You might call it a conversation. While e-mail is more like trading letters, IM is more like a phone call.
According to the Gartner Group, by 2005, IM will surpass e-mail as the primary online communications tool. Your company shouldn't continue with a policy of benign neglect when it comes to IM. It's here, it's growing, and it's not going away. IM in the workplace requires some thoughtful policy-making.
One of the many issues with IM is security. Right now, the major free IM services (companies like AOL and Yahoo provide the software) have no mechanism to encrypt messages. This means that intercepting your messages would not be that difficult for people like a determined and skilled hacker or corporate spy.
Another issue is authentication. It's all too easy to spoof somebody's name using IM. The corporate world needs security software that will ensure that you are really talking to whoever it is you think it is. I'm sure that it will come soon.
A third big legal problem is logging and archiving. While it's generally illegal in Florida and many states to record a telephone call without the permission of everybody on the telephone call, it's not illegal to save an IM. This is where the paradigm shift from the ephemeral
telephone call to the apparently ephemeral IM session can haunt your company.
People often treat IM like a telephone call. They act like it's not going to be saved and that's a dangerous attitude. You might even be the one saving it if you have the archiving feature of your software turned on.
This can come back to haunt your company in a courtroom because your IMs are as discoverable in a lawsuit as your correspondence and other business records. That means that if you don't want to see your IMs shown to some jury as part of a PowerPoint presentation, you shouldn't be saying it in an IM.
A fourth issue, related to the logging and archiving issue, is the entitlement issue. Once you archive an IM, the question is who can access it. For example, if it's your company, are you entitled to read your employee's IMs? My guess would be "yes," but the key word was "guess." It's not as if I can point to clear law on the subject. The technology is just too new and law always develops after a new technology.
So, what's a company to do with IM? I say embrace it because it can be a useful business tool. While there are risks, everything has risk. The key is to mitigate those risks in a thoughtful way.
Adopt a User Policy
"Thoughtful" starts by adopting a user policy for IM. Your policy needs to tell your employees what you deem to be appropriate use of IM in the office.
Related to the user policy is education. Your employees need to understand that what they say in an IM reflects on your business and can have legal consequences. Although there's little law yet, you should assume that you could libel somebody in an IM as easily as in an e-mail or letter. In fact, the rule of thumb should be not to say anything in an IM that you don't want to see later and at the most inopportune time.
Education must also include drumming home the concept that people can and do save IMs. Another point is that your people need to understand the risk viruses and related security risks posed with IM. Some experts believe that most firewalls aren't as effective in stopping viruses that penetrate via IM as those that try to penetrate as an e-mail attachment.
Yet another rule is that IM and confidential information don't mix. The technology just isn't mature enough to risk transmitting secrets.
Your user policy should explicitly deal with personal IMs at the office. The problem arises when "excessive" comes into play. I think that common sense is in order here. Consider what your policy is regarding personal phone calls in the office. I would suggest that your personal use of IM policy be similar.
Instant messaging is yet another new technology to enter the workplace. Like all those before it, it brings with it many issues analogous to the technologies that preceded it and some new baggage. If you give its use in the office the thoughtful attention it deserves, you may find that you have a new and useful tool on your employee's desktops.
Mark Grossman's "TechLaw" column appears in numerous publications. Mark Grossman has extensive experience as a speaker as well. If you would like him to speak before your group or corporate meeting, please call (305) 443-8180 for information.
You can find a TechLaw archive at: www.DeWittGrossman.com.
If you have any comments, please send them to MGrossman@DeWittGrossman.com.
Disclaimer: The advice given in the TechLaw column should not be
considered legal advice. This newsletter only provides general educational information. You must never rely upon the advice given here. Your individual situation may not fit the generalizations discussed. Only your attorney can evaluate your individual situation and give you advice.
Except as provided below, you may feel free to forward, distribute and
copy the TechLaw column if you distribute and copy it without any changes and you include all headers and other identifying information. You may not copy it to a Web site.