Sunday, September 1, 2019
Information Policies in Organizations
The information age has brought about rapid changes to the ways in which businesses conduct day to day operations. Although this move to electronic commerce has resulted in extraordinary advantages in terms of speed and cost-effectiveness of business, it also presents new challenges in the workplace. The information that is available to everyone on the internet, and more particularly to individuals within an organization is far greater now than it was just a few years ago. Despite the obvious advantages of this forward movement of technology, it creates a severe problem with control of information. Whereas organizational information in the past would typically follow a formal chain of command or an informal office communication network, it can now be passed around the world in milliseconds over the internet. Implementing and maintaining a set of checks and balances to ensure that e-mail and other means of electronic communication are used only in an acceptable manner can prove to be a difficult, time-consuming and costly endeavor. Therefore it is critical for any organization to establish policies and procedures for dealing with these problems in order to ensure the company is not faced with a liability problem for the distribution of indecent, harassing or protected information. A good starting point for an organization to try to minimize exposure to these sort of problems is by defining what is and what is not acceptable use of e-mail and other office communication systems. Policies and procedures can then be developed around this definition. Acceptable use is defined as the use of e-mail and other company information systems for business purposes. The policies and procedures regarding acceptable use must be in writing and be communicated to all the employees of the organization. A written policy should include some of the following the key elements which are necessary for a typical organization entering the information age. Define what is and is not appropriate use of company communication systems. This definition must be congruent with other company policies. For example, it should outline what is considered to be offensive or harassing material and the policy should clearly state that the company lines of communication are not to be used to distribute this sort of material. Furthermore, this definition should be all-inclusive in that it must cover all types of potential problems; from discrimination, to individuals personal information rights. The reason this is so critical is because this definition will form the framework of the company's information policy and will therefore be the critical legal element which stands to prevent these potential problems and serves to protect the company from liability should problems occur regardless of existing policies. In order to protect the company further from exposure to legal action, the formal policy must also include the procedure that employees can follow should their rights be infringed upon. Not only should victims of e-mail harassment or discrimination be encouraged to come forward and report the problem, they must also be assured that the company will not let such action affect the employee in any negative way. Otherwise the organization is leaving themselves open to allegations of covering up or failing to follow through on employee complaints. The policy must state that such reports will be kept in the strictest confidence and that victim is free to report an incident to someone other than their direct supervisor if necessary. Generating the confidence necessary for someone to come forward with allegations of harassment involving misuse of company information systems can be improved by clearly stating in the company policy that each complaint will be investigated thoroughly. Although the previous policies may foster openness with regard to reporting problems in the organization, they do not do a great deal to prevent the problem. Therefore it is crucial that the policy state the legal implications for everyone involved in such an incident. This portion of the policy should state that victims will be free from retaliatory actions from management and other employees and that those responsible for investigation will keep all information as confident as possible and conduct the investigation as objectively as possible. Most importantly however, the consequences for those who are guilty of causing the problems must be clearly outlined. Prompt and decisive disciplinary action should be administered as soon as anyone in the company is found guilty of wrongdoing. It would be foolish for management to expect that such a policy would exempt the organization from minor complaints or even large scale law suits resulting from information systems misuse. It is necessary for organizations to educate their employees on the proper use company communication systems and it is best to do this at the initial orientation phase of an employees career. Since most companies hire on a continual basis, it would be tedious to train new employees using a standard lecture method. The use of programmed instruction and computer based training can help to alleviate this problem through the use of pre-programmed software specific to the companies needs. This sort of training would save time by introducing new employees to standard procedures such as logging on and conducting daily communications. Computer based training can also make reference to company policy and procedure including rights of victims and consequences of those guilty of misuse. A self-administered computer based training program can be developed using standard office applications such as Microsoft Office and can be generated by a knowledgeable user in just a few days. This type of training program must be supplemented by a hardcopy of standard rules and procedures for use of company e-mail and also include a copy of the company's policy as previously outlined. Each new employee would be required to complete the self-administered training program and to sign a copy of the company's polices and procedures before receiving e-mail authorization. Once in place, this programmed instruction can be further modified to include guidelines for storing classified documents and messages. Certain information that is passed through company information lines is not intended to go outside of the organization and it is important for management to make sure all employees are aware that they are responsible for protecting company information. Computer based training can also teach new employees how to manage their e-mail files so that important messages are stored in a received file in which only that employee can access with their personal password. It is very difficult to ensure all employees follow e-mail polices and procedures, particularly if the company's computers have internet access and can sent e-mail to outside organizations from within the company. Periodically reminding staff about the sensitive nature of company information and frequent changing of passwords can help to prevent distribution of important information to those with no need or right to the information. In the case of highly sensitive documents, it is possible to arrange communication networks so that the important documents or data can only be accessed on certain computer terminals. This will allow the company to install firewalls, which can be useful for guarding the integrity of the information.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment