Employee Privacy:

Computer-Use Monitoring Practices and Policies of Selected Companies

GAO-02-717: Published: Sep 27, 2002. Publicly Released: Sep 27, 2002.

Additional Materials:


Robert E. Robertson
(202) 512-9889


Office of Public Affairs
(202) 512-4800

Over the past decade, there has been a technological revolution in the workplace as businesses have increasingly turned to computer technology the primary tool to communicate, conduct research, and store information. Also during this time, concern has grown among private sector employers that their computer resources may be abused by employees--either by accessing offensive material or jeopardizing the security of proprietary information--and may provide an easy entry point into a company's electronic systems by computer trespassers. As a result, companies have developed "computer conduct" policies and implement strategies to monitor their employees' use of e-mail, the Internet, and computer files. Federal and state laws and judicial decisions have generally given private sector companies wide discretion in their monitoring and review of employee computer transmissions. However, some legal experts believe that these laws should be more protective of employee privacy by limiting what aspects of employee computer use employers may monitor and how they may do so. Following the September 11, 2001, terrorist attacks on the United States, policymakers re-examined many privacy issues as they debated the USA PATRIOT Act, which expands the federal government's authority to monitor electronic communications and Internet activities. GAO reviewed 14 private sector companies' monitoring policies and found that all companies reviewed store their employees' electronic transactions: e-mail messages, information on Internet sites visited, and computer file activity. They collect this information to create duplicate or back-up files in case of system disruption; to manage computer resources such as system capacity to handle routine e-mail and Internet traffic; and to hold employees accountable for company policies. Representatives from all of the companies had policies that contained most of the elements experts agreed should be included in company computer-use polices. None of the companies GAO studied had changed any of their employee computer-use policies or monitoring practices after the September 11 attacks. Most companies did, however, report a growing concern about electronic intrusion into their computer systems from outside trespassers or viruses and had increased their vigilance by strengthening their surveillance of incoming electronic transmissions.

Jun 22, 2020

Apr 14, 2020

Feb 14, 2020

Feb 10, 2020

Sep 9, 2019

Apr 10, 2019

  • employment icon, source: GAO

    Priority Open Recommendations:

    Department of Labor
    GAO-19-395SP: Published: Apr 3, 2019. Publicly Released: Apr 10, 2019.

Apr 9, 2019

Apr 8, 2019

Mar 28, 2019

Feb 28, 2019

Looking for more? Browse all our products here