Should CIOs have to be unquestioning players in tracking employees for the purposes of compliance? As Michael Schrage, a research fellow at MIT Sloan School's Center for Digital Business, notes, the role of compliance cop can put CIOs between a rock and a hard place. Schrage looks at the responsibility senior IT executives have to put the brakes on data monitoring and mining by corporate executives when such surveillance of employees could cross the privacy rights line.

Schrage cites the example of a Fortune 1000 company where the chief diversity officer asked the CIO to use analytics software to find out whether internal email showed any racial or gender biases. When the CIO checked with the legal department to see if this was okay, the answer was a definitive "no."

Between the mountain of data that organizations amass and the sophistication of tools available to analyze it, companies and their executives have powerful ways to keep tabs on what their employees are saying. Increasingly they are determined to make sure employees comply with communications regulations in light of Sarbanes-Oxley, Regulation Fair Disclosure and anti-discrimination laws, Schrage writes.

At the same time, some are discovering unpleasant surprises when it comes to the ease with which sensitive information--and inappropriate information--is seeping into the public sphere via the Internet. At the intersection of these trends stands the IT department.

Few CIOs really feel comfortable about becoming the "Chief Invasiveness Officer," as Schrage puts it. And while they often are in the habit of checking with the legal department if any questions exist, this process not only makes "the CIO and the department look like lackeys for the lawyers, it sets up a dynamic where employees can wonder--not unfairly--whether they're working for Big Brother," he writes.

Worse, "IT ends up being branded as a reactive snitch rather than a group with clearly understood and crisply communicated ethical standards around employee surveillance and monitoring."

While privacy in the workplace is an age-old subject, there are more reasons than ever before for more executives to come to IT to look for data on employee behavior, Schrage argues. Should CIOs just accommodate these requests, or "does this offer an important opportunity for the CIO and IT to powerfully influence personnel and privacy policies at the firm?" he asks. "Simply because somebody wants something done--even if it's becoming fairly quick and easy to do--should CIOs acquiesce?"

Schrage's answer is no. Instead, he suggests, CIOs should take this opportunity to talk about principles for employee monitoring and take on a role in developing the ethical culture at their organizations.

For more:
- see Michael Schrage's post at Harvard Business Review

Related Articles:
Tools that let workers know they're being watched
Some IT pros uneasy about employee monitoring