Thursday, September 30, 2004

Code of Practice on Employee Monitoring

I wish to share my concern on the recent PCO consultation document on Draft Code of Practice on Monitoring and Personal Data Privacy at Work, to be launched under the PDPO. I see it as a potential opportunity for general office managers, HR managers and IT managers, all EO core duties. We had better give it some thoughts and be prepared for work ahead.

Employers have a legitimate claim in monitoring the performance of those they paid to work for them. Employees also have a right of keeping their privacy, as the basic human right. With the advent of technology, monitoring is now very easy. The consultation document highlights several types of monitoring:

- Telephone monitoring: all forms of monitoring of voice calls on telecommunication equipment including mobile phone provided by employers. This is getting easier as more offices engage digital voice processing, both for communication and record.
- Email monitoring in relation to e-mail sent or received on equipment made available by employers.
- Internet access monitoring: websites accessed by browsers and associated equipment made available by employers.
- Video monitoring: any video or CCTV monitoring, but does not include observation by a human being in floor walking. Video processing is also getting easier with webcam and DV.

The Draft Code will not touch on employee drug testing, psychological profiling and productivity monitoring by automated equipment, which could only made legitimate by specific provisions in employment contracts.

The Draft Code proposes that two principles should be considered in order to balance legitimate monitoring and protection of personal data privacy:
- Principle of Proportionality: any intrusion on the employees' privacy should be in proportion to the benefit derived from monitoring by the employers, and related to the desired risk of reduction of the monitoring. Employers must evaluate what sort of risk he is facing and which he want to ameliorate, and only undertake monitoring likely to reveal the feared type of transgressions.
- Principle of Transparency: employers should provide employees with sufficient information to enable the employees to make an informed choice regarding their behaviour at work.
- Also, communications monitoring should be limited to scrutiny of the log record of the communication rather than the content of the communication, unless it is clear that the information in the log record fails to achieve the business purpose of monitoring.

The intention of the Code is to regulate, or reduce, unnecessary monitoring by employers. However, my prediction is the opposite. I think when the Code is formally launched, instead of reducing monitoring, employers will realize that they can legitimately monitor the behaviour of employees under certain conditions. Managers (EOs) will be asked to devise such monitoring system within the legal boundary. For IT, we have SAM, mail traffic log, internet traffic log and it virtually does not cost extra but a little effort on analysis. Many departments have installed tracking system for staff and cars. The possibility of monitoring is unlimited. They has already been considered as effective tools to re-engineer, re-organize and change work procedures to achieve better VFM.

This is a niche that we can explore, either for better management of resources, or better protection of human right. If we get a head start first, we can be the professionals in this area.

Wednesday, September 29, 2004

Employee monitoring

I have been keeping track of the trend in technology development which could be deployed in employee monitoring. While there are justified reasons for such technology, it infringes on the personal privacy of employees. There has been concern worldwide on such privacy infringement. In Hong Kong, the Privacy Commissioner's Office is drawing up guidelines on employee monitoring. This is an issue for HR managers on conditions of service, general managers on office security, and also IT managers on the proper use of the technology.

The first thing that caught my attention is RFID, which includes the government employee ID smartcard many of us is carrying. The RFID technology is maturing and will soon become an everyday device. Its original purpose is inventory control. But it can also track and record movement of individuals who carry it, and then correlate the information to behaviour.

On a similar device, I just read an article on the use of identification bracelet in a newly opened theme park. All customers are issued the bracelet and the park rangers can track the where-about of everybody in the park using RFID technology, perfect for lost children and crowd control.

On a larger scale, a latest report on GPS phone reveals the possibility of territory-wide or even global employee monitoring. GPS-enabled cell phones can track users, and employers are eager to keep their mobile workers on an electronic leash. Bosses want the service, many consumers want the service, and the technology is becoming cheaper and more widely available. I append below an extract of the article published in CNET.

--begin quote--
Cell phones are giving employers new ways to check up on employees in the field and raising fresh workplace privacy concerns as a result. On the leading edge of the trend is Nextel Communications. The wireless provider began selling its Mobile Locator service last November, giving bosses an easy way to find employees who carry GPS-equipped cell phones.

Earlier this month, mobile tracking firm Xora showed off the latest version of its Nextel GPS (global positioning system) phone software. The company says 1,600 corporate customers have signed up for its services, including "geofences" technology that sets off an alarm at the office when field workers go to preprogrammed off-limits sites, such as a bar or a park.

Employee-tracking devices are gaining steam thanks to ever-more-accurate GPS technology and a U.S. mandate requiring wireless companies to develop ways for emergency workers to find the physical location of people who dial 911 on a cell phone.

Now new E911 emergency regulations governing wireless carriers promise to unleash profitable new GPS services, analysts say. To comply with the rules, carriers have begun running more accurate GPS technology capable of supporting a range of commercial services that go beyond emergency location. This high-accuracy infrastructure is setting the stage for high-accuracy location-based services.
Xora said hundreds of companies, including transportation giant U.S. Foodservice, have signed up for its GPS TimeTrack technology to monitor employee timesheets, jobs and locations using GPS-enabled Nextel phones.

GPS TimeTrack is a Java program that sits on a cell phone, and periodically requests latitude and longitude information from the phone's GPS system. At this point, Nextel is the only company that makes a GPS-enabled phone that works with the software, although the company expects the application to be supported by other phone makers.

Xora's product is taking off quickly. It was only July when the company said it signed its 1,000th GPS TimeTrack customer. "It's just incredible momentum," said Ananth Rani, the company's vice president of products and services. "We're adding about 200 a month."

As GPS technology proliferates, there's growing awareness among cell phone owners that the devices can track them. Nearly half of all wireless phone users and 55 percent of all wireless Internet users knew of some location-based services, according to a survey by In-Stat/MDR. More importantly to U.S. cell phone carriers, more than a third of those surveyed said they'd be willing to pay a monthly fee for location services.

Nevertheless, the surveillance capabilities of these phones are raising privacy concerns.

Every move you make, the boss is watching you -
One of the earliest examples of how an employer can walk this fine line is in Chicago, where about 500 city employees now carry geo-tracking phones, mainly as a tool to increase their productivity. The phones were distributed to employees only after their unions won several concessions, including allowing workers to shut down geo-tracking features during lunch time and after hours.

Another showdown over the technology erupted last year in Massachusetts, when the state highway department proposed issuing GPS-phones to snowplow drivers to achieve greater accountability from 2,200 independent contractors used to clear the roads. Hundreds of drivers threatened to sit out the first major snowfall of the year in protest, but eventually agreed to use the phones on a trial basis.

A San Diego-based consumer advocacy group, the Privacy Rights Clearinghouse, advises employers to only consider using the phones to achieve a legitimate business purpose, and not check up on potential loafers.

"There are good business reasons for using it," a representative for the group said. "But it must be coupled with a very robust privacy policy."
--end quote—

Sunday, September 19, 2004

e-Government strategy - EGRIN

I wish to liken the e-government at a grand scale to the e-services of EGRIN at a smaller scale. Both are facing the same issues. CITB has made the move to enhance e-government. The strategy announced is quite applicable to EGRIN.

The e-government strategy is a very good pointer of the direction that we should be heading. Should we envision what the future would look like, we should be proactive and take positive steps forward in order to stay ahead. The sign is very clear and people all want to climb on the bandwagon. But like any change, there are always the innovators and the bystanders. A LegCo member once said: there are a lot of e-government services offered in parallel with traditional mode of service of delivery, making a lot of redundancy. He asked that for the e-services to be cost effective, there must be corresponding cut-back in traditional services. The e-government strategy has realized this point and put customer orientation and migration as the foremost initiatives. Only when customers are channeled to e-services could the transformation be successful.

We have EGRIN established a few years ago and have an early start of the e-services. We are at the stage that there is a parallel run of the traditional way and modern way of communication. The e-government strategy is a very good reminder that we should forge ahead quickly and make more effective use of EGRIN as our day-to-day form of communication between GGO and members of the grade, and between colleagues.

EGRIN is quite mature as a centre for the depository of information. What is now needed is exactly what the e-government strategy is crying out, i.e. customer orientation, customer migration and leadership.

For customer orientation, we could introduce personalized features and aligned customer interface so that colleagues could navigate EGRIN with ease and fun. For customer migration, we need to speed up and facilitate the migration of customers towards e-services, and provide high value services for targetted utilization improvement. These are measures stated in the e-government strategy.

The most important point of the strategy is government leadership in e-services. Similarly, the most important point for the success of EGRIN is GGO leadership. There are much that could be done instead of waiting for members of the grade to convert. There should be more proactive steps in the promotion of e-services. We could start with the exchange forum and e-learning. The goal is to make EGRIN a place where colleagues would wish to visit everyday for news, up-to-date information, references for work, JIT learning, expert advice, and interesting and joyful conversation with colleagues.

Friday, September 17, 2004

e-Government strategy - IT management

Notwithstanding the effect of the e-government strategy on all aspects of the work of EOs, the fundamental impact is on IT management. While managers engaged in all types of duties will eventually be involved in the application of IT, there are specific changes on the use of the technology in tandem with the e-government strategy that we should take note of. They affect the mode of delivery of services and the configuration of hardware and software of all networks and systems.

The booklet mentions infrastructure and networking government. To this end, OCGIO is setting up common platforms and standards to facilitate exchange of information. Colleagues involved in IT projects will have to make use of these platforms and follow these standards. You may wish to refer to the recent circulars issued by ITSD/OCGIO on the mandatory requirements. We should quickly acquaint ourselves with the basic knowledge on such IT protocol in use in government in order to stay ahead.

Interoperability framework - There is a cross-department co-ordination group led by OCGIO for the establishment of standards so that various systems on similar subjects are interoperable. There are many sub-groups and task forces on various subjects. I represented HPLB previously on two of them and met many EO colleagues there.

SCOPES (Shared Common Platform for Electronic Services) and SPICA (Shared Platform for Internet Content and Applications) - OCGIO is establishing these common services and platforms centrally so that departments could simplify their effort in the implementation of e-services as well as maintaining a standard and smooth mode of operation for the exchange of data between different systems. The setting up cost of the platforms is high and OCGIO is having high hope on the utilization of these platforms to make them cost effective. Departments will soon be asked, persuaded and probably forced to migrate their systems to the platforms.

Accessibility programme and departmental portal - These are government-wide effort to establish an IT-able environment for G2E and G2G applications. With them in place, all government officers will be able to communicate, exchange information, transact business in a fast, convenient and secure manner. With such enabling environment, we will fast track to e-government.

I have mentioned earlier the role of EOs in IT management, i.e. office network amd LAN administration, IT projects of EO work and other IT projects. We cannot escape the first two. If we can demonstrate our sharp edge of management skill, we can also contribute to the third. In fact, many colleagues are already involved in many departmental operations IT projects. In my last job, I co-ordinated an IT project on the alignment of geospatial data involving 13 departments. All that needed is our expertise in resource and system management, plus an understanding of the IT aspect of the project in hand, which could be acquired or strengthened on-the-job.

e-Government strategy - general management

General management and IT management have mingled to a large extent. In small departments, EO colleagues in general management are all involved in the management of the office network and also the department website. The initiatives raised in the booklet, viz. accessibility to modern office equipment and network equipment, the authentication and security issues, public access of information, the effect of Electronic Transaction Ordinance, as well as standardization of website design have all prompted additional demand on the knowledge and skill for office managers.

Furthermore, the e-government strategy announced in the booklet gives due emphasis to customer orientation and customer migration. Much public services have to gear towards orienting customers better and migrating customers towards e-services. I look around and observe that our multi-skill EOs are involved in the operations of many departments. The extra effort required to promote e-services in general will consequently create additional demand on IT management. Colleagues who are involved in such activities may wish to share their experience with us here.

Thursday, September 16, 2004

e-Government strategy - Financial Management

A less observed but equally important area in the strategy is financial management. In fact, government accounting is among the first projects to make use of IT. The LAFIS has been extended to all departments many years ago. The hardware and services of LAFIS are provided by the Treasury and EOs in finance just need to be acquainted with the operation of the workstations and to understand the navigation of the system. LAFIS is now undergoing a major overhaul and a new GFMIS will replace LAFIS by 2005/2006. This time, departments have to manage their own network and workstations to connect with the new system using web interface. The demand on IT management skill for financial managers will increase.

Furthermore, the booklet also announces the change in funding priority, business process re-engineering and measurement of full benefits for IT projects. These affect both departmental managers and bureau resource managers. These colleagues should have already felt the change in managing funding applications online, and the extra skills in evaluating the total costs and work process required in dealing with all projects. The trend in this respect is steep upward as more and more projects are related to IT one way or another.

Wednesday, September 15, 2004

e-Government strategy - Networking

Although the e-Government strategy basically rides on the use of IT. Its effect is on many facets of management work. In particular, when G2E applications are concerned, there is heavy impact on the work of HR managers. The way that HR managers interact with staff has already changed and will change further with more intensive use of IT in this area of work.

The booklet highlights networking government as a major theme. It is essentially about the internal communication within the government. The old days when not all staff are connected to the network, and correspondence and announcements have to be circulated through the flow of papers are almost gone. Government is launching the accessibility programme where much resources and urgency are attached to the target of letting all staff have access to the network. A departmental portal programme has been launched last year for easy authentication so that staff could have access to various web applications. The first such applications are ePay and eLeave. More applications concerning staff benefits are coming on stream. Also, CSB and OCGIO have started a project on a common HRM system to be used by all departments. I think colleagues are quite familiar with the changes I mentioned above which occurred within the last year. Pretty soon, HR managers will be doing all their work online and all their services will be e-services. HR managers, aka EOs, have to get ready for the change quickly.

Again, we must be grateful that we already have the e-platform of EGRIN where EO grade management is gradually being conducted online. Its popularity will grow as more essential information are only disseminated there. The present situation where only 30 colleagues out of more than 2000 regularly read EGRIN mail will gradually change as the number slowly grows to a critical mass.

Monday, September 13, 2004

e-Government strategy - eLearning

The first thing in the booklet that caught my eye is that eLearning has been included as the first initiative under the strategy. With improved accessibility to the network for most staff, eLearning is regarded as an essential G2E application. Many departments have already engaged in eLearning, in particular the CSTDI's Cyber Learning Centre (CLC) which offers online courses for all civil servants. In fact, I also found a lot of online training programmes offered by various institutions on the Internet. The world trend is moving towards online learning which could make very effective use of the trainees' time. The programmes are interactive and include tests to gauge the progress and achievement of trainees. Some of them are supplemented by infrequent lectures just to retain the human element.

Luckily, we also have EGRIN which is already an eLearning platform. A lot of training materials have been deposited in EGRIN. All we need is to kick start a real eLearning programme. I suggest that all elementary EO training should be done online mandatory for junior colleagues. The precious time of our T&D colleagues could then be focused on high level seminars involving important speakers. Of course such seminars could then be transformed into online programmes.

Sunday, September 12, 2004

e-Government strategy

Colleagues may have already received the booklet on e-Government strategy issued by CITB. The title is Government - Creating value for all. If you have not read it, a copy can be viewed at the following link.

It is a follow-up document to 2004 Digital 21 Strategy, and outlines what the government has done and will do on a sustainable e-government strategy. When I read the booklet, I have a feeling that the government is quite determined in this direction and some concrete steps have been taken to implement the strategy.

John Tsang said in the booklet that the Government had placed great importance on e-government work for three reasons-
- First, developing e-government allows us to improve operational efficiency and introduce service improvements to benefit our customers, through technology exploitation and service transformation.
- Second, it is an effective way to drive the wider adoption of IT in the business sector and community.
- And third, it demonstrates the Government's leadership role in promoting Hong Kong's international status as an innovative digital city.

The document is dressed up to present to the public that the government is leading the way in making better use of IT in service delivery. With a slight sense of crisis, one can realize that the scene has been set for the impact of IT both externally in the delivery of public services and internally in the re-engineering of procedures. With the EO grade's mission of resource and system management, we are at the crunching edge of the tide. In order to ride the wave, it has become very urgent for us to sharpen our saw to be developed into professional IT managers, both for doing our bread and butter function of resource and system management, and to get to the turf of IT management of public service delivery systems. It is essential that we should be able to say to our customers that we would provide professional managers to handle any IT management jobs.

The booklet points out that the next wave of e-government would be developed along a "CARING" theme as follows:
- Customer Orientation: developing e-services around customers' needs,
- Customer Migration: driving utilization through creation of customer value and rationalization of channels,
- Accessibility; enhancing the reach and user-friendliness of government information and services,
- Authentication: striking a better balance between ease of use, risk level and security provisions of e-services,
- Re-engineering and Service Transformation: joining up across government departments to provide one-stop and more efficient services,
- Infrastructure: updating our infrastructure to serve the future needs of customers and departments,
- Networking Government: reinforcing the e-culture among government employees, and
- Government Leadership: providing strong leadership to steer the overall development.

Many of these initiatives have affected and will further affect our work. I will examine the detailed description on them in the booklet and compare them with my experience in dealing with some of them.

Thursday, September 9, 2004

Open source systems in government

With all the talks on open source systems, IT managers may wonder what should be done with the large number of software in their office. Most of us are bound by MS Windows both at workstation and server level. How about the free Linus. Don't be intimidated by another type of server administration. IT managers manage the system administrators who are the technical people. We just need to know what is there, its advantages and disadvantages, and to make sure that the technical people are doing their job.

Some salient points:

"Factors to consider in such a cost analysis range from interoperability with existing applications to the relative scarcity of trained Linux support personnel."

"Such concerns may loom larger if a company is governed by a central IT strategy, which would discourage a piecemeal approach to technology adoption."

Are we governed by a central IT strategy? The government is promoting interoperability at a grand scale, i.e. an integrated e-service to the public with interoperability and compatiability at all levels. At the same time, we are not having a standard of basic tools. While IT managers may have interest in open source systems because of their low cost, good support(??), and the chance to get away from Microsoft, the concerns raised also need some consideration. But there is no harm to start a small experiment in the office.

Tuesday, September 7, 2004

Migration to Open Source Systems

My friend KM Chan has some experience on the migration to open source systems as follows.

The considerations mentioned in the article, though valid, are nothing new. As you have pointed out earlier, the choice should not be between Open Source and non-Open Source software but rather the most suitable programs for us. Similarly the migration needs not be an all (Windows) or nothing (but Linux) situation.

I think we can start with some small steps and the guiding principle is to use free software if possible in order to save costs, including licence fees as well as staff costs involved in procurement and inventory-keeping.

(A) The easiest step is to replace those commercial products where the compatibility problem is minimal, e.g. zip, pdf, media player, CD burning. As long as the job is done, it doesn't really matter what software we have used to do it. See my blog entries and for more on zip and pdf.

(B) Next we may consider those software whose compatibility issues will not have a great impact. What I have in mind are e.g. html editor, graphicpackages, flow-charter, publisher. Files produced by these programs are rarely interchanged (edited) outside the organization - in most cases, a read-only finished product will be all that is required and a html or pdf version will be adequate. So there should not be much problem in this category if we can standardize them within the organization.

(C) It is true that is incompatible with Microsoft Office and it will cause us trouble if both programs are used. Yet I believe the impact of such incompatibility is often exaggerated. In our daily office work, what we write are mainly memos and minutes and fancy formatting is in fact not really necessary. And can handle simple MSOffice files quite well. Furthermore, is it really important, say, if we have a few distortions in the format, when we use to complete a form produced by MS Office ? The biggest obstacle is still the users' reluctance to changes. But in the computer world, changes are inevitable - just think of how we have migrated from WordStar to Multimate to WordPerfect and to Word. The migrations were not even triggered by cost-saving concerns.

(D) We can still use Windows for all of the above and the support/training effort will be manageable. The next big step to Linux will be much more difficult but I understand that HK Post have some Linux workstationsinstalled in the post offices where the staff can use them for Internet, e-mail and reading departmental circulars (i.e., where document exchanges are rarely necessary). This reminds me that not all offices are working like what we usually see, where a large number of documents are produced, edited, transmitted and filed. There are in fact many staff who only needto read the documents and submit simple returns, and it is in these sections that Windows can be made redundant.

Monday, September 6, 2004

Open Source System

About a third of businesses plan to migrate at least some Windows machines to Linux, according to a recent survey, but adoption will continue to be both slow and cautious, as companies evaluate a maze of economic factors.

In a report on total cost of ownership for the Linux, Unix and Microsoft Windows operating systems, research company The Yankee Group found that only 4 percent of businesses planned to migrate Unix servers to Linux within the next two years. A total of 11 percent intended to move Windows servers to Linux, while 21 percent proposed to add Linux servers to a predominantly Windows environment.

On the desktop, 36 percent of businesses expected to have a few Linux PCs in their business, but only 5 percent planned a total migration to Linux. A majority--57 percent--planned no changes for Windows on the desktop.

The report cites a number of factors for corporate caution in moving to Linux, most notably the increasingly complex calculations required to determine whether such moves are cost-effective.

"All of the firms would like to reduce the amount of up-front capital expenditure dollars they spend on expensive Windows and Unix software licenses," the report found. "However, they also recognize that in certain instances, a wholesale or significant switch to Linux might reduce up-front costs but result in higher overall costs."

Factors to consider in such a cost analysis range from interoperability with existing applications to the relative scarcity of trained Linux support personnel. "The establishments that have or are seriously considering Linux bemoaned the present dearth and high cost of skilled Linux administrators, even as they praised the open-source operating system's ease of use," the report stated.

Such concerns may loom larger if a company is governed by a central IT strategy, which would discourage a piecemeal approach to technology adoption, Yankee analyst Dana Gardner said.

"The position companies need to look at is whether there's a tactical or strategic role for Linux and open source," Gardner said. "They're looking at what would be a strategic platform that's fully integrated and supported."

The report found that even businesses that were relatively satisfied with Windows are making some use of Linux, however--as a bargaining chip in negotiating with Microsoft on further purchases. "We have no intention of switching to Linux," an unnamed MIS manager is quoted as saying in the report, "but we do find it useful as a stone to throw at Microsoft."

By David Becker
CNET, August 30, 2004