Recent developments in privacy decisions should have both H.R. departments, internal investigations teams, and employees re-evaluating what is private, and what is not.
A couple recent decisions to be aware of:
This is in progress at the Supreme Court, but is based on a case from California where a police officer used a work issued device to send inappropriate messages (even though his supervisor at one time said that the department allowed personal use if he paid for the usage fees).
http://www.cnn.com/2010/LIVING/worklife/04/20/work.text.email.privacy/index.html?hpt=Sbin
Another recent decision from the New Jersey Supreme Court. The summary is that an employer can not read email messages sent via a third-party email service provider -- even if the emails are accessed during work hours from a company PC. This is a bit more complex because it has to do with communication to legal counsel (privileged communication). But it is an important thing to consider, just because you can see data that is sent via your enterprise systems doesn't mean you are allowed to see it/use it. Another point is that the employer in question had vague or non-existent policies on use of corporate systems and privacy.
http://www.darkreading.com/story/showArticle.jhtml?articleID=224201355
A couple broad considerations:
1) DO have clear and understood policies that your employees have to read that clearly state how you wish to handle usage of company systems for personal use (allowed with no expectation of privacy, not allowed, etc.).
2) Get legal advice before assuming you have the "right" to use data that you find.
3) Consider not allowing your enterprise to access external mail accounts on your production network. These accounts and systems can be a major virus vector as well as an aperture for loss of company data (PHI, PII, Intellectual Property) as well as a privacy risk.
->Pierre
P.S. Just saw this on GeekDad (regarding what kids know about online privacy)
http://www.wired.com/geekdad/2010/04/what-do-your-kids-know-about-online-privacy/
A couple recent decisions to be aware of:
This is in progress at the Supreme Court, but is based on a case from California where a police officer used a work issued device to send inappropriate messages (even though his supervisor at one time said that the department allowed personal use if he paid for the usage fees).
http://www.cnn.com/2010/LIVING/worklife/04/20/work.text.email.privacy/index.html?hpt=Sbin
Another recent decision from the New Jersey Supreme Court. The summary is that an employer can not read email messages sent via a third-party email service provider -- even if the emails are accessed during work hours from a company PC. This is a bit more complex because it has to do with communication to legal counsel (privileged communication). But it is an important thing to consider, just because you can see data that is sent via your enterprise systems doesn't mean you are allowed to see it/use it. Another point is that the employer in question had vague or non-existent policies on use of corporate systems and privacy.
http://www.darkreading.com/story/showArticle.jhtml?articleID=224201355
A couple broad considerations:
1) DO have clear and understood policies that your employees have to read that clearly state how you wish to handle usage of company systems for personal use (allowed with no expectation of privacy, not allowed, etc.).
2) Get legal advice before assuming you have the "right" to use data that you find.
3) Consider not allowing your enterprise to access external mail accounts on your production network. These accounts and systems can be a major virus vector as well as an aperture for loss of company data (PHI, PII, Intellectual Property) as well as a privacy risk.
->Pierre
P.S. Just saw this on GeekDad (regarding what kids know about online privacy)
http://www.wired.com/geekdad/2010/04/what-do-your-kids-know-about-online-privacy/
Comments