

Employee monitoring: When IT is asked to spy - edw519
http://www.computerworld.com/s/article/print/9177981/Employee_monitoring_When_IT_is_asked_to_spy?taxonomyName=Careers&taxonomyId=10

======
openfly
I've been on both sides as well. But here's the deal... as the spying IT guy,
you have to be super careful. Do not be afraid to tell your employer that you
do will not do something if you think it puts you personally in a bad legal
position.

I had one of our legal guys at a job request that I manually review email logs
to look for something for him. My response to that was simple, "fuck no." I'll
grep for strings and patterns and pull you the emails that come up, but there
is no way in hell I am reading someone else's email.

The reason is pretty simple too. I don't want to be a part of your lawsuit. I
don't get paid to be subpoenaed and deposed. If I quit this job or am laid off
I don't want to be getting called up a year, or three down the line just to
show up in court and answer questions about why I was reviewing jane and john
smith's emails to their kids.

Simple fact is, at some point you have to be willing to tell an employer that
what they are asking you to do goes way beyond your pay grade. And protecting
yourself legally comes before anything related to your career advancement.

------
johngalt
Just another instance of applying a wrench to a nail. Why is it that the
receptionist/phone operator isn't asked to listen in on phone calls? Why isn't
she responsible if someone says something stupid over the phone?

If someone is killing time on facebook to the point that it's affecting their
work then the manager should notice the lack of productivity regardless of the
cause. Otherwise if it's not affecting their work then why does it matter?

It's a means of abdicating managerial responsibility. The boss doesn't have to
be the bad guy anymore now it's IT.

------
motters
I was once the IT administrator at a company for many years, and my policy
regarding spying on internet/email communications was that unless something
came to my attention which warranted surveillance of an individual all user
communications would be treated as private and confidential (the same as
regular snail mail). I'd previously attended a security seminar where they
made clear that, at least as far as the laws in the UK were concerned, if you
intercepted an employee's communications or read their emails the reason for
doing that must be one which would stand up to scrutiny in a court case.
Without any specific legally defensible justification, "trawling" style spying
on communications lays the IT administrator exposed to possible criminal
charges.

However, all that was more than five years ago, so things may have changed
since.

------
ax0n
I've been on both sides of this. No one wins.

