Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

California Senate passes e-mail privacy bill


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:11:56 PM

Posted 31 May 2004 - 08:22 AM

The comments below are from my own experiences in the security field. I agree with most of this in principle though.

California Senate passes e-mail privacy bill
http://zdnet.com.com/2110-1105_2-5220883.html

COMMENTS

I agree that employees should be notified on corporate monitoring activities and know in advance the privacy expectations of Internet, email, and other resources. We did this as a courtesy in our workplace from day one when we implemented our Internet connection in 1997. It made a difference in preventing a lot of unfortunate and unpleasant situations (e.g., having to fire someone for misusing the Internet at work).

When I helped formulate our corporate security policies at work, we had "banner messages" on all systems, telling our professionals that "monitoring was in place for security purposes" and "information resources are primarily for business use only". I even helped back in 1985 with ACF2 implementation on our IBM mainframe and we had this type of banner message present.

Security monitoring was also highlighted in corporate policies that employees signed annually and even emphasized in a letter by our company president and on our Intranet security site containing all corporate policies.

Finally, it's very important to keep logged information secure and private, as it can be misused by uninformed individuals. Only managers working through HR could get information for a specific employee. The security team should work with their corporate legal team in ADVANCE of having to use this, so that all the i's are dotted on the right way to handle violations.

I think this type of notification protects the employers (from legal action, where an employee might say "you didn't tell me" - even though it might be assumed) and employees (so they know they'd better conduct themselves appropriately in the workplace). Still, it's ashamed that a law is needed for something that should be standard operating procedures for any business.

BC AdBot (Login to Remove)

 


m



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users