Skip the navigation
Opinion

What's behind the rash of employee cybersnooping?

By Jay Cline
July 17, 2008 12:00 PM ET

It seems like a month doesn't go by anymore without news of another celebrity's personal data being peeked at by some employee at some workplace where the files are kept. It's news when Britney Spears' hospital records or Barack Obama's passport files get perused. But do these incidents represent a growing risk that privacy and security officers need to move up on their agendas?

Certainly we're hearing about more of these incidents. Among the more recent ones:

  • In July, the State Department reported that employees had accessed nine "high-profile" passport files -- including those of Obama, Hillary Clinton, John McCain and Anna Nicole Smith — more than a hundred times. A subsequent audit of the files of 150 celebrities revealed that during the past six years, 127 of them had been accessed more than 4,000 times total.
  • In May, five IRS workers were charged with computer fraud and unauthorized access to tax files beginning in 2005.
  • The same month, a TV news anchor in Philadelphia came under investigation for allegedly reading the private e-mail of his co-anchor for several years.
  • In April, the UCLA Medical Center detected that different groups of employees and unauthorized doctors since 1995 had been accessing medical records of celebrities such as Tom Cruise, Farrah Fawcett and Spears. At least one of the employees has been indicted for selling the data to media outlets.
  • In February, Wisconsin utility giant WE Energies learned that employees had been routinely accessing customer information of local celebrities and others as far back as 2004.

But is there truly more employee snooping, or just more reports of it? One perspective says that we're hearing about more of these incidents because we're getting better at detecting them — not necessarily because they're increasing in number.

Advocates of this point of view cite three recent developments: the PCI Data Security Standard has prompted an increase in system logging and monitoring, corporations and academia have boosted their deployment of privacy breach-response plans to comply with various states' breach-notification laws, and federal agencies have done likewise to comply with a directive promulgated in the aftermath of the Department of Veterans Affairs laptop breach.

These are compelling points, but I don't agree with the conclusion.

If you look at the details of the cases above, they don't appear to be the result of improved execution of privacy breach-response plans. Rather, the perpetrators are getting busted by auditors and the data subjects themselves.

I do think there's more snooping going on. In June, Cyber-Ark Software Inc. released a survey of 200 IT professionals attending an Infosecurity Exhibition Europe conference the previous month. One-third admitted to using their system access to peek at other employees' personal information.

Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Privacy White Papers
Overcome Top 7 Admin Challenges of Active Directory
As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
Insiders Can Ruin Your Company. Take Action.
Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
Top Solutions and Tools to Prevent Devastating Malware
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
Streamline Compliance and Increase ROI
Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
X-Ray of the PCI Process-4 Proactive Steps
This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
All Privacy White Papers
Privacy Webcasts
A Road Map for Best Practice Social Media Acceptable Use Policy
Organizations around the world are racing to leverage the power of social media for business. Sites like Facebook are used for marketing, human...
Data Protection and Disaster Recovery with iSCSI and VMware
Get this on demand webcast now
Optimizing Networks for the Cloud
Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
All Privacy Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs