Skip the navigation
)
Opinion

What's behind the rash of employee cybersnooping?

July 17, 2008 12:00 PM ET

It seems like a month doesn't go by anymore without news of another celebrity's personal data being peeked at by some employee at some workplace where the files are kept. It's news when Britney Spears' hospital records or Barack Obama's passport files get perused. But do these incidents represent a growing risk that privacy and security officers need to move up on their agendas?

Certainly we're hearing about more of these incidents. Among the more recent ones:

  • In July, the State Department reported that employees had accessed nine "high-profile" passport files -- including those of Obama, Hillary Clinton, John McCain and Anna Nicole Smith — more than a hundred times. A subsequent audit of the files of 150 celebrities revealed that during the past six years, 127 of them had been accessed more than 4,000 times total.
  • In May, five IRS workers were charged with computer fraud and unauthorized access to tax files beginning in 2005.
  • The same month, a TV news anchor in Philadelphia came under investigation for allegedly reading the private e-mail of his co-anchor for several years.
  • In April, the UCLA Medical Center detected that different groups of employees and unauthorized doctors since 1995 had been accessing medical records of celebrities such as Tom Cruise, Farrah Fawcett and Spears. At least one of the employees has been indicted for selling the data to media outlets.
  • In February, Wisconsin utility giant WE Energies learned that employees had been routinely accessing customer information of local celebrities and others as far back as 2004.

But is there truly more employee snooping, or just more reports of it? One perspective says that we're hearing about more of these incidents because we're getting better at detecting them — not necessarily because they're increasing in number.

Advocates of this point of view cite three recent developments: the PCI Data Security Standard has prompted an increase in system logging and monitoring, corporations and academia have boosted their deployment of privacy breach-response plans to comply with various states' breach-notification laws, and federal agencies have done likewise to comply with a directive promulgated in the aftermath of the Department of Veterans Affairs laptop breach.

These are compelling points, but I don't agree with the conclusion.

If you look at the details of the cases above, they don't appear to be the result of improved execution of privacy breach-response plans. Rather, the perpetrators are getting busted by auditors and the data subjects themselves.

I do think there's more snooping going on. In June, Cyber-Ark Software Inc. released a survey of 200 IT professionals attending an Infosecurity Exhibition Europe conference the previous month. One-third admitted to using their system access to peek at other employees' personal information.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
Additional Resources
Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Privacy White Papers
Practice Management: Double Billing Rate and Improve Patient Services
Would you like to double your billing rate and achieve faster payment for services?

Download this customer success story to see how One Health...
Mission Critical Data Explosion and Customer Case Study
Would you like to double your tier 1 storage capacity while simultaneously reducing your storage footprint?

Download this customer success story to see how...
Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios
Read this new eBook to learn the top five scenarios and essential best practices for preventing database attacks and insider threats.
Database Activity Monitoring Is Evolving
Read the analyst report and learn how you can leverage the core capabilities of a DAP solution for better database security.
Establishing a Strategy for Database Security is No Longer Optional
The options for securing increasingly valuable databases are very broad and deep, and can be confusing. This research provides an overview of three...
All Privacy White Papers
Privacy Webcasts
Close a Dangerous Vulnerability: Automated Methods for Managing Admin Rights
In this exclusive webcast from Viewfinity, you'll hear how to leverage Group Policy Object settings to close this vulnerability by elevating privileges for...
Data Protection and Disaster Recovery with iSCSI and VMware
Get this on demand webcast now
Distributed Database Security with Real-time Monitoring
View this demo and learn how IBM InfoSphere Guardium database activity monitoring can help protect your sensitive data in distributed DBMS environments with...
InfoSphere Warehouse Packs Demo
These flash modules make warehousing more tangible and relevant to business users through detailed explanations of the InfoSphere Warehouse Packs.
Delivery Management -- Extending Lifecycle Management
Date: Wednesday, June 20, 2012, 1:00 PM EDT

Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs,...
All Privacy Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs