The legal eagle
"Daryl" -- who requested anonymity -- is an IT manager at a midsize industrial manufacturer in the U.K. He strongly believes that IT has the right, and the duty, to monitor employee activity in order to protect the interests of the company.
He once caught an employee who was engaged in criminal activity involving intellectual property that could have resulted in a big financial loss for the company.
He went straight to the CEO, and the employee was dismissed. (For more on violations that cause employees to lose their jobs, read Corporations crack down on digital delinquents.) The employer didn't press charges, however, because "it would've been very embarrassing for the company," Daryl says.
Daryl's complaint is not that he has to police employees, but that he's not allowed to do it properly.
His graduate-level college courses in information security and forensics taught him how to properly preserve electronic evidence so that it is admissible in U.K. courts. For the information from a laptop to be admissible, he says, the hard drive needs to be removed and cloned, and then the clone is examined while the original evidence is left untouched.
But his bosses aren't interested in that. "The process my managers want me to follow is inappropriate," he says -- namely, they advise him to skip the cloning step and examine the hard drive straight off. "It's highly unlikely that they would ever be able to bring a successful prosecution [because] they insist on using a practice that would invalidate any evidence obtained as a result."
Daryl is an exception when it comes to legal knowledge among IT professionals. It's more common that the IT manager doesn't know how to correctly preserve evidence, and probably doesn't even know what information might be legally relevant, says Jason M. Shinn, an attorney with Lipson, Neilson, Cole, Seltzer & Garin PC who specializes in electronic discovery and technology issues in employment law.
That's why both in-house legal counsel and HR should be involved in monitoring activity, he advises.
Percentage of companies that terminated employees when they violated stated policies on the use of:
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts