Manager wants IT to spy on employees: How to respond?

IT has a lot of ways to spy on employees” behavior, data and other information. But that doesn”t mean they should be put to use. 

Insider threats come in various forms. Sometimes, current or former employees steal data to bring to a new employer. Other times, disgruntled workers intentionally sabotage the company”s operations.

But there are other malicious insiders who pose threats to their co-workers” personal privacy — and they can cause serious legal problems for their companies.

In one recent example, a New York police officer was arrested after allegedly stealing personal information of about 30 people, including 19 other NYPD officers.

According to the charges, Edwin Vargas  to steal log-in credentials for the personal email accounts of his co-workers and others. Officials said Vargas may have been motivated by suspicions that the mother of his child was engaging in infidelity.

Vargas is being charged with computer hacking and conspiracy to commit computer hacking and faces a maximum one-year prison sentence for each.

Watch out for violations of privacy

While this case involved a group of outside hackers and a personal conflict, it”s also easy to imagine a situation in which a manager comes to IT for help snooping on a personal email account or gathering other information.

For example, a manger might suspect that the employee is committing a serious policy violation and wants access to the worker”s personal email account to investigate. How should an IT employee respond to that request?

The first step should be to use common sense and think about whether the manager has a legitimate need for the information or is overstepping his or her bounds.

Next, it”s important to keep in mind that courts typically decide accusations of privacy violations depending on whether the employee had a reasonable expectation of privacy. For example, when people use their corporate email accounts, they shouldn”t expect what they say to remain private, because they”re using a company account on company equipment, and the messages are stored on the company”s network.

However, in the case of a personal email account that a manager needs to steal a password in order to get into, an employee may have a claim that his or her privacy was violated.

And finally, it”s critical that the company follows it”s own policies. Employees should be notified about all monitoring that may occur when they use their computers at work, and IT should never go beyond what”s laid out in that notice.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy