Workplace monitoring and the law

[gbugbear at gmail.com (Tim Mugherini)]

Adrian,

This came down in my RSS reader from SANS reading room just this week (have
not had a chance to read it) but thought I would share.

http://www.sans.org/reading_room/whitepapers/compliance/rss/content_monitoring_issues_%EF%BF%BD_legal_and_otherwise_33079

Hope it helps. I think I may read it now myself

On Thu, Oct 15, 2009 at 1:20 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:

> Out of curiosity, does anyone here work with workplace monitoring and the
> law? It seems that under most cases, if a company owns a network, they can
> monitor anything employees do on it, but are there exceptions? For example,
> let's say the company has an "Incidental computer use policy" that allows
> the employees do do some things on the network for personal reasons. An
> employee checks out medical information, or perhaps buys something online
> with a credit card. If the company's monitoring system logs this, and the
> data, what is their liability for having this "Personally identifiable
> information"? Are they allowed to see it?
>
> Also, for public (government) employees, it seems that there are certain
> 4th amendment protections, but I'm still researching these.
>
> Adrian
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091015/59a368ec/attachment.htm