« Is Social Media a Fad? | Main | Driving E-mail To The Cloud »

Keeping Data Safe From IT Snoops Wed 21 Apr 10

How to improve data security and privacy.

Laptop looking truthout A Pennsylvania school district made headlines recently with accusations that two of the district's IT employees were spying on students and took "thousands" of pictures of students in their homes without their knowledge, using the cameras in their school-supplied laptops. The school district contends that the ability to remotely take pictures was a security feature used solely to help locate lost or missing laptops. The situation came to light when the school district accused a student of selling drugs based on pictures taken remotely via the laptop that was assigned to the student, although it had not been reported lost or stolen.

The incident could start making everyone wonder about information technology's role in protecting data and privacy. It begs the question: Who watches the watchers?

IT has the keys to all the sensitive data in your company. This includes not only payroll and personnel records, but also financial records, trade secrets and intellectual property, data regarding pending acquisitions, product launches or other strategic decisions. A rather scary thought if you don't trust your IT folks.

Fortunately there are a number of things IT leaders can and should do to show they take this role seriously and are handling it properly.

The first and most obvious is that not everyone in IT needs to be able to access all of the data. Limit access to sensitive data to only those who need it to perform their duties. People with the ability to see payroll data shouldn't typically also have access to financial records.

IT leaders need to recognize that this also applies to them. Just because you're the chief information officer and your people need access to sensitive data doesn't mean you do. Resist the urge to be the "mighty and all-powerful Oz" with access to everything as a way to boost your importance. Set the right example and make sure you limit your own access.

If possible, add a formal security role. This job isn't just about limiting access and changing passwords. It involves looking at all of the processes from the user side as well as within IT. It is important that this role audit compliance and educate users and IT alike about security issues.

Remind employees that they work in the IT department, not the police department. Unless they've been given specific security duties, IT people should not be independently looking for wrongdoing or trying to catch people at something. If in the course of their duties they discover something suspicious, they should alert the appropriate supervisor and not try to investigate it themselves. Going off on your own to check someone's Internet usage is more likely to get you fired than the person who wasted too much time surfing the Internet.

All information technology employees should know the importance of security and privacy and that their actions can significantly affect the effectiveness and reputation of the department. Company-wide, employees need to know that they can trust IT to protect their data and to not snoop out of idle curiosity.

One way to do this is to formalize all of these concepts in a data privacy policy outlining how IT employees are to handle data and privacy concerns. Rather than writing a policy that is filed away, have your IT employees sign a statement annually that they have read the policy, understand it and agree to comply to keep it fresh in their minds and to reinforce the importance of the issue.

We have to not only secure users’ data and privacy but ensure that they know it is secured and they can trust us to keep it that way.

"Laptop Looking" photo by Trouthout.org / CC BY 2.0

This article is also posted on Forbes.com.  Feel free to join in the discussion either on this site or at Forbes.com

If this topic was of interest, you might also like these:

            Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed


TrackBack URL for this entry:

Listed below are links to weblogs that reference Keeping Data Safe From IT Snoops:



tell_a_friend Tell a Friend About Mike's Blog

Creative Commons License 
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.

My photos on
Mike Schaffner's items Go to Mike Schaffner's photostream

Free Subscriptions
  Free RSS Subscription

Free RSS Subscription

For An Email Of New Articles
Enter your email address:

Read On Your Mobile Device


Join the Conversation
Subscribe to Comments
  Free RSS Subscription

For New Comments Email
Enter your email address:

This is the personal blog of Michael W. Schaffner. The opinions expressed in this blog are soley mine and those of commenters. You should not infer that these opinions are the opinion of or have been endorsed by any current or former employer.

Please review the Privacy Policy.   I do love comments and trackbacks but I do reserve the right to remove any that don't comply with the Comments and Trackback Policy.  Rather than clutter up the front page with badges and statistics that are of little interest to anyone other than me I thought it would be best to establish a separate page for statistics and rankings.

Copyright © 2006, 2007, 2008, 2009 Michael W. Schaffner       You may copy or quote sections of this blog if you provide an attribution consisting of a reference to the Michael Schaffner and ''Beyond Blinking Lights and Acronyms" along with a hyperlink (if a web reference) to the blog posting.     

Creative Commons License 
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.