IT Leadership // CIO Insights & Innovation
05:51 PM
John Soat
John Soat
Simplify Security & Management of Office 365
Nov 17, 2016
If your organization is moving to Office 365, you're facing the challenge of dealing with identity ...Read More>>

How Do IT Workers Know How To Act?

Figuring out what IT workers should look at, shouldn?t look at, and what liability lies in between is not as easy as it, uh, looks.

Figuring out what IT workers should look at, shouldn?t look at, and what liability lies in between is not as easy as it, uh, looks.I recently wrote a satirical column (moi?) for InformationWeek magazine on the responsibility of IT workers who have access to sensitive data and personal files to respect propriety and the right to privacy in the workplace. It was based on a survey of IT workers by a company called Cyber-Ark Software, in which one in three admitted snooping through company systems and peeking at confidential information such as salary data, personal e-mails, private files, and HR background. Cyber-Ark said one IT administrator even laughed out loud as he answered the survey. ?Why does it surprise you that so many of us snoop around your files,? he said. ?Wouldn?t you, if you had secret access to anything you can get your hands on??

Now, that?s too good not to have a little fun with. But an IT manager wrote to take me to task for making light of a very serious subject. Here?s what he said:

?The importance of work ethics and the possibility of abuse of access privileges cannot be denied. I, myself, am dedicated to the professional ethics and standards usually adopted by consultants regarding confidentiality--keep your mouth shut, don't reveal anything to third parties. I have no problem, for example, signing NDAs. But in my own case, it's hardly necessary. Anything I learn, I keep to myself. Frequently, coming across confidential or sensitive information is inadvertent; the task at hand may require reviewing the contents of files, for example, and it may not be possible to do what is needed if you don't have administrator level privileges.

The more worrisome and potentially disastrous problem, IMHO, is that with those privileges comes the possibility of very serious legal threats. We are faced constantly with the triple-threat of corporate policy, state laws, and federal laws that jeopardize our well being with legal retaliation and punishment for unauthorized access of equipment and data. It's no laughing matter--the mere false accusation of even a minor infraction can result in massive financial hardship and loss, just in the attempt to defend yourself, as a number of workers in the IT industry have already discovered for themselves. Many IT workers continue to do their jobs without actual explicit written authorization or consent from their employers to access and handle their systems; for them, it is merely "implied" that they have that consent, since they are employees. But how far does that implication go if you are faced with felony charges??

What do you think? Should IT workers have access rights written into their contracts? Should there be indemnity for IT workers who accidentally run across competitive or confidential information, or illegal content such as child pornography? Should there be an IT Workers Code of Ethics?

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll