Legal Brief: When The Unthinkable Becomes A Reality - InformationWeek
IoT
IoT
Business & Finance
Commentary
3/4/2003
02:07 PM
Commentary
Commentary
Commentary
50%
50%

Legal Brief: When The Unthinkable Becomes A Reality

InformationWeek.com's informal poll shows that 51% of respondents' companies don't have policies regarding child pornography.

Child-pornography images are showing up in the most unlikely places--the desktops of professors and senior executives, lawyers, teachers, and others you would never have suspected, even your trusted employees. What would you do if the police heard about this before you did, directly from another one of your employees?

Suddenly, your carefully crafted Internet-use policy doesn't give you the coverage you expected. How should you deal with the contraband you discover on your company's computers? How should you handle the police, the employee who is implicated, and the employee who called the police?

The time to think about these questions is now. Being prepared, and preparing your employees, can make the difference between a difficult situation and a public-relations and legal disaster. To do that, you need to have a policy in place and procedures that implement that policy. Then you need to make sure that those policies and procedures are communicated to your employees.

First, review your existing Internet-use policy. Does it contain a provision dealing with criminal activities? What about pirated software and music? Have you created a procedure through which people can report abuses of the policy?

Next comes the hard part. You need to decide whether to report criminal activity to authorities or handle it as an internal matter. Many companies elect not to report employees' criminal activities to law enforcement. They handle these activities as a violation of company policy. Should your decision for handling discovered criminal activity depend on the type of activity involved? Are you more likely to forgive music pirating than child pornography? You need to work out these issues in advance and consult with your legal advisers. Failure to take action when you discover criminal activity may result in the company itself facing criminal charges.

Once the parameters are decided, create written policies and procedures that deal with criminal activities that are found on your computer system. They should include a description of the kinds of actions that are illegal, as well as a statement that they are only some examples. They should also include to whom and how violations should be reported. Make sure employees know that ignoring procedures is a violation of company policy and can be disciplined as such. Make sure the policy is signed by everyone.

Then you need to establish methods of investigation. Investigating child pornography is especially tricky. It doesn't take much for the investigator to violate the law. Possession, downloading, printing, or saving child-pornography images, in any format, or delivering it to anyone else is illegal, even when you intend to report it to legal authorities. When child pornography is suspected, law enforcement or private consultants trained in this area should be called, and the computer isolated immediately.

For a checklist on preparing an appropriate policy, see "Tips For Writing A Criminal-Activity Policy".

Parry Aftab is a cybercrime expert and a privacy and security lawyer. She can be reached at http://www.aftab.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll