3 min read

How Do IT Workers Know How To Act?

Figuring out what IT workers should look at, shouldn?t look at, and what liability lies in between is not as easy as it, uh, looks.
Figuring out what IT workers should look at, shouldn?t look at, and what liability lies in between is not as easy as it, uh, looks.I recently wrote a satirical column (moi?) for InformationWeek magazine on the responsibility of IT workers who have access to sensitive data and personal files to respect propriety and the right to privacy in the workplace. It was based on a survey of IT workers by a company called Cyber-Ark Software, in which one in three admitted snooping through company systems and peeking at confidential information such as salary data, personal e-mails, private files, and HR background. Cyber-Ark said one IT administrator even laughed out loud as he answered the survey. ?Why does it surprise you that so many of us snoop around your files,? he said. ?Wouldn?t you, if you had secret access to anything you can get your hands on??

Now, that?s too good not to have a little fun with. But an IT manager wrote to take me to task for making light of a very serious subject. Here?s what he said:

?The importance of work ethics and the possibility of abuse of access privileges cannot be denied. I, myself, am dedicated to the professional ethics and standards usually adopted by consultants regarding confidentiality--keep your mouth shut, don't reveal anything to third parties. I have no problem, for example, signing NDAs. But in my own case, it's hardly necessary. Anything I learn, I keep to myself. Frequently, coming across confidential or sensitive information is inadvertent; the task at hand may require reviewing the contents of files, for example, and it may not be possible to do what is needed if you don't have administrator level privileges.

The more worrisome and potentially disastrous problem, IMHO, is that with those privileges comes the possibility of very serious legal threats. We are faced constantly with the triple-threat of corporate policy, state laws, and federal laws that jeopardize our well being with legal retaliation and punishment for unauthorized access of equipment and data. It's no laughing matter--the mere false accusation of even a minor infraction can result in massive financial hardship and loss, just in the attempt to defend yourself, as a number of workers in the IT industry have already discovered for themselves. Many IT workers continue to do their jobs without actual explicit written authorization or consent from their employers to access and handle their systems; for them, it is merely "implied" that they have that consent, since they are employees. But how far does that implication go if you are faced with felony charges??

What do you think? Should IT workers have access rights written into their contracts? Should there be indemnity for IT workers who accidentally run across competitive or confidential information, or illegal content such as child pornography? Should there be an IT Workers Code of Ethics?