If someone is employed, there are things that are not done in terms of monitoring (no real-time screen watching, no accessing exchange mailbox data, etc.), but once Joe Smith is released, can/should a search of the user jsmith be conducted? Should jsmith's profile be searched for unauthorized websites, logs, old emails sent to other companies, etc....as a way to learn what to look for going forward?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
When a person is terminated, does that 'user account' have any rights?
- Thread starter mdcr
- Start date
CajunCenturion
Programmer
Sounds like you're setting up a catch-22.
The search of jsmith's profile as a way to learn what to look for going forward is behavior profiling, but it can only be useful is compared against someone else's behavior profile.
However, if the suspect profile is only built after termination -- suggested by your things not done caviat -- then you have no active profile against which to compare. You cannot know if any active employee fits the profile unless you profile the active employee as well.
--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
The search of jsmith's profile as a way to learn what to look for going forward is behavior profiling, but it can only be useful is compared against someone else's behavior profile.
However, if the suspect profile is only built after termination -- suggested by your things not done caviat -- then you have no active profile against which to compare. You cannot know if any active employee fits the profile unless you profile the active employee as well.
--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
SimonDavies
MIS
Surely you would be far better off getting the information from your security products (firewall logging, email logging etc).
That way you already have a method in place for stopping access to particular websites\email domains.
Simon
The real world is not about exam scores, it's about ability.
That way you already have a method in place for stopping access to particular websites\email domains.
Simon
The real world is not about exam scores, it's about ability.
I'm confused on whether your asking an ethical question or a legal question. The legal answer is going to depend on where the company is located. I know that in the UK and the rest of the EU they have stricter privacy laws. In the US the user account and any data stored on the servers is the property of the company. They can basically monitor your computer use in any way they see fit if they want to, regardless of whether you are actively employed or not.
Ethically, I'd say that you're covered either way. The computer and associated accounts are provided by the company for conducting company business. The company is certainly allowed to monitor it's business activities and the tools used for them, aren't they?
________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Hyper-V
MCTS:System Center Virtual Machine Manager
MCSE:Security 2003
MCITP:Enterprise Administrator
Ethically, I'd say that you're covered either way. The computer and associated accounts are provided by the company for conducting company business. The company is certainly allowed to monitor it's business activities and the tools used for them, aren't they?
________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Hyper-V
MCTS:System Center Virtual Machine Manager
MCSE:Security 2003
MCITP:Enterprise Administrator
I think the same rules should apply for employees and ex-employees. Privacy is not a matter of "presence".
So if you feel legally and ethically comfortable with doing that with a "live" employee, I think it's ok for and old employee.
From my point of view, there's no justification unless any kind of bad behaviour has been detected and proved previously.
Cheers,
Dian
So if you feel legally and ethically comfortable with doing that with a "live" employee, I think it's ok for and old employee.
From my point of view, there's no justification unless any kind of bad behaviour has been detected and proved previously.
Cheers,
Dian
DonQuichote
Programmer
- Nov 9, 2001
- 980
- 0
- 0
I think this is a bit of an odd question. If the user was suspect, I expect that the search was done before he was fired and may even have led to his employment termination.
If he is suspect after leaving (say, some of your customers report some tricky behaviour of him), you probably still have a legal conflict.
If there is no conflict, there should not be a breach of privacy. Whether the person is still employed or not matters less, I think.
But I am not a lawyer. Speak to your company's lawyer if you want to know.
+++ Despite being wrong in every important aspect, that is a very good analogy +++
Hex (in Darwin's Watch)
If he is suspect after leaving (say, some of your customers report some tricky behaviour of him), you probably still have a legal conflict.
If there is no conflict, there should not be a breach of privacy. Whether the person is still employed or not matters less, I think.
But I am not a lawyer. Speak to your company's lawyer if you want to know.
+++ Despite being wrong in every important aspect, that is a very good analogy +++
Hex (in Darwin's Watch)
- Thread starter
- #7
Typically, when an employee leaves (whether terminated or not), we'll go through the PC to ensure that client or company files haven't been left on the hard drive. Through the course of searching through the PC, usually logged in as the user/ex-user to make sure that everything he/she saw or used was visible, if we find items/files/pictures of a sensitive nature, how should that be handled? It is in the company's interest to make sure that we keep track of their data, so we have to check on the ex-users' PCs. This could be done across the board, so we're not cherry-picking the PCs that we search. One possibility, though, is that the ex-user had correspondence with a still current employee, and record of that is on the ex-user PC, so who's rights take priority - the Company in checking an old user's PC, or the current worker who's information could be on that PC? Just trying to come up with different scenarios to throw out...I think it is an emerging field that has not had a lot of precedent...
- Status
