Presentation is loading. Please wait.

Presentation is loading. Please wait.

Employee Privacy & Monitoring Technologies November 16, 2006 TBTLA Andy Swenson Len Chiacchia Chris Favaloro Mark Wright.

Published byElizabeth Cannon Modified over 9 years ago

Similar presentations

Presentation on theme: "Employee Privacy & Monitoring Technologies November 16, 2006 TBTLA Andy Swenson Len Chiacchia Chris Favaloro Mark Wright."— Presentation transcript:

1 Employee Privacy & Monitoring Technologies November 16, 2006 TBTLA Andy Swenson Len Chiacchia Chris Favaloro Mark Wright

2 Agenda Employee Privacy Is Monitoring ethical and legal? Why Monitor? Monitoring Technologies Maintaining Implementing

3 Employee Privacy Privacy Defined : “The right to be left alone-the most comprehensive of rights, and the right most valued by a free people” - Justice Louis Brandeis (1928)

4 Ethical Is Monitoring Ethical? Depends on the View Employee View Want their Freedom Monitoring may feel like Big Brother May effect productivity or employee loyalty Company View Responsible for Protecting the Stakeholders Labeling Branding Trademarks Copyrights

5 Legal Is Monitoring Legal? Federal Law The Electronic Communications Privacy Act of 1986 (ECPA) Allows companies to monitor employees emails and track usage if one of three stated provisions are adequately met. Employee has given consent Legitimate business reason Company needs to protect itself

6 Legal Is Monitoring Legal? State Law The 2006 Florida Statutes – Chapter 934.03 Allows companies to monitor employees as long as All Parties Consent

7 Why Monitor Required Financial Securities and Exchange Commission's Code of Federal Regulations (CFR) 17a-3 and 17a-4) 3 – 6 years or longer depending on the data Must be readily accessible for first 2 years Sarbanes-Oxley Auditing Firms – All Communications -7 years GAAP – General Accepted Accounting Principles GAPP – General Accepted Privacy Principles

8 Why Monitor Required Medical HIPAA (HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996) “the clinical record retention rules for a given jurisdiction would govern as to the length of time the record must be preserved” American Psychiatric Association Council on Psychiatry and Law

9 Why Monitor Required ISPs- Internet Service Providers 1986 ECPA (Electronic Communications Privacy Act) Currently Requested to keep data for 90 days Proposed Dept of Justice and FBI wants data kept for 2 years ~USAToday; June 2006~

10 Why Monitor Protection/Liability Email IM – Instant Messaging Chat Room Discussion Databases Financial – (Non-Company Chat/Discussion Boards) Can be considered Public Appearances by NASD

11 Survey According to a 2005 Survey by the American Management Association: Privacy Rights Clearinghouse, 2006 75% of employers monitor their employees' web site 65% use software to block connections to web sites 50% review and retain electronic mail messages. 80% of employers disclose their monitoring practices to employees 84% of employers have established policies governing e-mail use 81% have established policies governing personal Internet use

12 Survey According to a recent report from Business Performance Management Forum and AXS-One Inc: Senior Executives and subject matter Experts Interviewed NO Technologies or Policies in place to Handle a Legal Discovery Order NO Corporate Policy To Cover Electronic Records Mgmt Didn’t Know If They Had A Policy Enterprise Storage Forum, 2006

13 Applications Applications currently can record : Emails Sent and Received Instant Messages Key logging – Recording of keystrokes P2P file transactions Websites visited

14 Applications Secure Computing (A.K.A.CipherTrust) Offers Numerous Software Packages Web Gateway Messaging Gateway Network Gateway Identity and Access Management

15 Applications Akonix Five Different Appliance Technologies for Protection L7 Enterprise L7 Enforcer L7 Skype Manager L7 Remote Security Manager L7 Builder

16 Applications Websense Web Security Spyware and Keylogging Malicious Mobile Code Phishing and Pharming Secure IM Attachments Web Filtering Employee Productivity Bandwidth Management Legal Liability

17 Applications Websense Endpoint Security Internal Attack Prevention Application Content Control External Threat Mitigation Removable Media Management Remote Endpoint Protection

18 Maintaining All of these systems require additional costs Central Server (Refer to software requirements) Administrator to monitor system and make sure data is secure Policy implemented and in place before using the software Policy should be annually instated and reviewed by employees.

19 Implementation Define the Scope Monitoring (Too Much, Too Little) The Right People Fit the Person to the Job Personally Screen Remember “Loose Lips Sink Ships” Trained – Technical Forensics Privacy Administrator Chief Privacy Officer CISSP Certified Certified Information Systems Security Professional IAPO Certified International Association of Privacy Officers

20 Implementation Written Policy Handbook Signed Agreement Internal Web Site Training Employees Management Legally Sufficient "One of the biggest problems is the ambiguity with which these regulations are drafted,“ Peter Gerr - Analyst with Enterprise Storage Group

21 Implementation Data Storage/Retrieval Security of the Data Retrieving the Data Tamperproof Metadata

22 Litigation Effective December 1, 2006 New Civil Laws http://www.uscourts.gov/rules/newrules6.html “regarding a company's duty to preserve and produce electronically stored information (ESI) in the face of litigation or pending litigation” Civil Rules 16, 26, 33, 34 and 37

23 Above ALL Get Corporate Counsel

24 Thank You WWW.TB-TLA.ORG Andy Swenson Len Chiacchia Chris Favaloro Mark Wright

Download ppt "Employee Privacy & Monitoring Technologies November 16, 2006 TBTLA Andy Swenson Len Chiacchia Chris Favaloro Mark Wright."

Similar presentations

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.

Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Business Plug-In B7 Ethics.

Business Plug-In B7 Ethics.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
The CPA Profession Chapter 2.

The CPA Profession Chapter 2.
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
EMPLOYEE USE OF COMPANY E-MAIL MONITORING & PRIVACY ISSUES.

EMPLOYEE USE OF COMPANY MONITORING & PRIVACY ISSUES.
FOR EMPLOYEE MONITORING By: Tabitha Seehousen Section: 1055-21 August 11, 2010.

FOR EMPLOYEE MONITORING By: Tabitha Seehousen Section: August 11, 2010.

Similar presentations

Ads by Google