From: [email protected] on behalf of Jim Kerns
Sent: Wed 5/5/2010 8:24 AM
To: [email protected]
Subject: [info-tech] PA webcam spying mess
http://www.networkworld.com/news/2010/050410-report-blames-it-staff-for.html?source=NWWNLE_nlt_daily_am_2010-05-05
From: "Fred Johnson" <[email protected]>
Sent: Wednesday, May 05, 2010 10:33 AM
To: <[email protected]>
Subject: Re: [info-tech] PA webcam spying mess
they might want to review their methods of 'covering their tech backsides'
as they are swinging in the breeze with nothing to support them.
As IT professionals we have access to a wealth of information. With access
to all email, web usage logs, surveillance systems, and theft tracking
systems we need to make sure that none of the information is used outside of
school policies.
More than likely your district has a policy on "Locker Search", but even
though a locker is property of the district, the content of the locker is
private. I have always recommended that all potentially private
information, like a users home folder or email, be handled no different than
the districts Locker Search policy. The Locker Search Policies I have seen
typically state that there has to be "just cause" to search and have at
least two people present when the search takes place. If I am correct,
there has to be evidence to support the search, because random locker
searches are not allowed.
If the staff in the webcam incident treated the pictures as personal
property, and as such not reported it, we would not be hearing about it in
the news. That is not to say it is/was OK to just "Snoop" the pictures
captured by the technology. From the district statement I don't find the
activation of the theft locator service problematic. There was a
semi-reasonable cause. As the Theft Location data was personal information
of the student, the data should not have been shared with anyone outside the
theft recovery process. The only justifiable way to use any of the Theft
Location data would have been if the district could have demonstrated
probable cause with evidence not obtained from private data. If they would
have followed their Locker Search policy, if a data search policy did not
exist, I suspect this would not have made the news.
My best advice would be to assume that you have a "For Your Eyes Only"
security clearance to the personal data on the networks you maintain. Read
and Follow your district Locker Search policy and or Data privacy policy if
it exists. Never share any data found that may be seen as personal data,
unless you have a school policy that backs you up. Never assume that
because it is on the district equipment that it belongs to the district,
even if you have a signed AUP stating that.
This is just my rant, and personal opinions. The line you need to watch is
not the access of the data, but rather what you do with the data or
knowledge of the data. I am not a lawyer and anything stated above should
not be taken as legal advice, at least not without the approval of an
attorney.
---
[This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us]
---------------------------------------------------------
Archived messages from this list can be found at:
http://www.mail-archive.com/[email protected]/
---------------------------------------------------------
