Adrian, This came down in my RSS reader from SANS reading room just this week (have not had a chance to read it) but thought I would share.
http://www.sans.org/reading_room/whitepapers/compliance/rss/content_monitoring_issues_%EF%BF%BD_legal_and_otherwise_33079 Hope it helps. I think I may read it now myself On Thu, Oct 15, 2009 at 1:20 PM, Adrian Crenshaw <[email protected]>wrote: > Out of curiosity, does anyone here work with workplace monitoring and the > law? It seems that under most cases, if a company owns a network, they can > monitor anything employees do on it, but are there exceptions? For example, > let's say the company has an "Incidental computer use policy" that allows > the employees do do some things on the network for personal reasons. An > employee checks out medical information, or perhaps buys something online > with a credit card. If the company's monitoring system logs this, and the > data, what is their liability for having this "Personally identifiable > information"? Are they allowed to see it? > > Also, for public (government) employees, it seems that there are certain > 4th amendment protections, but I'm still researching these. > > Adrian > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
