Infosec professional's liability

I am in charge of my company's network security and e-mail. My company refuses to authorize or put in place a policy regarding the monitoring of e-mail, Web browsing and telephone conversations. Can employees or ex-employees pursue me legally for liability and compensation for personal damages resulting from my job responsibilities? If so, how can I protect myself?

First, I am NOT an attorney so I cannot offer legal advice, and you should seek advice within the state where you live/work. However, it has been my experience that the company, not the individual, would be held accountable for the actions of an employee when directed by the organization and using company resources.

Work-place privacy (or lack thereof) has been a hotly debated issue and it does not look as though this issue will slow. You may want to draft up a formal request for development and implementation of a Privacy and Monitoring Policy. Also, there could be implications for your company if they need to comply with the EU Directive or Safe Harbor, which require privacy safeguards.

Other reasons for setting policies include:
  • Setting minimum standards and requirements for key activities.
  • Security policies, standards and technical controls assist in providing data integrity.
  • Defining security tasks and responsibilities to the organization.
  • Reducing miscommunication/confusion.
  • Providing instruction on safe computing.
  • Indicating management's intent to safeguard organizational information (critical to success of security program).
  • Reducing liability for negligence and breach of fiduciary duty.
  • Increasing management's awareness of issues at hand.
  • Establishing communication to upper management.
  • Establishing security organizational credibility.
  • Generating user support for information security function through understanding.
  • Establishing mechanisms for disciplinary action, if necessary.

  • This was first published in November 2001

    Dig Deeper on Security Resources



    Find more PRO+ content and other member only offers, here.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.



    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: