Ask the Expert

Infosec professional's liability

I am in charge of my company's network security and e-mail. My company refuses to authorize or put in place a policy regarding the monitoring of e-mail, Web browsing and telephone conversations. Can employees or ex-employees pursue me legally for liability and compensation for personal damages resulting from my job responsibilities? If so, how can I protect myself?


    Requires Free Membership to View

First, I am NOT an attorney so I cannot offer legal advice, and you should seek advice within the state where you live/work. However, it has been my experience that the company, not the individual, would be held accountable for the actions of an employee when directed by the organization and using company resources.

Work-place privacy (or lack thereof) has been a hotly debated issue and it does not look as though this issue will slow. You may want to draft up a formal request for development and implementation of a Privacy and Monitoring Policy. Also, there could be implications for your company if they need to comply with the EU Directive or Safe Harbor, which require privacy safeguards.

Other reasons for setting policies include:
  • Setting minimum standards and requirements for key activities.
  • Security policies, standards and technical controls assist in providing data integrity.
  • Defining security tasks and responsibilities to the organization.
  • Reducing miscommunication/confusion.
  • Providing instruction on safe computing.
  • Indicating management's intent to safeguard organizational information (critical to success of security program).
  • Reducing liability for negligence and breach of fiduciary duty.
  • Increasing management's awareness of issues at hand.
  • Establishing communication to upper management.
  • Establishing security organizational credibility.
  • Generating user support for information security function through understanding.
  • Establishing mechanisms for disciplinary action, if necessary.


    This was first published in November 2001

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: