Tonight I’m again debating the subject of Employee Monitoring at a CISO dinner. I’ve already posted some thoughts on this subject. But I’ve noticed quite a lot of interest and debate now being generated as CISOs and journalists begin to consider the impact of new technology from Chronicle Solutions that enables any organisation to mount blanket surveillance on their employee’s communications.
The quintessential issue is just how far we should go in exploiting this unprecedented capability. Because it has tremendous potential for business efficiency but it can also trample all over your employee’s human rights.
Most responsible organisations will only examine staff emails as part of a formal, authorised security investigation. There should be no random fishing for potential wrongdoings. But security investigations can be broad in scope. And once you have the capability to search across all staff communications there is a clear potential for scope creep. You’re not restricted by a need to request access to each individual user’s emails.
And when you look at what’s actually going on in any organisation, you’ll find an awful lot of disturbing things that you wished you hadn’t seen.
Comments (1)
Just how widespread is content monitoring today in the UK? There are quite a few products on the market that perform this function, often termed "information leakage prevention", on a continual basis on the host and/or in the network. This is beyond your comment, "Most responsible organisations will only examine staff emails as part of a formal, authorised security investigation.", but is permanent monitoring of content, albeit automated and policy breaches being flagged.
Posted by Robert Streeter | February 15, 2007 11:55 AM
Posted on February 15, 2007 11:55