What's the legality of this?

Diddums · 4 May 2017 at 20:27

At work we have a job logging system. One of our guys doesn't have access to it so I gave him my login details so he could access it. He used it on Tuesday and left the PC without logging off. One of the other guys then went on the PC and took screenshots of all my internet history, emailed it to himself and deleted the sent email. I only know this happened because the idiot left the screenshots on my desktop. There are more issues at hand and the guy is currently in a performance improvement plan (which I put him on) so he's currently got it in for me and is looking for stuff.

Now today there was more stuff which I shan't bore you with, but my question is this:

Is it legal for someone to go on my work account and do this? I have a funny feeling he's going to bring it up in his weekly assessment tomorrow and it'd be nice to tell him it's not legal.

Thoughts?

NoobCannon · 4 May 2017 at 20:29

i dont think your employer will care too much about your hourly visits to "hotgilfs.com"

Jokester · 4 May 2017 at 20:30

Ignoring the fact you shouldn't be handing out your login details to other people to protect yourself against exactly this sort of thing (I've seen people end up sacked because other parties put porn on their system), it would be gross misconduct in my book if he admitted doing it.

neil_g · 4 May 2017 at 20:30

Don't know about legalities but never give out your login.

Also check your contract of employment for gross misconduct around computer systems.

Rroff · 4 May 2017 at 20:30

Depends a bit - have a look at your work policies for computer access/use - where I work its covered in there and is considered very serious and usually gross misconduct. If there isn't anything put down in writing then I'd take that up with the appropriate people as in this day and age there really needs to be black and white guidelines so as to deal with stuff like this cleanly.

There are a few computer misuse acts but they are a bit of a mess and don't really apply to stuff at work very clearly.

adolf hamster · 4 May 2017 at 20:31

I suspect, no matter the legality, that your going to get shafted for giving him your log on in the first place

Feek · 4 May 2017 at 20:32

I doubt it's illegal but probably against all the company IT policies to share your login.

Raymond Lin · 4 May 2017 at 20:32

The ISO27001 certification for the company just went out the window.

Thekwango · 4 May 2017 at 20:34

neil_g said:
Don't know about legalities but never give out your login.

Also check your contract of employment for gross misconduct around computer systems.

+1 but be aware you could find you are the one in breach of company policy for allowing someone else to use your login details.

RDM · 4 May 2017 at 20:35

It is a breach of the computer misuse act and a criminal offence.

Though by giving your password to another user you are probably in breach of your companies policies.

Diddums · 4 May 2017 at 20:36

I had no choice but to share my login, without it the other engineer wouldn't be able to do his job, and all three of my managers will back me up on this.

Diddums · 4 May 2017 at 20:36

Raymond Lin said:
The ISO2700 certification for the company just went out the window.

Can you elaborate?

Rroff · 4 May 2017 at 20:38

The UK Computer Misuse Act 1990 created three categories of offence:

unauthorised access to computer material:

there must be intent to access a program or data stored on a computer, and the person must know that this access is not authorised.

This is why login screens often carry a message saying that access is limited to authorised persons: this may not prevent a determined and ingenious hacker getting access to the system, but they will not be able to claim ignorance of committing an offence.

unauthorised access with intent to commit a further offence: for instance accessing personal files or company records in order to commit fraud or blackmail

Under section 35 that is punishable with upto 2 years in prison and/or fines but very messy in terms of actual implementation in the workplace (especially if you don't have evidence of him logging in with appropriated credentials or hacking to circumvent login systems in place). Could be enough to scare someone though.

neil_g · 4 May 2017 at 20:38

Diddums said:
I had no choice but to share my login, without it the other engineer wouldn't be able to do his job, and all three of my managers will back me up on this.

Yes you did. Your managers should've gotten him his own login.

Damn what any manager said. Never give out your login.

Jokester · 4 May 2017 at 20:39

Diddums said:
I had no choice but to share my login, without it the other engineer wouldn't be able to do his job, and all three of my managers will back me up on this.

Is that actually written down somewhere or just something you've been verbally told...

Managers tend just to say what ever you want to hear to get the job done for as little hassle as possible for themselves.

Nexus · 4 May 2017 at 20:39

It's certainly immoral, but not illegal. I have no idea what line of work you are doing, but you most likely signed a contract and that may lay out specific clauses that you and colleagues need adhere to.

Ultimately, if you've been looking at something you shouldn't have at work, then that's not likely to go down well with your employer. While it doesn't reflect well on you, it also doesn't reflect well on him to have trawled through your computer to find anything he can to discredit you.

Rroff · 4 May 2017 at 20:44

^^ It certainly can be illegal - whether a court would even entertain it in a case like this is another matter plus the legislation is hideously out of sync with the realities not to mention would rely heavily to be effective on terms of employment and signed policy agreements, etc.

Vonhelmet · 4 May 2017 at 20:45

He's almost certainly broken the company's IT policy. You probably have.

Mind you, I suspect any company could find that any member of staff had broken the policy in some way. It's there so they can fire you if you cause trouble, or have credible grounds for firing you if they don't like you.

Raymond Lin · 4 May 2017 at 20:46

Diddums said:
Can you elaborate?

It's a certification that some companies have, generally the larger ones, and ones that prides itself in Data protection, such as law firms. To get the certification the company from top to bottom have to adhere to certain criteria such as do not leave confidential information on the open, lock the screen when the user leaves the desk, never give out passwords etc.

The serious note is that I doubt your company will lose it, unless of course if words gets out but you will probably get into trouble and a slap on the wrist from your boss. Depends how they see it tbh, it could be a verbal warning to gross misconduct, depends on the company/role you do.

Azza · 4 May 2017 at 20:50

Diddums said:
I had no choice but to share my login, without it the other engineer wouldn't be able to do his job, and all three of my managers will back me up on this.

Surely the logical solution is to get him a login created so he can access it.

How did you put the other guy on a performance improvement plan are you his line manager?