What's the legality of this?

[FloppyPoppy]

Sorry, how hard is it to create a new account for somebody? I have no clue why the engineer using your details wasn't just given his own access rights.

2 minute job, surely?

In many work infrastructures getting an account set up can take weeks as they often aren't local but networked. Thus, you can't set one up on the local machine as it wont have access to any of the required content.

 

[james.miller]

It doesnt take weeks to create an account on exchange. it takes weeks for your IT guys to get it done. slight difference


shared logins arent necessarily a problem but the content it gives you access to can be. your job loggin system is there to log jobs. as condescending as that sounds, that's its purpose; if you give your login to somebody else, it's rendered useless. accountability goes out the window along with anything else it's supposed to do.

The answer in my place is to do the work, log it with the shift leader and when IT create the account added the detail manually. Never ever ever ever let somebody else use your details to log hours on a job.

 

[Maccy]

The ISO27001 certification for the company just went out the window.

I'd be surprised if Diddums' company is ISO27001 certified.

 

[Uther]

He didn't use the login, the system was left logged in by engineer 1.

He used an open system.

Yep, OP screwed up. Easier to blame the bloke under you though.

 

[ubersonic]

took screenshots of all my internet history, emailed it to himself

If he has a .com email that's a breach of data protection laws in addition to the laws others have mentioned.

 

[cyber69]

At a company I used to work at my boss once presented me with a list of my internet search history and tried to claim gross misconduct just due to the fact of me using the internet in work time, no dodgy surfing. I just got my internet access taken away for a month or so.

If your company was to produce any evidence trying to claim gross misconduct then they would have to do the same for all employees, not just you. If you have been looking at dodgy stuff then it could be a verbal warning I guess or worse.

 

[=XDC=FluphyBunny]

Yep, OP screwed up. Easier to blame the bloke under you though.

OP made a mistake in not telling his managers to create a new login for original colleague. As for 'easier to blame the bloke under you' who are you referring to?

If the idiot employee who took screenshots of OP's internet history brings them up at work he will almost certainly be finished. They may slap your wrist (and you managers) but given the guy has proven himself to be a poor employee the boss will be happy to use it as gross misconduct and get rid of him.

 

[Thekwango]

quick question - may have already been answered and I missed it so apologies.

but how do you know PIP guy did the screenshotting and how do you know he emailed it to himself if the sent email has been deleted? how do you know it wasn't the guy you gave the login details to?

 

[Surfer]

so this guy accessed your login without your permission and downloaded material that you had been looking at. He will be in trouble pretty sure that will contravene your company policy. You will be fine because you have a legitimate reason for lending your login to the other engineer.

Doesnt matter that the guy will bleat about your internet history or whatever that has nothing to do with accessing someone elses login deliberately to cause mischief and without authorization.

Check with HR (regarding the policy) about this before your meeting with this guy!! Im sure HR will back you up.

 

[Deleted member 66701]

I see what you're saying but it's not as simple as that sadly.

As a former security auditor, it is that simple.

Never share your login details. Ever.

I'd be surprised if Diddums' company is ISO27001 certified.

I very much doubt it also.

 

[ubersonic]

I think people are looking at this the wrong way. The fact the OP lent his login to a coworker is irrelevant (and also fairly common in some companies and in many cases not even against the rules), it doesn't matter if it was the coworker who had been loaned the login who left the machine unlocked or the OP himself. The fact remains that coworker #2 came accross a machine that had been left unlocked, accessed the machine without authorization, determined the user logged in was somebody he disliked, copied data from the machine, transferred that data off site, etc. Coworker #2 violated multiple rules/laws and would be an idiot to try and use that as a defense in a performance review (though he does sound like an idiot).

Out of interest OP was it literally IE/FF/Chrome history he screenshotted? Can he prove the sites were accessed by you and not himself? (unlikely), can he even prove it was your login being screenshotted?

 

[adolf hamster]

Timestamps for internet history prior to the screenshot date, and if the start menu has his name or a recognisable log on detail as the user account.

 

[Haggisman]

He didn't use the login, the system was left logged in by engineer 1.

He used an open system.

Does this work similar to the "I didn't break in, the door was open so I helped myself to the TV" excuse for burglary?

 

[adolf hamster]

Does this work similar to the "I didn't break in, the door was open so I helped myself to the TV" excuse for burglary?

Of course not, for the same reason the goverment should be allowed to read your emails without a court warrant but not your letters, phone calls, or bug your house

 

[antijoke]

Does this work similar to the "I didn't break in, the door was open so I helped myself to the TV" excuse for burglary?

Of course not, but it's not the same scneario at all.

 

[Mr_Orange]

If that many people have your log in details and the PC is constantly left open who knows who looked up what when? All this realistically does is prove the need for everyone to have their own log in.

Also Outlook does have a recovery system for deleted items depending on what server software is used.

 

[ubersonic]

Timestamps for internet history prior to the screenshot date

Only works if the system clock is in the screenshot and if the system settings are locked to getting time from domain server. Even then images can be edited easily.

 

[Mujja]

Sorry, how hard is it to create a new account for somebody? I have no clue why the engineer using your details wasn't just given his own access rights.

2 minute job, surely?

Diddums works evenings and weekends. It sounds like the needed a password reset and no one was around to reset it. If it was a new employee needing an account created he wouldn't have been left alone logged in to a computer, presumably.

 

[Haggisman]

Of course not, but it's not the same scneario at all.

I disagree, using a computer which someone else has left logged when you know you shouldn't is no different to walking into someone's house and taking their stuff because they've left the door wide open.

Yes in both cases the person leaving the door open/account logged in is an idiot for doing so, but that doesn't excuse the actions of the person actually performing the malicious act.

 

[Em3bbs]

As a former security auditor, it is that simple.

Did you get to wear a special badge or hat?