Legality of snooping on a logged in account?

Diagro said:
Did you read that?


"Employers have the right to spy on staff's work emails and electronic messages, the European Court of Human Rights has ruled."

WORK emails. Not personal email accounts
Click to expand...
It doesn't, that's a different link...what they heck?
I'll try and get the first one I copied, I clicked a link within that and must have copied that instead.
 
I figured things like syncing for Chrome etc should be disabled on work devices for GDPR reasons now?
 
Delvis said:
I figured things like syncing for Chrome etc should be disabled on work devices for GDPR reasons now?
Click to expand...
You would have thought so.

Unfortunately MANY companies IT departments are run by lazy people, who take offence at having to undertake work. Or they don't have any sort of IT support in place at all along with ZERO understanding of the law in regards to IT use.

It doesn't help that there are news outlets displaying that nonsense which will just in my views falsely empower employers to spy on their workforce any which way they can.

USB devices are supposed to be encrypted within education due to GDPR, yet every education establishment I've been to recently haven't carried out the steps required to do so. Simply because "Its not that easy", "We will get to it later".

The Op's case again in my personal view, is a breach of the Computer Misuse act. Gaining access to a persons personal account and going through personal IT usage history.
The issue is, the person didn't access the "dodgy" sites at work, on a work computer, but his history is still there. Possibly due to google sync? Do his employers even know what Google sync is? Most likely not thus it will hold no weight as an argument.

There is just too much missing from this story.
 
He accessed Facebook in work time seemingly from a client's computer, well he asked a colleague to.
Accessing Facebook in my place if work during contracted work hours is a big no no, it could lead to disciplinary action and ultimately termination of contract.
 
Diagro said:
You would have thought so.

Unfortunately MANY companies IT departments are run by lazy people, who take offence at having to undertake work. Or they don't have any sort of IT support in place at all along with ZERO understanding of the law in regards to IT use.

It doesn't help that there are news outlets displaying that nonsense which will just in my views falsely empower employers to spy on their workforce any which way they can.

USB devices are supposed to be encrypted within education due to GDPR, yet every education establishment I've been to recently haven't carried out the steps required to do so. Simply because "Its not that easy", "We will get to it later".

The Op's case again in my personal view, is a breach of the Computer Misuse act. Gaining access to a persons personal account and going through personal IT usage history.
The issue is, the person didn't access the "dodgy" sites at work, on a work computer, but his history is still there. Possibly due to google sync? Do his employers even know what Google sync is? Most likely not thus it will hold no weight as an argument.

There is just too much missing from this story.
Click to expand...

If you can link me to more details on that I'd want to forward it to our Security guy where I work. Would be greatly appreciated

:)
 
Diagro said:
You would have thought so.

Unfortunately MANY companies IT departments are run by lazy people, who take offence at having to undertake work. Or they don't have any sort of IT support in place at all along with ZERO understanding of the law in regards to IT use.

It doesn't help that there are news outlets displaying that nonsense which will just in my views falsely empower employers to spy on their workforce any which way they can.

USB devices are supposed to be encrypted within education due to GDPR, yet every education establishment I've been to recently haven't carried out the steps required to do so. Simply because "Its not that easy", "We will get to it later".

The Op's case again in my personal view, is a breach of the Computer Misuse act. Gaining access to a persons personal account and going through personal IT usage history.
The issue is, the person didn't access the "dodgy" sites at work, on a work computer, but his history is still there. Possibly due to google sync? Do his employers even know what Google sync is? Most likely not thus it will hold no weight as an argument.

There is just too much missing from this story.
Click to expand...

Heyyyyy, we're not all lazy :D Though I do often take offense with people making me work - as I would rather be looking at OcUK.

From the SME I work in - we haven't been briefed in regards to any laws we have to enforce, in relation to IT/use of IT equipment and whatnot - it has either been deemed as unnecessary, or [more likely] not in the budget. When the whole GDPR mess came about, we employed a 'specialist' to come in and make us GDPR ready - he lasted three weeks before storming out, I assume that he butted heads with the wrong people.

I digress.

When it comes to 'IT Policy' here, employees all get a copy with their contract, and although they don't sign it - they are automatically bound to it when they accept the role; I don't think the 'policy' itself is overly comprehensive - just typical common sense stuff really. Sadly, someone committed what ought to have been treated as gross misconduct a year or so ago (circumventing security basically) - and despite me providing a wealth of evidence on what they had done - HR did nothing!

The IT team here try to stay on top of potential issues - we lock down devices as much as possible - the BIOS is locked off, there is no booting from external media, the drives are encrypted and no one has local admin rights. All software that gets requested, has the EULA checked, and will only be installed (by IT) when the correct license has been purchased. The deployed Windows 10 images also have most of the junk removed - so users don't go wild on the Store and install Facebook or whatever else time waster they can find.

Unfortunately, when it comes to third party apps - such as the aforementioned Chrome, we don't have anything in place that would prevent users from signing into the browser with their own Google account; we will deploy the Enterprise version of Chrome, and leave them to it. I suspect that with the amount of things we have in place, if Joe Bloggs were to sign in as themselves, and have a bunch of personal info synced - we may be "ok" in the eyes of the GDPR gods. Best endeavors and all that.

Sadly though, these days in employment, it seems that common sense really has taken a back seat. I remember when I first start in an IT job back in 2001 - I was let lose with all the necessary rights to cause a bit of havoc on ours, and customer's networks; but I knew what I should and should not be doing. Today, it seems that unless you have an official document that expressly states DO NOT DO x, y and z - people will cry foul when they are hauled over the coals for being a plonker. Blame claim mindset I suppose.
 
Basically one time while out caring for a 'service user' (basically the disabled person). My 2nd cousin (the guy who is about to get sacked) couldn't reset his Facebook password on his phone so his 'senior' (more experienced carer) offered to reset it via the seniors work laptop. The senior logged into my 2nd cousins account to access the password reset link and in doing so it somehow sent all of the emails and web browsing history that my 2nd cousin accesses at home.

Some time later someone has made an allegation about his internet usage and the company he works for have found that all of his history was in their logs. HR went through the hundreds of pages hes ever been on going back years and found torrent sites and porn sites. They then suspended him pending an investigation into his internet usage. They are computer illiterate it seems and they think he is doing that at work on their laptop despite him not having access to a work laptop, only seniors have it.

The company have 'electronic communication and web usage' policies about accessing websites at work like social media,etc... let alone going on illegal websites and porn. So now they are gearing up to get rid of him because they think he is doing it while at work.
 
Umm, no.

Accessing Facebook won't do that, accessing Facebook then logging into Google on Chrome MIGHT sync stuff, but just resetting your Factbook password won't do that
 
TheLegendOfMart said:
Basically one time while out caring for a 'service user' (basically the disabled person). My 2nd cousin (the guy who is about to get sacked) couldn't reset his Facebook password on his phone so his 'senior' (more experienced carer) offered to reset it via the seniors work laptop. The senior logged into my 2nd cousins account to access the password reset link and in doing so it somehow sent all of the emails and web browsing history that my 2nd cousin accesses at home.

Some time later someone has made an allegation about his internet usage and the company he works for have found that all of his history was in their logs. HR went through the hundreds of pages hes ever been on going back years and found torrent sites and porn sites. They then suspended him pending an investigation into his internet usage. They are computer illiterate it seems and they think he is doing that at work on their laptop despite him not having access to a work laptop, only seniors have it.

The company have 'electronic communication and web usage' policies about accessing websites at work like social media,etc... let alone going on illegal websites and porn. So now they are gearing up to get rid of him because they think he is doing it while at work.
Click to expand...

If they do, then I would image he will have a very strong case against his dismissal.

I'll say it for the 4th time - get him to ring ACAS for advice, or do it on his behalf/with him present - it's free of charge and wees all over the help a union can give you; at least in my own personal experience (looking at you Unite!).
 
You must log in or register to reply here.
Back
Top Bottom