Overhearing onboarding managers explain how IT watches everything staff do.
No we don’t randomly remote into your system to see what your screen you are on.
No we dont actively look at your web history.
No we don’t actively read other staffs outgoing emails for data loss.
We have automated systems for 2 and 3. Even then we only do something if requested by HR or Legal.
Highly illegal in the EU. Also highly stupid everywhere else. The big question is “How secure is your user espionage system and can an outsider get acces?”. The data from something like this is a social engineering goldmine.
Under the GDPR, employers in the EU can only monitor employees’ work emails if it is necessary, proportionate, and serves a legitimate purpose, such as ensuring compliance or security. Employees must be informed about the monitoring in advance, and clear policies should be in place to respect transparency and consent requirements. Any monitoring must also balance the employer’s business interests with the employees’ right to privacy, ensuring minimal intrusion. Some countries like Germany have really strict interpretations of how to apply the GDPR here.
I mean, a lot of the places people say stuff like that our government-related jobs, where the emails and internal DMs are recorded as public record. This isn’t as much of an issue in that case.
Yeah but people are highly aware of it and there is even a disclaimer in Email Signatures that everything is tracked. If you are dealing with government ministries in European countries some of the (unofficial) information exchange is done without written record, either at in-person conferences or even through non-work phones.
IT guy here, I want to be as far away from any user logs as possible that are not directly related to solving a work issue.
I don’t want to know anything about your browsing history, your email, your chats or your documents. I want to install computers, configure systems, plan deployments, fix odd issues, write scripts, make reports, and while doing that listen/watch youtube videos about a guy setting up obsolete systems like Sun thin clients, installing BeOS, Apple Rhapsody, installing Windows 3.11 on a mobile phone, stuff like that.
Is it really unreasonable to explain that nothing you do on a work computer is private, though?
Obviously you don’t want to do any of that. But if you have a reasonable set up, you can when you need to, and telling people not to do shit they shouldn’t on company hardware is a good thing.
I can explain it a thousand times and people will still treat company equipment during company time as private.
I am more annoyed about managers giving the impression that we actively watch things. We don’t. We have more important stuff to do because we are chronically underfunded
Overhearing onboarding managers explain how IT watches everything staff do.
No we don’t randomly remote into your system to see what your screen you are on.
No we dont actively look at your web history.
No we don’t actively read other staffs outgoing emails for data loss.
We have automated systems for 2 and 3. Even then we only do something if requested by HR or Legal.
Highly illegal in the EU. Also highly stupid everywhere else. The big question is “How secure is your user espionage system and can an outsider get acces?”. The data from something like this is a social engineering goldmine.
Source? I’ve signed contracts before that includes clauses saying they can basically read my work email whenever they want.
Screen and web history sounds pretty illegal though, but would love to hear what law that is.
Under the GDPR, employers in the EU can only monitor employees’ work emails if it is necessary, proportionate, and serves a legitimate purpose, such as ensuring compliance or security. Employees must be informed about the monitoring in advance, and clear policies should be in place to respect transparency and consent requirements. Any monitoring must also balance the employer’s business interests with the employees’ right to privacy, ensuring minimal intrusion. Some countries like Germany have really strict interpretations of how to apply the GDPR here.
I mean, a lot of the places people say stuff like that our government-related jobs, where the emails and internal DMs are recorded as public record. This isn’t as much of an issue in that case.
Yeah but people are highly aware of it and there is even a disclaimer in Email Signatures that everything is tracked. If you are dealing with government ministries in European countries some of the (unofficial) information exchange is done without written record, either at in-person conferences or even through non-work phones.
IT guy here, I want to be as far away from any user logs as possible that are not directly related to solving a work issue.
I don’t want to know anything about your browsing history, your email, your chats or your documents. I want to install computers, configure systems, plan deployments, fix odd issues, write scripts, make reports, and while doing that listen/watch youtube videos about a guy setting up obsolete systems like Sun thin clients, installing BeOS, Apple Rhapsody, installing Windows 3.11 on a mobile phone, stuff like that.
This guy watches Acton Retro, doesn’t he
That’s exactly what an IT person would say to hide the fact they watch what I do on my computer!
Is it really unreasonable to explain that nothing you do on a work computer is private, though?
Obviously you don’t want to do any of that. But if you have a reasonable set up, you can when you need to, and telling people not to do shit they shouldn’t on company hardware is a good thing.
I can explain it a thousand times and people will still treat company equipment during company time as private.
I am more annoyed about managers giving the impression that we actively watch things. We don’t. We have more important stuff to do because we are chronically underfunded