subject: The Intersection Of Privacy And Security [print this page] Now more than ever the fate of a corporation can hang on the behavior of its employees. At the same time, personal privacy is an increasingly hot issue as the digital age threatens to make secrets as obsolete as a transistor radio. With the rising costs of corporate wrongdoing on one hand and the increasing effectiveness of e-discovery software on the other, it will be interesting to see how well personal privacy stands up.
It would be nice to live in a perfect world in which no one would ever abuse trust or steal from the company that employed them, in which companies always gave their customers a fair deal and never tried to get something from their employees for nothing. In that world, the ethical standards of a company would be absolutes, and employees would do everything they could to uphold them.
Unfortunately, we don't live in a perfect world. Far from it. We live in a world in which people behave dishonestly on a regular basis. Companies try to get as much out of their employees as possible while giving them as little as possible. Employees waste time, steal both physical and intellectual property, and use the corporate face to legitimize larceny.
Because we live in an imperfect world, the ethical standards of companies are constantly under assault, both by employees and by the other ambitions of the company itself. Within the corporate structure, there is almost always an oversight division, which has two primary tasks: prevent abuses from happening and, if that fails, deal with them quickly to minimize the damage.
Prevention is the best way to minimize the damage of deceit, and today corporate oversight has powerful tools available to it to assist in prevention. Most office computers are thin clients, meaning that the computing is done on servers the company has access to. Everything from e-mails to Web histories to logs of which files were accessed are available, and by studying that information corporate oversight managers can spot red flags before problems mature.
Of course, this is a two-edged sword. While most people would agree that the work habits of employees are relevant to their employers, many employers allow their employees to mix some amount of personal time in with work time. This means that some of the data that is collected on that server is personal data - personal e-mails accessed, for example, or even online banking information.
How far can a company go to protect itself? Can it subject an employee's personal e-mail to the same level of scrutiny that it subjects an employee's work e-mail? What about personal e-mails delivered to the work address? One could argue that it's in a company's interests to know about the financial health of its employees, since an employee with financial problems might have more reason to engage in fraud. Is it then acceptable for companies to look at employees' bank accounts if their online banking login is stored on the server?
For the most part, companies have avoided invasions of privacy, even when that means that they lose money in penalties and investigation costs. But as the costs of investigation after the fact rise, and as more companies have solutions like e-discovery software on their servers already, will they become more aggressive about stopping problems before they develop? Odds are that personal privacy will become less of a concern after a company gets burned and self-preservation takes over.
