Privacy in Staff Personal folders. Any Sample Policies?

**FelixDzerzhinsky** · 11-30-2004, 11:38 AM

Got an issue at work.

One part of our organisation has Personal Staff Folders on the network. In this part of the organisation the supervisors will not access the folder without the staff members permission, generally only in an emergency or for an legitamate investigation which has to be certified by a Senior manager. If access is required IT staff look for a designated work related file which has to be specified (at least in general terms) by the supervisor.

This is to stop managers going on fishing expeditions for Resumes, medical information, etc. Staff are permitted by policy to 100mb of personal space as long as it is not used for running a personal business, storing porn or harrassing material, etc,.

The other part of the organisation basically has a free for all. Supervisors can do what they want.

I am trying to find any sample policies about employee personal folder areas on a network. Does anybody have links to policies or related legislation?

Most of the info I find is related to email or workplace monitoring. I would like to find something about privacy of staff when they have been given a personal area on the network.

European legislation or policies would probably be most useful. American workers as far as I can see have no rights.

I brace myself for the flames for the last statement.

Thanks

**chris-harry** · 12-01-2004, 05:38 AM

many companies have different pollicies... read the pollicies of the company... if you signed them, then they can well lets just use the word streatch, around the legal rope.

**CrashedAgain** · 12-01-2004, 05:43 AM

Legal issues aside, I would not store anything on a workplace network that I would not be comfortable with management accessing.
Privacy 'rights' are one thing, enforcement is a different issue altogether and remember, management owns the network and has the system administrators with the capability to access anything on the network.
Use removeable media for anything personal or sensitive.

**chris-harry** · 12-01-2004, 05:50 AM

and who would keep porn on a school computer, or work computer... its a great way of getting fired though... hmm...

**FelixDzerzhinsky** · 12-01-2004, 10:43 AM

Thanks for the replies.

For chris-harry:

Its hard to believe how stupid some users are. You are right they would be fired.

Permission is required to use removable media on our network.

True about management owning the network and system administrators being able to monitor anything. But I monitor them also. (Who monitors me...). If they are abusing their position they would be binned also.

**CrashedAgain** · 12-01-2004, 11:18 PM

Originally Posted by FelixDzerzhinsky

Thanks for the replies.

For chris-harry:

Its hard to believe how stupid some users are. You are right they would be fired.

Permission is required to use removable media on our network.

True about management owning the network and system administrators being able to monitor anything. But I monitor them also. (Who monitors me...). If they are abusing their position they would be binned also.

If permission is reuquired then I would get permission. If I could not get permission then I would transfer the data to an off-network site (somehow!..don't know how, I have not actually been faced with the problem). I would work under the assumption that mgnt can and will view everything stored on the network.

We are not necessarily talking about porn or similar inappropriate data. I am thinking more of employee information of a personal nature or perhaps information concerning trade union activities, etc.

I applaud your efforts if you are able to effectively monitor a network and serve as a watchdog in this way, but the very fact that your could monitor the network would seem to indicate a security weakness in the network.

**chris-harry** · 12-04-2004, 09:26 AM

Its hard to believe how stupid some users are. You are right they would be fired.

trust me... there are stupid people out there... look at one of our pollititions, (in aussy land), got fired for looking at porn at work...

ahahahahahahaha... well... they are alll.......... *words have been cut out*

**firebyrd10** · 12-04-2004, 10:08 PM

If the supervisors have root permissions, then they can get anywhere. Root is all powerful. Best way is to store it on removable drives or encrypt it. Which you seem to be talking about already.