Privacy Commissioner’s Office gives tips on how to avoid employee snooping – Canadian Government Executive

NEWS

SEARCH

GovernmentHRPolicySecurity
April 1, 2016

Privacy Commissioner’s Office gives tips on how to avoid employee snooping

Employee snooping poses a serious privacy risk, says the OPC

Now more than ever, organizations in both the public and private sector hold a vast amounts of data on their personnel as well as customers.

Technology has allowed many businesses and offices to monitor the whereabouts and behaviours of their staff and clients. However, just because a workplace owns the devices used by employees, this doesn’t mean that workers have lost the right to privacy when using employee-provided equipment.

“Employee snooping poses a serious privacy risk that if left unchecked can cause significant and lasting financial and reputational damage to both your customers and your organization,” according to the Office of the Privacy Commissioner of Canada.

Here are 10 ways workplaces can avoid employee snooping:

Educate

  1. Foster a culture of privacy

Perhaps the most important element in the prevention of employee snooping is an organization’s culture of privacy, as it supports the effectiveness of all other measures. This starts with the establishment of clear expectations and requirements for employees. Develop a set of comprehensive privacy policies and procedures, and reflect and operationalize them in concrete practices, to ensure that employees: (i) understand that privacy is a core organizational value, and (ii) know what this means for their day-to-day activities.  Further, give your organization’s privacy officer (or a similar role) a clear mandate to educate, monitor compliance, and investigate and address violations. When the importance of, and practices associated with, respecting privacy are front-of-mind, employees are less likely to snoop without thinking — helping to avoid incidents based on impulsiveness, misunderstanding or curiosity.

  1. Have periodic and/or “just-in-time” training and reminders of policies around snooping

Quite often, an employee is presented with his or her privacy obligations as just one part of the voluminous orientation package received upon hiring. While this is a good practice, it should not be the only time such policies are presented to employees. Regular reminders and proper training will ensure knowledge remains fresh. Further, where possible, an organization can use a “just-in-time” reminder — which can range from a sticker on a cabinet to a computer pop-up — to present key information about employees’ privacy obligations at precisely the time it may be needed.

  1. Ensure employees know that consequences will be enforced.

Whether it is curiosity, a request from another person, or even the lure of financial gain, some employees may have an incentive to snoop. It is up to organizations to ensure their employees are aware that there are serious repercussions for doing so. Employees should understand that: (i) there are significant consequences to, and damages that can arise from, snooping; (ii) the organization takes steps to detect and dissuade violators; and, (iii) consequences will be enforced. The absence of any of those three factors will negatively impact the effectiveness of an organization’s snooping prevention measures. Having employees sign (upon hiring and at regular intervals) confidentiality agreements that speak to both unauthorized access to, and disclosure of, personal information can be a strong mechanism in creating this awareness.

Protect

  1. Ensure access is restricted to information required to perform the job

An employee’s access to information should be matched to his or her role. This might mean, where feasible, that he or she can access only less sensitive portions of the information held about an individual and/or only information about a limited number of individuals, that access is time- or geography-limited, and/or other restrictions. Organizations should also have documented processes in place for granting and revoking access to information, as required (such as when an employee changes roles). Particularly where information is sensitive, organizations should use physical (e.g., locked cabinets), organizational (e.g., appropriate policies and consequences) and/or technological (e.g., restricted access permissions) safeguards to prevent ‘unintentional’ inappropriate access to customer information.

  1. Allow individuals to block specific employees from accessing their personal information

Situations may occur in which an individual has a bona fide reason to desire that one or more employees of an organization (e.g., family members or ex-partners with whom a contentious relationship exists) be prevented from accessing his or her personal information. Organizations should thus have systems in place to accommodate such requests.  Needless to say, to ensure adequacy, the blocked employee should not be able to circumvent this measure.

  1. Have access logs and/or other oversight tools in place

In general, inappropriate access may not be immediately visible. Incidents may come to light over time, or as the result of a complaint from an individual. Having access logs or other oversight tools in place allow an organization to investigate allegations of employee snooping by reactively reviewing such logs in order to confirm/deny employee snooping allegations made against an employee. Making employees aware that these oversight measures exist also plays a key role in deterrence.  If employees realize that there is a high likelihood of being caught, the likelihood that they engage in snooping practices in the first place is dramatically reduced.

Monitor

  1. Proactively monitor and/or audit your access logs and other oversight tools

Beyond using access logs to reactively investigate alleged incidents, it is important that organizations have proactive measures in place to monitor and/or audit for undetected employee snooping. Such measures are essential safeguards to detect and deter unauthorized access by employees, and are particularly crucial for organizations that, for customer service or other reasons, must permit employees broad access to customer/client information. This can take the form of regular audits of all employees or random ones, where an organization is quite large. Further, as described prior, to maximise deterrence employees should be made aware that these proactive steps will take place. Without the potential for proactive detection, incidents of employee snooping could continue indefinitely without the knowledge of the affected individual, or even the organization.

  1. Understand “normal” access, to better detect inappropriate access

An employee has accessed the personal information of a particular person 10 times in one week, or once a week for a year. Another has accessed 900 different files once each, over a two-year period. Are either of these behaviours indicative of a problem? Organizations should understand baseline access patterns for various roles, in order to better detect anomalies of access. Alerts can then be set up to notify the organization of potential problematic behaviour.

Respond

  1. Investigate all reports of employee snooping

Due to their potential seriousness, allegations of employee snooping must be taken seriously. When our Office becomes aware of a snooping incident, we will expect a respondent organization to be able to demonstrate that it has undertaken a thorough and timely investigation of any substantive allegations and, where warranted, taken appropriate steps to address the unauthorized access by an employee, mitigate current or future harms to the individual, and reduce the likelihood of recurrence (potentially including revising policies, strengthening safeguards, increasing monitoring, or similar measures).

  1. Where proactive measures fail, respond appropriately

There are circumstances in which no reasonable proactive measures would have been able to prevent or detect an employee snooping incident. In those instances, it is important that the organization respond appropriately. This can include, but is not limited to, appropriate consequences for the snooper (which may include disciplinary action), notification to the OPC, and notification to the affected individual (including sufficient information, such as duration and scope of access, to allow an individual to take appropriate steps to mitigate any potential impacts of the incident).

“By taking the appropriate steps to address this risk, including the adoption of the practices outlined above, organizations can go a long way in advancing their reputation as a privacy-conscious business, and more importantly, protect their valued customers’ information, with which they have been entrusted,” the report from the OPC said.

About this author

Nestor Arellano

Nestor is a Toronto-based journalist who specializes in writing about technology and business. He is the editor of Vanguard Magazine and the associate editor of IT in Canada and a regular contributor to CGE.

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Government
 
Please to view this Content. (Not a member? Join Today! )...
 
Cost estimation is becoming an extremely important skill within government due...
 
In this special episode of CGE Radio, your host John Jones...
 
In this episode J. Richard Jones examines the rise in international...
 
Please to view this Content. (Not a member? Join Today! )...
 
The North Atlantic Treaty Organization, with its 28 independent member countries...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
In this episode, hear from Carl Hammersburg, Manager, Government and Healthcare...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
An Interview with Larry Ostola, Toronto’s Director of Museums and Heritage...
 
Please to view this Content. (Not a member? Join Today! )...
 
The arrival of President Trump in the White House marks a...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
While the incoming administration of President-elect Donald Trump is being buffeted...
 
Mental health problems are increasingly recognized today. By some calculations, one...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
In the world that we are living in today, free and...
 
Please to view this Content. (Not a member? Join Today! )...
 
While government watchers tend to concentrate on the big policy issues,...
 
The RCMP adopted a new media strategy earlier this month by...
 
Please to view this Content. (Not a member? Join Today! )...
 
There is already a surging literature on the application of design...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
The results-driven work ethics of Michael Barber, a top British political...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Deliverology is fast becoming a buzzword in the Canadian government scene....
 
For several months now, the Liberal government ministers have been using...
 
Ontario’s provincial government needs to act fast in building a coordinated...
 
The bootleg fentanyl overdose crisis that is sweeping across Western provinces...
 
Terrorism operates with deadly regularity. In June 2016, a gunman who...
 
It’s a common notion that young workers born in the mid-1990s...
 
BC Hydro said it is pushing through with it $9-billion, hydroelectric megaproject on...
 
Canadian doctors were told that climate change impacts human health and...
 
Even as talks between the government and federal workers affected problems...
 
At last the the nostalgic fun of the CNE decends upon...
 
Just as the federal government has begun consultations on cyber security,...
 
The association representing more than 42,000 physicians and medical students in...
 
Please to view this Content. (Not a member? Join Today! )...
 
Following three months of little change in the employment numbers, Statistics...
 
Regardless of whether you are an elected official, a public servant,...
 
Ottawa has overhauled the process by which justices are picked for...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
The local electric vehicle industry just got a boost from Ontario...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
On June 7, over 40 senior executives from within the public...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
The government has to move quickly in replacing its fleet of...
 
As much a 20 per cent of grade seven students in...
 
The Liberal government is taking steps to rein in the National...
 
Canada is severely in need of a maritime vessel that can...
 
The actions and decisions of public servants have consequences for the...
 
Please to view this Content. (Not a member? Join Today! )...
 
He is often referred to as the federal government’s first “chief...
 
Upon receiving numerous complaints regarding add-on fees that turn making economy...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Conservation efforts in the Canadian Arctic will be obstructed and sensitive...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
In this episode, Richard talks with Alex Willner, Assistant Professor from...
 
Now more than ever, organizations in both the public and private...
 
Things just get curiouser and curiouser. Lewis Carroll (1865): ’s Adventures...
 
Laid off workers in Canada will soon get some relief with...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Eight years ago, the always prolific University of Chicago Law School...
 
Please to view this Content. (Not a member? Join Today! )...
 
The ambitious immigration plan of the Liberal government promises to zero...
 
Nearly half of Canadian organizations are falling behind on implementation of...
 
Please to view this Content. (Not a member? Join Today! )...
 
The Ontario government and telecom gear maker Huawei Canada yesterday announced...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Prime Minister Trudeau is off on one of the most intense...
 
Please to view this Content. (Not a member? Join Today! )...
 
Some title Some author
Some excerpt
Please to view this Content. (Not a member? Join Today! )...

Member Login

Forgot Password?

Join Us

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.