Privacy Commissioner’s Office gives tips on how to avoid employee snooping - Canadian Government Executive
GovernmentHRPolicySecurity
April 1, 2016

Privacy Commissioner’s Office gives tips on how to avoid employee snooping

Employee snooping poses a serious privacy risk, says the OPC

Now more than ever, organizations in both the public and private sector hold a vast amounts of data on their personnel as well as customers.

Technology has allowed many businesses and offices to monitor the whereabouts and behaviours of their staff and clients. However, just because a workplace owns the devices used by employees, this doesn’t mean that workers have lost the right to privacy when using employee-provided equipment.

“Employee snooping poses a serious privacy risk that if left unchecked can cause significant and lasting financial and reputational damage to both your customers and your organization,” according to the Office of the Privacy Commissioner of Canada.

Here are 10 ways workplaces can avoid employee snooping:

Educate

  1. Foster a culture of privacy

Perhaps the most important element in the prevention of employee snooping is an organization’s culture of privacy, as it supports the effectiveness of all other measures. This starts with the establishment of clear expectations and requirements for employees. Develop a set of comprehensive privacy policies and procedures, and reflect and operationalize them in concrete practices, to ensure that employees: (i) understand that privacy is a core organizational value, and (ii) know what this means for their day-to-day activities.  Further, give your organization’s privacy officer (or a similar role) a clear mandate to educate, monitor compliance, and investigate and address violations. When the importance of, and practices associated with, respecting privacy are front-of-mind, employees are less likely to snoop without thinking — helping to avoid incidents based on impulsiveness, misunderstanding or curiosity.

  1. Have periodic and/or “just-in-time” training and reminders of policies around snooping

Quite often, an employee is presented with his or her privacy obligations as just one part of the voluminous orientation package received upon hiring. While this is a good practice, it should not be the only time such policies are presented to employees. Regular reminders and proper training will ensure knowledge remains fresh. Further, where possible, an organization can use a “just-in-time” reminder — which can range from a sticker on a cabinet to a computer pop-up — to present key information about employees’ privacy obligations at precisely the time it may be needed.

  1. Ensure employees know that consequences will be enforced.

Whether it is curiosity, a request from another person, or even the lure of financial gain, some employees may have an incentive to snoop. It is up to organizations to ensure their employees are aware that there are serious repercussions for doing so. Employees should understand that: (i) there are significant consequences to, and damages that can arise from, snooping; (ii) the organization takes steps to detect and dissuade violators; and, (iii) consequences will be enforced. The absence of any of those three factors will negatively impact the effectiveness of an organization’s snooping prevention measures. Having employees sign (upon hiring and at regular intervals) confidentiality agreements that speak to both unauthorized access to, and disclosure of, personal information can be a strong mechanism in creating this awareness.

Protect

  1. Ensure access is restricted to information required to perform the job

An employee’s access to information should be matched to his or her role. This might mean, where feasible, that he or she can access only less sensitive portions of the information held about an individual and/or only information about a limited number of individuals, that access is time- or geography-limited, and/or other restrictions. Organizations should also have documented processes in place for granting and revoking access to information, as required (such as when an employee changes roles). Particularly where information is sensitive, organizations should use physical (e.g., locked cabinets), organizational (e.g., appropriate policies and consequences) and/or technological (e.g., restricted access permissions) safeguards to prevent ‘unintentional’ inappropriate access to customer information.

  1. Allow individuals to block specific employees from accessing their personal information

Situations may occur in which an individual has a bona fide reason to desire that one or more employees of an organization (e.g., family members or ex-partners with whom a contentious relationship exists) be prevented from accessing his or her personal information. Organizations should thus have systems in place to accommodate such requests.  Needless to say, to ensure adequacy, the blocked employee should not be able to circumvent this measure.

  1. Have access logs and/or other oversight tools in place

In general, inappropriate access may not be immediately visible. Incidents may come to light over time, or as the result of a complaint from an individual. Having access logs or other oversight tools in place allow an organization to investigate allegations of employee snooping by reactively reviewing such logs in order to confirm/deny employee snooping allegations made against an employee. Making employees aware that these oversight measures exist also plays a key role in deterrence.  If employees realize that there is a high likelihood of being caught, the likelihood that they engage in snooping practices in the first place is dramatically reduced.

Monitor

  1. Proactively monitor and/or audit your access logs and other oversight tools

Beyond using access logs to reactively investigate alleged incidents, it is important that organizations have proactive measures in place to monitor and/or audit for undetected employee snooping. Such measures are essential safeguards to detect and deter unauthorized access by employees, and are particularly crucial for organizations that, for customer service or other reasons, must permit employees broad access to customer/client information. This can take the form of regular audits of all employees or random ones, where an organization is quite large. Further, as described prior, to maximise deterrence employees should be made aware that these proactive steps will take place. Without the potential for proactive detection, incidents of employee snooping could continue indefinitely without the knowledge of the affected individual, or even the organization.

  1. Understand “normal” access, to better detect inappropriate access

An employee has accessed the personal information of a particular person 10 times in one week, or once a week for a year. Another has accessed 900 different files once each, over a two-year period. Are either of these behaviours indicative of a problem? Organizations should understand baseline access patterns for various roles, in order to better detect anomalies of access. Alerts can then be set up to notify the organization of potential problematic behaviour.

Respond

  1. Investigate all reports of employee snooping

Due to their potential seriousness, allegations of employee snooping must be taken seriously. When our Office becomes aware of a snooping incident, we will expect a respondent organization to be able to demonstrate that it has undertaken a thorough and timely investigation of any substantive allegations and, where warranted, taken appropriate steps to address the unauthorized access by an employee, mitigate current or future harms to the individual, and reduce the likelihood of recurrence (potentially including revising policies, strengthening safeguards, increasing monitoring, or similar measures).

  1. Where proactive measures fail, respond appropriately

There are circumstances in which no reasonable proactive measures would have been able to prevent or detect an employee snooping incident. In those instances, it is important that the organization respond appropriately. This can include, but is not limited to, appropriate consequences for the snooper (which may include disciplinary action), notification to the OPC, and notification to the affected individual (including sufficient information, such as duration and scope of access, to allow an individual to take appropriate steps to mitigate any potential impacts of the incident).

“By taking the appropriate steps to address this risk, including the adoption of the practices outlined above, organizations can go a long way in advancing their reputation as a privacy-conscious business, and more importantly, protect their valued customers’ information, with which they have been entrusted,” the report from the OPC said.

About this author

Nestor Arellano

Nestor is a Toronto-based journalist who specializes in writing about technology and business. He is the editor of Vanguard Magazine and the associate editor of IT in Canada and a regular contributor to CGE.

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Government
 
Canadian Government Executive, in collaboration with Dalhousie University, is seeking your...
 
Wouldn’t we all love to work in an open, transparent and...
 
Barring a massive emergency, on December 7,h 2018, Prime Minister Justin...
 
In November 2015, Prime Minister Justin Trudeau formed the first gender-balanced...
 
After the general federal election in October 2015, Prime Minister Justin...
 
In my previous post about Nesta’s  Digital Frontrunners , I introduced four challenges ...
 
While most of my focus here is on IT and digitization...
 
In his article, Gaming the System, How the misuse of data impedes...
 
Over the years, governments have been adopting Lean management principles to...
 
Canada is governed by multiple levels of governme­nt, which is evident...
 
We are excited to announce that the Dec/Jan issue of CGE...
 
In federal systems like Canada’s – where power, authority, and responsibility...
 
When James Cattell, a delivery manager at the UK’s Department for...
 
Kotter International found that 90 per cent of managers and employees...
 
It is time to reboot democracy. This year, the French constitution,...
 
The role of internal audit in the public sector has changed...
 
Welcome to the fall edition of CGE. Since our last issue,...
 
We are excited to share with you the October/November 2018 edition...
 
The recent 2018 Senate Report examining the Government of Canada’s Phoenix...
 
Why do the richest 1 per cent of Americans take 20...
 
George Ross, editor in chief of Canadian Government Executive spoke with...
 
Usually, the summer period is a relatively slow time for public...
 
The Québec government has initiated a historic engagement process. The 2017...
 
A healthy Canadian economy and opportunities outside of North America are...
 
We are excited to share with you the May/June issue of...
 
The UK Department for Education (DfE) doesn’t have an easy mandate:...
 
With the launch of the Canada Infrastructure Bank and US Congressional interest in Trump’s...
 
Ask a public servant if they know about “ deliverology ” and...
 
In this era of truth and reconciliation, what are the principles...
 
Innovation labs and units have become so fashionable in the public...
 
Can government remember? Is it condemned to repeat mistakes? Or does...
 
Over the past two decades, codes of ethical conduct have become...
 
In this episode, J. Richard Jones sits down with Martin Joyce,...
 
In this episode, J. Richard Jones, publisher of Canadian Government Executive...
 
The January/February 2018 issue of Canadian Government Executive is on the...
 
This year is proving to be an interesting one for all...
 
Recently, George Ross, Editor-in-Chief of Candian Government Executive sat down with...
 
As Executive Director of the UK’s Government Digital Service, Mike Bracken...
 
For over two days at the end of January this year,...
 
Prime Minister Justin Trudeau has, on many occasions, expressed his commitment...
 
Today, many connect with their banks, private companies, and friends in...
 
The Trudeau Government’s decision, in August 2017, to split the Indigenous...
 
In the last few years, we’ve seen various federal governments warning...
 
Rankings of public sector entities has been big trend for quite...
 
For over 20 years, Canadian Government Executive (CGE) has been a...
 
The health care system in Canada, known as Medicare, is publicly...
 
Do Labour Market Development Agreements (LMDAs) make a difference? Our evaluation...
 
Evaluation is performed for a range of reasons:  to improve programs,...
 
Radical candour sounds rather outré as a prescription for government executives....
 
Behavioural Insights (BI) is a multidisciplinary approach that uses principles and...
 
In March, the Canada Revenue Agency’s website was shut down by...
 
In 2016, Deloitte undertook a global internal audit research study on...
 
One of the writers in this month’s issue started a note...
 
During the general election in 2015, Justin Trudeau, the leader of...
 
So, what can be said about Canada’s public administration as the...
 
The way forward to engaging Millennials in the public sector Passionate,...
 
As the Liberal’s assumed office, three big democratic reform ideas were...
 
The International Monetary Fund (IMF) in issuing its annual review of...
 
In today’s world of heightened focus on good governance and accountability...
 
At a recent meeting, a colleague asked me how I became...
 
As ‘month 13’ for Canada’s Syrian refugee arrivals comes and goes,...
 
As governments around the world move towards the digital transformation of...
 
Cost estimation is becoming an extremely important skill within government due...
 
The Senate has long been controversial largely because it is unelected...
 
In this special episode of CGE Radio, your host John Jones...
 
In this episode J. Richard Jones examines the rise in international...
 
Currently, there are ten organizations at the federal level that function...
 
Imagine a Canadian government that shares best practices in service delivery....
 
Risk is always present in any undertaking, no matter the size...
 
There is a new buzz in policy circles. Advances in data...
 
The North Atlantic Treaty Organization, with its 28 independent member countries...
 
The internal audit function in the Canadian public sector finds itself...
 
As Canada’s government agencies strive to improve delivery and efficiency under...
 
While Canadians grapple with the meaning of the Trump presidency and...
 
In recent months, Canadians have borne witness to a new cycle...
 
In 2015, the Department of Innovation, Science and Economic Development (ISED)...
 
The year 2016 saw two critical words circling the halls of...
 
The critical challenge facing the public service is changing its culture....
 
In this episode, hear from Carl Hammersburg, Manager, Government and Healthcare...
 
As understanding of social behaviour increases through intensified research, many government...
 
Sustainable Development Goals (SDGs) are part of the new global “Agenda...
 
The Trudeau government was swept into office, in part, by promising...
 
An Interview with Larry Ostola, Toronto’s Director of Museums and Heritage...
 
From a policy perspective, it is a challenge to predict how...
 
The arrival of President Trump in the White House marks a...
 
In the first year of Prime Minister Justin Trudeau’s term in...
 
For all its subtleties and mysteries, the Westminster system of government...
 
While the incoming administration of President-elect Donald Trump is being buffeted...
 
Mental health problems are increasingly recognized today. By some calculations, one...
 
Faithful readers will remember that the cover story on last month’s...
 
Rehabilitating the West Block in considered the most complex restoration project...
 
Defending his government’s use of targets to drive UK public-sector reform...
 
In the world that we are living in today, free and...
 
Earlier this year the Ontario Ministry of Health announced that it...
 
While government watchers tend to concentrate on the big policy issues,...
 
The RCMP adopted a new media strategy earlier this month by...
 
Several factors are driving an increased interest in horizontal assurance in...
 
There is already a surging literature on the application of design...
 
In 2001, the OECD published The Hidden Threat to E-Government. The...
 
At the end of August, when most Canadians were enjoying their...
 
The Conference Board of Canada recently published a report titled Leveraging...
 
The Government of Canada’s newly announced Policy on Results replaces the...
 
While internal auditing has been considerably strengthened in most jurisdictions in...
 
The results-driven work ethics of Michael Barber, a top British political...
 
As team Trudeau would tell it, this past summer saw spirited...
 
The Trudeau Government has been off and running for almost one...
 
Cyber-attacks threaten Canadian individuals and companies every minute of every hour....
 
Today’s transformative movement towards a more digital and connected government is...
 
Deliverology is fast becoming a buzzword in the Canadian government scene....
 
For several months now, the Liberal government ministers have been using...
 
Ontario’s provincial government needs to act fast in building a coordinated...
 
The bootleg fentanyl overdose crisis that is sweeping across Western provinces...
 
Terrorism operates with deadly regularity. In June 2016, a gunman who...
 
It’s a common notion that young workers born in the mid-1990s...
 
BC Hydro said it is pushing through with it $9-billion, hydroelectric megaproject on...
 
Canadian doctors were told that climate change impacts human health and...
 
Even as talks between the government and federal workers affected problems...
 
At last the the nostalgic fun of the CNE decends upon...
 
Just as the federal government has begun consultations on cyber security,...
 
The association representing more than 42,000 physicians and medical students in...
 
Contrary to the stereotype of eagerness and politesse, the second Bold...
 
Yesterday, Federal and Atlantic Provincial Ministers of the environment met to...
 
Following three months of little change in the employment numbers, Statistics...
 
Regardless of whether you are an elected official, a public servant,...
 
Ottawa has overhauled the process by which justices are picked for...
 
July 27 was pay day some federal public workers that finally...
 
A recent report suggests several strategies how governments and the private...
 
After writing the book “Megatrends: The Impact of Infrastructure on Ontario’s...
 
Though many of Canada’s immigrants have above-average education, they often find...
 
Fred Vettese, Morneau Shepell’s Chief Actuary, has released a report titled...
 
The Phoenix payroll systems long-running technical glitches which have plagued public...
 
The local electric vehicle industry just got a boost from Ontario...
 
Signaling a realignment of Canada’s involvement with NATO, Prime Minister Justin...
 
The fact that Shared Services Canada (SSC) has struggled mightily under...
 
Prime Minister Justin Trudeau today announced the deployment of Canadian troops,...
 
The union representing Canadian postal workers has rejected a proposal from...
 
A small but rapidly growing number of businesses have started hiring...
 
The possibility of mail delivery disruption on Friday this week loomed...
 
The Senate committee looking into Canada’s Syrian refugee program wants the...
 
United States President Barack Obama, speaking before Parliament last night, urged...
 
Prime Minister Justin Trudeau said making it easier for goods and...
 
Canada Post today warned the public about the potential for a...
 
Even as British stocks took a plunge and the pound sterling...
 
Yes, according to the former head of the Canadian Security Intelligence...
 
Early this morning, Philippine police confirmed that the severed head found...
 
Computer software company Adobe, has migrated more than 11 million pages...
 
The recent retirement of seven federal deputy ministers (DMs) reminds us...
 
The Public Health Agency of Canada has long been aware of...
 
On June 7, over 40 senior executives from within the public...
 
All’s fair in love and war JOHN LILY (1578): EUPHUES: THE...
 
Whether it is convincing companies to build R&D centres, factories, or...
 
The fact that Shared Services Canada (SSC) has struggled mightily under...
 
The government has to move quickly in replacing its fleet of...
 
As much a 20 per cent of grade seven students in...
 
The Liberal government is taking steps to rein in the National...
 
Canada is severely in need of a maritime vessel that can...
 
The actions and decisions of public servants have consequences for the...
 
A Quebec superior court judge facing allegations that he helped commit...
 
He is often referred to as the federal government’s first “chief...
 
We often read news articles about rampant drug addiction and suicide...
 
Upon receiving numerous complaints regarding add-on fees that turn making economy...
 
Public sector design thinking has evolved from obscurity to something of...
 
The procurement group within the Government of Canada is undergoing a...
 
Government agencies, international businesses, as well as, European organizations that comply...
 
Canada, today, became a full supporter of the United Nations Declaration...
 
People caught a glimpse of the work of partisan advisers in...
 
Officials and first responders battling the raging wildfires in Fort McMurray...
 
Veterans Affairs Canada is not adequately managing the drug component of...
 
Whether responding to emergencies back home or assisting regular troops abroad,...
 
The Trudeau government is now six months into its mandate and...
 
Some public servants will have to request their departments for emergency...
 
The Royal Canadian Mounted Police (RCMP) is poised to launch an...
 
The murder of a Canadian citizen abroad and the uncertainty of...
 
Canada’s largest organization advocating for retirees from federal, police and military...
 
The government is spending $3.5 million to improve an existing immunization...
 
It almost goes without saying that good governance requires fair and...
 
The adoption last year by the Canada Border Services Agency of...
 
A research project at that explores the design and feasibility of...
 
One of the most important powers at the disposal of Canadian...
 
Two years ago, Bixi, a not-for-profit, para-municipal bicycle-share firm of the...
 
A landmark Supreme Court ruling has paved the way for some...
 
One of Canada’s largest integrated oil companies said it is not...
 
Following the various mandate letters from the Trudeau Administration, the Minister...
 
Conservation efforts in the Canadian Arctic will be obstructed and sensitive...
 
The Canadian Radio-television and Telecommunications Commission (CRTC) today begins a public...
 
Local job figures blew away expectations as records indicated that 41,000...
 
In dealing with the impact on the sharing economy on transportation,...
 
In this episode, Richard talks with Alex Willner, Assistant Professor from...
 
The melting Arctic ice caused by climate change is opening up...
 
At least one prime minister has resigned, another in under fire,...
 
Associates of Russian President Vladimir Putin, the king of Saudi Arabia,...
 
Now more than ever, organizations in both the public and private...
 
Things just get curiouser and curiouser. Lewis Carroll (1865): ’s Adventures...
 
Laid off workers in Canada will soon get some relief with...
 
The Federal Bureau of Investigation announced that it has managed to...
 
The Prime Minister is now well into the consolidation phase of...
 
It is no secret that evaluation reports in the federal public...
 
  The pressure is always on to make government services to...
 
The Department of Innovation, Science and Economic Development (ISED) Lab is...
 
The Liberal government’s first federal budget laid out $11.9 billion over...
 
Eight years ago, the always prolific University of Chicago Law School...
 
Canadians expect their public services to be delivered in a way...
 
The Liberal government is expected to announce on Tuesday a new...
 
The Trudeau Liberal platform of instituting “delivery” capabilities has garnered considerable...
 
The ambitious immigration plan of the Liberal government promises to zero...
 
Nearly half of Canadian organizations are falling behind on implementation of...
 
If the purpose of the Government of Canada’s performance measurement system...
 
The Ontario government and telecom gear maker Huawei Canada yesterday announced...
 
The facility of a top-secret military communications group in Borden, Ontario...
 
Q: Where is Comptrollership going? Comptrollership in the Government of Canada...
 
Following days of stalled negotiations and with the clock ticking on...
 
Last year, the Canada Revenue Agency rolled out a pilot program...
 
Monday was the final day for Canadians to donate money to...
 
A controversial investment protection clause in the Canada-European Union trade deal...
 
When the Liberals announce their first ever budget on March 22...
 
Prime Minister Trudeau is off on one of the most intense...
 
With the inexorable expansion of internet, and the advent of highly...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
Canadian Government Executive, in collaboration with Dalhousie University, is seeking your...