Originally published at: https://boingboing.net/2018/05/03/private-sector-loveint.html
…
5 Likes
6 Likes
Not a whole lot of difference between employee and employer though, eh?
Still, you’re going to have many abuses at almost any organization that handles a lot of data. Hospitals and police departments, to name a couple. Not that it’s okay, but yeah, it exists in a big and harmful way.
5 Likes
Those who are trusted with the power of information should be under the closest scrutiny and are usually under the least.
7 Likes
Sigh. The worst part about this is that FB could have taken a page from healthcare electronic medical record access control. It’s nothing new for people in privileged positions to snoop, and you pretty much have to assume by default that no user should have unfettered access, and that every step has to be logged and any and all variances tagged, flagged, and manually reviewed by an independent department, not to mention that any use of those escalated privileges should require at least a quick 1-line note to explain what you were doing and why.
This kind of data breach shouldn’t be allowed to be kept quiet, though - letting them keep it under wraps is basically ensuring that they won’t take steps to fix the problem. In healthcare we have all kinds of reporting requirements for data breaches, which definitely includes unauthorized access.
If nothing else, it’s clearly a CFAA violation, though - does an NDA even cover hiding illegal activity? I’m pretty sure it doesn’t…
1 Like
It’s very difficult to model moral and ethical behaviour to your employees when you yourself lack any sense of morals or ethics:
1 Like
Now I understand where they got this bright idea…
It’s a shame that regulations and oversight are taking such a hit in this era. Even when companies are exposed for this, there’s no real punishment. I’ve worked for very security-conscious firms in the finance/banking industry. Multiple times per year we had training and exams to certify that we knew and understood privacy policies, rules, and regulations.
However, there was no way for most employees to know if there were problems, or if they were widespread. Customer service and IT employees used tightly controlled company equipment, so it would not be difficult to catch snoops. While this situation is creepy, someone going through financial records without authorization would lead to criminal action and/or a lawsuit.
1 Like
This topic was automatically closed after 5 days. New replies are no longer allowed.
