Confidentiality

[raindance]

Here's the background: all the computers in your company are networked, and everyone can access everyone else's folder (except a folders marked "Private" or those documents which are protected by password).  You're in a position of some responsibility - PA to The Big Cheese.  A colleague lets slip that he/she has managed to access privileged information, a list of everyone's salaries for example.  You're surprised they are naive enough to tell you, and disappointed that they feel it's necessary to pry into things, but how would you act?  Do you tell?  Do you tell your boss "in confidence"?

Thank you very much.

Raindance

[Katie G]

I'd go straight to the boss with this information.  It's a security breach and that's serious business.  I know my employer requires you to sign a document with all sorts of rules and regs about computer security and one of the lines is something to the effect that if you are aware of a security breach you are REQUIRED to report it.

It might make things ugly with your colleague, but it would be a whole lot uglier (I'm thinking legally) if it comes out that you knew about the breach and didn't report it.

[jak0215]

I agree with Did.  Every employee at my company - a health Ins. company (in the U.S. think HIPAA) has to sign a confidentiality agreement upon date of hire.  We are all atdifferent levels of involvement when it comes to privileged information, if there were a breach of ethics that I new about and didn't tell my supervisor/manager how would they ever be able to trust me again.  And trust is just the tip of the iceberg.  As Did said this could cause big problems if the situation ever progressed into legal action.  

jak

[gee4]

I wouldn't normally mention this as you then involve yourself.  However  as she now has possible access to YOUR salary also, then yes I might feel that she has breached YOUR personal details and not just the company's.

I am surprised that in this current climate someone would be so stupid as to say they came across this info!

G

[raindance]

Thanks for your replies.  Yes, I do know how this information was accessed!  It was not left lying around, but the files containing this information should, at the very least, have been password-protected.  

I am surprised that this person was so naive.  Long-term temp, leaving us soon and very young.  I'm the union rep here, as well as being Big Cheese's EA, so I hear a lot of things.  

It so happens that I brought up the subject of computer safety, so to speak, with Bossie a month or two ago, so I can perhaps link back to that.  

Thank you again.

Raindance

[gee4]

Well if she's only a temp I wouldn't worry as she is leaving soon.  However you might like to inform the agency who placed her as this may have an affect on the jobs that she could apply for later on.

G

[mlm668]

Like someone else said, folders marked private or confidential are going to draw the attention of someone who is naturally nosy.  

If you computers are networked is there a way you can set up different drives on the network and limit access to those drive?  We've done that here.  There is one drive that only  myself, the Controller, the Exec VP and President can access.  This was done after we realized that if our superintendents could dial in and access the common drive on the network, others could too.  

I'd definately mention this to your boss.  No telling what else this person has seen and if they are leaving you don't know who else she will tell.  Look into limited access via additional network drives and suggest that to your boss.  Not every department needs to access the same information so a drive could be set up for confidential info with limited access and another set up for common use.



Michelle

[gingertea]

I agree for all the reasons stated previously.  Run in to bossie's office right now --- this is not the same as being a tatle-tale, this is serious business.

[countrigal]

If she could breach the security, then you know some hacker or other devious-minded person could, so definitely say something.  That gives the company the opportunity to buck up the security, which sounds like it is needed.  And as you are aware of it, you are responsible for reporting it.  Just imagine how you'd feel if you didn't say anything and 2 months from now employees start having their identities stolen (or the like) all from someone from outside being able to access those confidential files with names and socials on it.

CountriGal
Peer Moderator

[jane10]

I agree with nearly everyone else and would say something.  We've just had something very similar where I work - two guys in IT were fired because confidential info was found to be on their PCs.  This was info that couldn't have got there by mistake and was a serious breach of security and confidentiality. They were 'marched' off the premises so these things need to be taken very seriously.   Good luck!

[jane10]

I agree with everyone else and feel you should say something.

We've just had something very similar where I work - two guys in IT were fired because their PCs were found to contain highly confidential information.  This was information that could not have got their by mistake and they were using this info for various means.  They were 'marched' off the premises immediately so this is a very serious matter.  Good luck!

[raindance]

Many thanks, everyone, for your replies.  

We have already disabled access to the folder where confidential financial information is stored.  I'm recommending tiered access to networked folders ie Big Cheese can access all folders, with other posts having access to only those folders they need to access.

Thank you again.

Raindance