Effective Employee Monitoring Mike Gillespie – MD Advent IM Ltd
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Effective Employee MonitoringMike Gillespie – MD Advent IM Ltd
Agenda
• Thinking about monitoring employees?• Monitoring or Snooping?• Monitoring, The Data Protection Act (1998) and the ICO• Managing resulting data• CIA• Summary and Questions
h o l i s t i c s e c u r i t y
Thinking of monitoring employees?
Data Protection
h o l i s t i c s e c u r i t y
Monitoring or Snooping?
Employee monitoring
policy
•Blanket employee coverage - not issue led•Covert – employees unaware•No policy or no education in place•Lack of DPA compliance
•Clear, achievable and targeted objective•Employees aware, educated and accepting•Clear compliance with DPA for resultant data..we’ll come onto this later.
h o l i s t i c s e c u r i t y
Monitoring, DPA and the ICO
• Why you are monitoring•What the process is•What you are monitoring – systems, applications, hardware etc•When you will be monitoring•Who will be responsible for monitoring•Who will have access to the data generated by the monitoring•How that resulting data will be held, managed and eventually destroyed
Without consistent and effective rules and policies, culture will take over until policy becomes whatever culture dictates.
h o l i s t i c s e c u r i t y
Managing resulting data creation
IT Dept
h o l i s t i c s e c u r i t y
CIA (not what you think...)
integrity
Availability
confidentiality
h o l i s t i c s e c u r i t y
CIA (not what you think...)
confidentiality
Assurance that information is shared only among authorised persons or organisations. Breaches of Confidentiality can occur when data is not handled in a manner adequate to safeguard the confidentiality of the information concerned. Such disclosure can take place by word of mouth, by printing, copying, e-mailing or creating documents and other data etc. The classification of the information should determine is confidentiality and hence the appropriate safeguards.
h o l i s t i c s e c u r i t y
CIA (not what you think...)
integrity
Assurance that the information is authentic and complete. Ensuring that information can be relied upon to be sufficiently accurate for its purpose. The term Integrity is used frequently when considering Information Security as it is represents one of the primary indicators of security (or lack of it). The integrity of data is not only whether the data is 'correct', but whether it can be trusted and relied upon. For example, making copies (say by e-mailing a file) of a sensitive document, threatens both confidentiality and the integrity of the information. Why? Because, by making one or more copies, the data is then at risk of change or modification.
h o l i s t i c s e c u r i t y
CIA (not what you think...)
availability Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them.
h o l i s t i c s e c u r i t y
HR Dept
Managing resulting data creation
h o l i s t i c s e c u r i t y
Information Commissioners Office Guidance
Section 5 of the ‘Quick guide to the employment practices code’ covers employee monitoring and can be accessed from the ‘For Organisations’ section of the ICO website www.ico.gov.uk
h o l i s t i c s e c u r i t y
Summary
h o l i s t i c s e c u r i t y
• Use the ICO Guidance • Have firm, clear objectives and targets• Be open and consistent• Ensure resultant data is managed in line
with the Data Protection Act (1998)
Questions
h o l i s t i c s e c u r i t y
Related Documents
