Not a Legal Professional? Visit our consumer site
Register/Login
Search
  • Cases & Codes
  • Practice Management
  • Jobs & Careers
  • Legal News
  • Blogs
  • Service Providers
  • Forms
  • Law Technology
  • Lawyer Marketing
  • Corporate Counsel
  • Law Students
  • Thomson Legal Record
  • JusticeMail
  • Newsletters

Internal IT Corporate Snooping

FindLaw

By Eric Sinrod

While companies provide certain rights to information technology and other employees to access specified categories of data, they may not be aware that those workers often exceed those rights.

According to a recent survey of IT professionals by Cyber-Ark Software, one-third of respondents admitted that they go beyond their rights and they access data relating to such matters as salary details, merger and acquisition plans, personal emails of others, board meeting minutes, or additional categories of confidential information.

Indeed, a whopping 47 percent of respondents conceded that they have accessed information that is not related to their employment roles.

Why is this happening? Of course, curiosity is at play. But curiosity only can be acted upon if proper safeguards are not in place.

Obviously, password rights are being provided, but unfortunately, at some companies those passwords currently seem to afford an array of data access beyond the scope of the role of designated employees. Moreover, passwords need to be changed on a more frequent basis.

The survey surprisingly indicates that passwords having to do with access to confidential information actually are changed less often than user passwords. And while only 30 percent of confidentiality passwords get changed every quarter, nine percent NEVER get changed. This is not good news. On top of all of this, the survey results show that approximately 70 percent of companies depend on outdated and insecure methods for sensitive data exchanges with business partners.

Sensitive and confidential data may be like oxygen - only truly valued when it is gone. But then it is too late. Companies now should do their best to develop practices and methods that allow access to confidential information only to those with a need-to-know, and they should ensure that they exchange such information only when necessary and with protections in place. Companies should consider technological as well as legal measures, with the help of skilled counsel, to best position themselves.

Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP (http://www.duanemorris.com) where he focuses on litigation matters of various types, including information technology and intellectual property disputes.  His Web site is http://www.sinrodlaw.com and he can be reached at ejsinrod@duanemorris.com.  To receive a weekly email link to Mr. Sinrod's columns, please send an email to him with Subscribe in the Subject line.

This column is prepared and published for informational purposes only and should not be construed as legal advice.  The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

Networking and Storage

© 2008 FindLaw

  • Research the law
  • Manage your practice
  • Manage your career
  • News and commentary
  • Get Legal Forms
  • About us
  • Cases & Codes / Opinion Summaries / Sample Business Contracts / Research an attorney or law firm
  • Law Technology / Law Practice Management / Law Firm Marketing Services / Corporate Counsel Center
  • Legal Career Job Search / Online CLE / Law Student Resources
  • Legal News Headlines / Law Commentary / Featured Documents / Newsletters / Blogs / RSS Feeds
  • Legal Forms for Your Practice
  • Company History / Media Relations / Contact Us / Advertising / Jobs
Copyright © 2009 FindLaw, a Thomson Reuters business. All rights reserved.