Duane Morris Home
Search Site | Languages | Site Map | Alumni | Careers | Contact Us | Watch Duane Morris Video Listen to Duane Morris Podcasts, Webcasts and Audio Connect with Duane Morris LLP on LinkedIn Follow Duane Morris LLP on Facebook Follow Duane Morris LLP on Twitter Subscribe to RSS feed
  • About Duane Morris  ∨
    • Annual Report
    • Firm Rankings and Statistics
    • Past and Present
    • Firm Accolades and Honors
    • Attorney Accolades and Honors
    • Diversity and Inclusion
    • Women's Initiative
    • Pro Bono
  • Practices and Industries  ∨
    • Expanded Service Area Listing
  • People
  • Offices
  • Annual Report
  • News, Pubs and Multimedia  ∨
    • Alerts and Updates
    • Bylined Articles
    • In the News
    • Press Releases
    • For the Press
    • Video
    • Podcasts
    • Blogs
  • Events
  • Affiliates

By-Lined Articles
Events
For the Press

Home > Publications > By-Lined Articles

SHARE: Email this page Print This

By-Lined Article

Internal IT Corporate Snooping

By Eric J. Sinrod
July 2, 2008
Findlaw.com

While companies provide certain rights to information technology and other employees to access specified categories of data, they may not be aware that those workers often exceed those rights.

According to a recent survey of IT professionals by Cyber-Ark Software, one-third of respondents admitted that they go beyond their rights and they access data relating to such matters as salary details, merger and acquisition plans, personal emails of others, board meeting minutes, or additional categories of confidential information.

Indeed, a whopping 47 percent of respondents conceded that they have accessed information that is not related to their employment roles.

Why is this happening? Of course, curiosity is at play. But curiosity only can be acted upon if proper safeguards are not in place.

Obviously, password rights are being provided, but unfortunately, at some companies those passwords currently seem to afford an array of data access beyond the scope of the role of designated employees. Moreover, passwords need to be changed on a more frequent basis.

The survey surprisingly indicates that passwords having to do with access to confidential information actually are changed less often than user passwords. And while only 30 percent of confidentiality passwords get changed every quarter, nine percent NEVER get changed. This is not good news. On top of all of this, the survey results show that approximately 70 percent of companies depend on outdated and insecure methods for sensitive data exchanges with business partners.

Sensitive and confidential data may be like oxygen - only truly valued when it is gone. But then it is too late. Companies now should do their best to develop practices and methods that allow access to confidential information only to those with a need-to-know, and they should ensure that they exchange such information only when necessary and with protections in place. Companies should consider technological as well as legal measures, with the help of skilled counsel, to best position themselves.

Biography

Eric Sinrod is a partner in the San Francisco office of Duane Morris. His focus includes information technology and intellectual property disputes. To receive his weekly columns, send an e-mail to with the word "Subscribe" in the subject line.

Disclaimer: This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

Reprinted with permission of Findlaw.com

 

Duane Morris LLP & Affiliates. © 1998-2013 Duane Morris LLP. Duane Morris is registered service mark of Duane Morris LLP. Disclaimer | Privacy | Attorney Advertising
Other Languages: Chinese • Deutsch • Español • Français • Português