While companies provide certain rights to information technology and other employees to access specified categories of data, they may not be aware that those workers often exceed those rights.
According to a recent survey of IT professionals by Cyber-Ark Software, one-third of respondents admitted that they go beyond their rights and they access data relating to such matters as salary details, merger and acquisition plans, personal emails of others, board meeting minutes, or additional categories of confidential information.
Indeed, a whopping 47 percent of respondents conceded that they have accessed information that is not related to their employment roles.
Why is this happening? Of course, curiosity is at play. But curiosity only can be acted upon if proper safeguards are not in place.
Obviously, password rights are being provided, but unfortunately, at some companies those passwords currently seem to afford an array of data access beyond the scope of the role of designated employees. Moreover, passwords need to be changed on a more frequent basis.
The survey surprisingly indicates that passwords having to do with access to confidential information actually are changed less often than user passwords. And while only 30 percent of confidentiality passwords get changed every quarter, nine percent NEVER get changed. This is not good news. On top of all of this, the survey results show that approximately 70 percent of companies depend on outdated and insecure methods for sensitive data exchanges with business partners.
Sensitive and confidential data may be like oxygen - only truly valued when it is gone. But then it is too late. Companies now should do their best to develop practices and methods that allow access to confidential information only to those with a need-to-know, and they should ensure that they exchange such information only when necessary and with protections in place. Companies should consider technological as well as legal measures, with the help of skilled counsel, to best position themselves.
Biography
Eric Sinrod is a partner in the San Francisco office of Duane Morris. His focus includes information technology and intellectual property disputes. To receive his weekly columns, send an e-mail to with the word "Subscribe" in the subject line.
Disclaimer: This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.
Reprinted with permission of Findlaw.com