Security

IT Pros: How to Avoid Lurking Legal 'Gotchas'

In the United States, the general rule is that employees are not entitled to privacy for emails accessed through email systems provided by the employer. On June 17, the U.S. Supreme Court voted 9-0 that employees should likewise not expect any privacy for text messages accessed using employer-provided equipment. However, employees can expect their emails and text messages to remain private if accessed only on their personal equipment. An employee using a personal iPhone or PC for work email could expect personal emails on that device to be private but not emails accessed from the corporate email system; many courts have ruled in the United States that the use of corporate email systems mean that the employee should expect no privacy.

Another area in which you should be careful: You should not access confidential information for personal use. That sounds obvious, but some courts may think that reviewing confidential information is not an innocent activity and assume there's an intent for personal use. You should have a specific business reason to review such information. On the other hand, one federal appeals court overturned the conviction of an IRS employee for reviewing taxpayer information inappropriately because that employee did not actually use the information.

Pornography use
In the United States, possession of child pornography is a crime, and there are no ifs, ands, or buts for this issue. If you find child pornography on computers at work, you could also be guilty of a crime if you do not turn in the person possessing the child pornography. This fact puts a big burden on each IT professional to be vigilant for child pornography. But note that the U.S. Supreme Court decided that an animated video featuring cartoon characters of kids was not child pornography because there were only computer-generated characters.

Adult pornography is a different matter: It is not automatically a crime to possess adult porn in the United States, and it is not a crime at all in many countries. In the United States, the tricky part about porn is the concept of community standards, which leaves the decision to each locality as to what is pornographic. That can make it hard to have a standard across multiple locations, and even in one location, it requires IT pros to have a sense of what is acceptable or not to the community (the employees, for example) as opposed to what is personally acceptable. Ultimately, the company's policies should determine the standard, not individual IT pros, and IT pros should know what those policies are.

The body that governs website domain names, the International Corporation for Assigned Names and Numbers, recently adopted an .xxx top-level domain for porn sites, which should make tracking behavior of this sort much easier.

Copyright and source code violations
Most everyone is aware that the "software police" (from the Business Software Alliance and the Software and Information Industry Association) routinely bring claims against companies that make illegal copies of software and thus violate the U.S. Copyright Act. IT pros can be personally liable for making illegal copies because the person making the copy is technically the infringer. For the most part, the "software police" present infringement claims to employers, but if the dispute is not resolved and litigation ensues, the individual IT pro who made illegal copies may have personal liability.

Subscribe to the Security Watch Newsletter

Comments