Peeking into an employee’s Web mail accessed on a company computer during work hours can be illegal–at least in New Jersey, according to that state’s Supreme Court. In a 7-0 decision, the judicial panel upheld a lower court ruling that sanctioned a company for collecting email messages between an employee and her attorney stored on the employee’s company computer.

“Finding that the policies undergirding the attorney-client privilege substantially outweigh the employer’s interest in enforcement of its unilaterally imposed regulation, we reject the employer’s claimed right to rummage through and retain the employee’s emails to her attorney,” the appellate court ruled in its decision upheld by the state’s high court.

The case involved Marina Stengart, the former executive director of nursing at Loving Care, a home health care provider located in Bergen county. After resigning from Loving Care, she filed a discrimination lawsuit against the company.

Loving Care issued Stengart a notebook computer when she worked for the company. She had a work email account, as well as personal Yahoo! mail account. Prior to resigning, she used the Yahoo! account to communicate with her attorney about her potential lawsuit. The Yahoo! emails were stored on her company computer.

Continue reading Peeking into employee’s email can be no-no

President Obama’s new cyberspace strategy announced this week is a far-reaching document, the effects of which have yet to be sorted out. Needless to say though, such a strategy is inevitable on the Federal level and absolutely necessary—we just still need to see where this is taking us.

There are the inevitable concerns over privacy, and paranoia about whether government is going to control our email and our Facebook pages. But, as any good security admin knows, a bit of paranoia goes a long way, and actually makes up about 40 percent of any security policy. And this is as it should be.

In the Cyberspace Policy document itself, there’s an odd bit that’s a little ill-defined, and could conceivably go anywhere. Specifically, it states as a goal to “build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.” That privacy and civil liberties have been mentioned in this passage is encouraging, but what are they talking about when they refer to an “identity management vision?” One of the slightly more paranoid points of view here speculates that it means the creation of a government system to track everybody’s identities online. Again, paranoia is good, and without it, we would have no security at all, but this may be a bit of a stretch. Still, it’s on everybody’s mind from the get-go. An article on Silicon.com quoted the President saying, “Our pursuit of cyber security will not include monitoring private sector networks or internet traffic.”

Any so-called “identity management vision and strategy” may well involve the creation of yet another compliance issue which could be immense, convoluted, and expensive to comply with, but at this point all we can do is wait it out and see what the President has in mind for this.