“The natural curiosity of employees to view the private records of political figures and celebrities is leading to people losing their jobs or being criminally convicted. Most of the these workplace incidents are not tied to identity theft or other bad intentions, they are simply employees taking advantage of access policy gaps at the companies they work for...”
First, let me dispense with the nits. There are no “gaps” in the policy. There may or may not be gaps in the enforcement of the policy, or the training and awareness programs designed to promulgate the policy, but if employees are “breaking privacy laws” it seems likely that they are probably in violation of company policy. I've read my share of fine print, and usually these things have words that convey the idea, “Don't break any laws”.
Cleary actually admits this when he states, “Employees... need to realize that unless there is a job-related reason for them to access these records, even sneaking a peek at them is a very bad idea.” Indeed. But Cleary's solution is not to treat employees like adults, or expect them to behave accordingly. His solution is to baby-proof the database: “The real problem here is not the natural curiosity of employees, but rather the poor controls for how user access is governed at these organizations.” It perhaps comes as no surprise that Mr. Cleary's company sells the cyber equivalent of the plastic gizmos parents put on kitchen cabinets to keep toddlers away from the Drano.
I've also raised my share of children, and seen them traverse Kohlberg's stages of moral development. Adults know they shouldn't look at Barack Obama's cell phone bill or Brittany Spear's medical record, even if they have access to it, if they have no legitimate reason for doing so. If their moral development is so paltry that they can't be expected to restrain their “natural curiosity” out of respect for ordinary social norms (let alone anything loftier) then they should be treated like the moral children they are: Warn them that if they misbehave, they will be spanked, and if they ignore the warning, spank them. And give them the constant reminders children need: When users log on to programs that give them access to private records, remind them that Peeping Toms get fired, and reinforce the reminders, perhaps whenever a user opens a record for the first time.
I'm all for sophisticated, fine-grained access controls, and Aveska's products may be wonderful – I don't pretend to know. But I do know that expecting technology to serve as a substitute for honorable (or at least self-interested) employees is unwise.
1 comments:
Great post - keep 'em coming!
Post a Comment