Educause Security Discussion mailing list archives
Re: Confidentiality agreements and IT staff
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 29 Mar 2012 09:43:19 -0400
On Thu, 29 Mar 2012 09:18:08 -0400, David Seidl said:
We've had one in place for new hires for years, and our business staff has asked if we can dispense with it as a general requirement for all IT staff I've done a bit of review, and can't find a direct requirement to point to for people who don't have direct compliance related assignments.
Why do it for all IT staff? Because otherwise you get one of these 2 things happen: "Can you fix my printer problem?" "Umm, sorry, no. You're one of those direct compliance types and I didn't do the compliance paperwork when I hired on. You';ll have to wait for Steve to get back from vacation in Hong Kong." "Can you fix my printer problem?" "Sure". (IT person who hasn't signed confidentiality paperwork and hasn't done any training on same then sees data while fixing the printer problem, discloses it, and leaves your department holding the bag). Neither one is pretty. It's easier to just make sure up front that every IT staff has had appropriate training and signed the paperword, just in case it comes up. That help?
Attachment:
_bin
Description:
Current thread:
- Confidentiality agreements and IT staff David Seidl (Mar 29)
- Re: Confidentiality agreements and IT staff Valdis Kletnieks (Mar 29)
- Re: Confidentiality agreements and IT staff Bob Bayn (Mar 29)
- Re: Confidentiality agreements and IT staff Dennis Tracz (Mar 29)
- Re: Confidentiality agreements and IT staff Brian Helman (Mar 29)
- Re: Confidentiality agreements and IT staff Dennis Tracz (Mar 29)
- Re: Confidentiality agreements and IT staff Brian Helman (Mar 29)
- Re: Confidentiality agreements and IT staff Dennis Tracz (Mar 29)
- Re: Confidentiality agreements and IT staff David Seidl (Mar 30)