Re: AW: Content blocking - Singapore seems to manage??

[Tommy Ward <tommy () securify com>]

At 08:52 PM 6/21/99 +0200, Kunz, Peter wrote:
> >      ..snip.. 
>       [Kunz, Peter]  What are the legal implications of this in the US or
> elsewhere? In EUrope, you'd probably have a hard time as HR going to the
> Admin to look at logs protected by data protection laws.

> >   ..snip again ..
>       [Kunz, Peter]  Another interesting point: Hopw do you get authority
> to scan local machines? Disclaimer upon employment taht everythign is
> company owned?

Yes, in the US, the generally accepted policy is that any information
which resides on the company's machines belongs to the company. What
this implies is that use of those machines amounts to consent to
monitoring.

Since it is much better for everyone concerned that the assumptions are
expliticly stated, I usually recommend that this be defined in security policy 
as well as employee handbooks (often signed as part of hiring orientation).

At least everyone should be aware of what the company position is.  Along
with this policy, the acceptable use statements should remind people that
although they may use company systems for personal use (some very
strict organizations state that this is not allowed, but this is usually
inconsistent with actual practice) they should refrain from saying or
doing anything on these systems which if disclosed would prove
embarrassing.

...Tommy

*********************************************************************
Tommy Ward                        Senior Security Consultant
tommy () securify com                    (650) 812-9400 x120

   The Kroll-O'Gara Company, Information Security Group
*********************************************************************