Company IT Policy - Urgent
Discussion
I am currently in a fight withmy IT support department, and i am currently arguing about the current IT policy and how this policy has been broken continuously by the IT Team, to such an extect my department now classify this policy as Void.
What are the rights of the employees when it comes down to the IT section Reseting passwords to gain access to a users email account, No suspicious activity has happened. But a member of staff has recently recieved a written warning for breaking the policy from the IT service manager for a trivial offence to be honest. And I am not happy being the IT Manager for the office that this has happened. Now my team have stuck up for him including me.
But i am trying to get this off his record, We have logged many calls with IT regarding mail migration from Novell to Exchange. This has led to an influx of requests fromthe IT team for us to provide Usernames and passwords so to gain access to our accounts. Some of us are not willing to do this as some are director level, and are concerned aout confidentiality. What are the Privacy laws that prevent the IT team from reseting our password and logging in as us? Either giving them access to our account or them reseting the account is a breach of the IT policy. But are there any privacy laws in place to prevent them accessing our emails and hence stop them from reseting our passwords?
Sorry for the long post but i have a member of staff threatening to leave and would like to keep him as a member of the team.
Advice Appreciated.
What are the rights of the employees when it comes down to the IT section Reseting passwords to gain access to a users email account, No suspicious activity has happened. But a member of staff has recently recieved a written warning for breaking the policy from the IT service manager for a trivial offence to be honest. And I am not happy being the IT Manager for the office that this has happened. Now my team have stuck up for him including me.
But i am trying to get this off his record, We have logged many calls with IT regarding mail migration from Novell to Exchange. This has led to an influx of requests fromthe IT team for us to provide Usernames and passwords so to gain access to our accounts. Some of us are not willing to do this as some are director level, and are concerned aout confidentiality. What are the Privacy laws that prevent the IT team from reseting our password and logging in as us? Either giving them access to our account or them reseting the account is a breach of the IT policy. But are there any privacy laws in place to prevent them accessing our emails and hence stop them from reseting our passwords?
Sorry for the long post but i have a member of staff threatening to leave and would like to keep him as a member of the team.
Advice Appreciated.
TonyToniTone said:
What directory are you using NDS or AD?
They are currently moving from Novell to Microsoft if i have interpreted that correctly. But the passwords for this processa re not an issue this is purely down to access to email account profiles.
Edited by stevieb on Wednesday 1st November 14:12
Podie said:
I'm systems admin, and we're not allowed to even ask users for passwords - they have to be present. the audit dept keep an eye on us too (quite rightly IMO).
If a user needs a password retrieved a written authorisation has to be sought from their manager, before we can action anything - even then, only a few people have the rights to do this (division of duties).
If a user needs a password retrieved a written authorisation has to be sought from their manager, before we can action anything - even then, only a few people have the rights to do this (division of duties).
Thanks for that Podie. Its the sort of thing i want to here. But is this covered in the DPA or Human Rights Act?
I am formulating a document detailsing the IT departments violations of this policy (1st Line IT Support) which are to be presented at the Director meeting tomorrow.
I am looking at the DPA and found some guidance which states
"The employer should not intrude on the privacy of the employee" - this is from a third party site and not fromt he official DPA, is this a correct statement?
Thanks
Steve
Edited by stevieb on Wednesday 1st November 14:27
jimothy said:
IIRC - its company hardware, company software and you have no privacy rights whatsoever. They can monitor everything, read all your emails, check your browser history, change passwords, the lot.
Probably not what you want to hear.
Probably not what you want to hear.
If that was the case i would not agree tot he IT policy, there needs to be some mechanism to protect my privacy as an employee.
FunkyGibbon said:
Podie said:
I'm systems admin, and we're not allowed to even ask users for passwords - they have to be present. the audit dept keep an eye on us too (quite rightly IMO).
If a user needs a password retrieved a written authorisation has to be sought from their manager, before we can action anything - even then, only a few people have the rights to do this (division of duties).
If a user needs a password retrieved a written authorisation has to be sought from their manager, before we can action anything - even then, only a few people have the rights to do this (division of duties).
It's similar here - only person who can get official access to someone else's account is their line manager and that needs countersigning by HR to confirm it is a reasonable request.
We have had IT sys admins who have been nosey and indiscreet - they are no longer with us.
As to whether DPA rules cover this I don't know. Our contract refer to a email usage document that states:
"Email is a very insecure form of communication, which is easily opened and read by people other than the intended recipient, and/or forwarded to others. You should only put information in an email that you would put on a postcard. This means that confidential information about you, your staff, or anyone else should not be transmitted by email."
whether this is allowed in law to supersede your DPA rights I don't know.
Seems that IT policy is identical word for word for the company i work for, i hope it was from a standard usage template brought from a legal stationers!
FunkyGibbon said:
stevieb said:
Seems that IT policy is identical word for word for the company i work for, i hope it was from a standard usage template brought from a legal stationers!
Don't work for a charity in Cambridge do you?
(erm, cough, I am posting this from home if we do appear to work for the same company
)No i am stuck in a small cottage office in surrey over loking some woodland with dears at the moment!!!
Hello ny local IT people if you are monitoring this! it is work related...
Don said:
You might not agree to it. This is, however, the legal situation. There is no legal defence - never use Company e-mail for any purposes other than what you are happy for the Company to read. Use a web-based e-mail account elsewhere for other stuff.
A Company can, of course, set any policy it likes. So your Company could adopt a situation like puggits. But it doesn't have to. That's the bottom line.
I am Director. In my firm Corporate e-mail may be used personally. But is NOT private.
Don,
I see whatyou are saying but this is a very grey area and to be honest i couldnt really give a toss if they erad my emails or not really. But the Government produced the Lawful Business Practice Legislation that clarified what leeway companies have to monitor staff. which in summary - The business practice regulations give companies permission to listen to employee phone calls and open personal e-mails to help them comply with regulatory demands, stop computer viruses spreading, covering for key staff who are on holiday or to protect the reputation of the company.
This does not give them the right to full access to the email account etc, and in a way our HR department have now caught wind of this and are concerned of action from a tribunal! As it is not clear legally which party is right or wrong and are trying to mediate the conflict. We have recieved confirmation that the employee was not under investigation for any activity.
So we are stickingup for each other throgh this as we do not want this to take presedence of what IT can and Cannot do.
These view are my own views and are not related to the company which i am employed, i take resposibilty for any actions as a result of my posting on this forum.
Edited by stevieb on Wednesday 1st November 15:55
Thanks for the Advice,
I have been reading the IT policy over night to digest all of it 50 pages in all!!! I/we do not have a problem assisting in the senior IT people monitoring our emails that part of it. But what we object to is now that we are migrated to AD, that we have to call our IT service desk to change passwords, when anything os wrong on our system (LoginScript/Email acount etc) we have to provide our username and password for them to fix the problem.
I/we do not want to be held accountable for any emails sent/recieved if we do not have complete indipendence to change our login passwords.
Thanks for the advice so far. The saga continues
I have been reading the IT policy over night to digest all of it 50 pages in all!!! I/we do not have a problem assisting in the senior IT people monitoring our emails that part of it. But what we object to is now that we are migrated to AD, that we have to call our IT service desk to change passwords, when anything os wrong on our system (LoginScript/Email acount etc) we have to provide our username and password for them to fix the problem.
I/we do not want to be held accountable for any emails sent/recieved if we do not have complete indipendence to change our login passwords.
Thanks for the advice so far. The saga continues
ATG said:
stevieb said:
I/we do not want to be held accountable for any emails sent/recieved if we do not have complete indipendence to change our login passwords.
Just to be absolutely clear, are you saying you can't change your own passwords without involving your IT support and telling them what you want the new password to be?Correct which why a lot of us are getting abit jittery over access to email accounts etc, as I have taken responibilty recently for 5 company directors which has raised these concerns more.
guydw said:
I'd get together with the IT manager and senior management and get a solution to this.
I am the IT manager for the section, taken over from someone else for many reason.
I have opened up a communications with the overall IT manager for my division but he is completely unsure of what the score is at the IT department are currenlty in meltdown.
ATG thanks for the advice.
I wish i could provide solutions to some of th problems, but with the comapny being on both NDS and AD, i can not provide and ideas or possibles ways to resolve the NDS problems. i know my round AD & Exchange reasonably well.
Above all this is far from my day job, i am not a IT expert by profession no more i got out 3 years ago. But i was put forward because of my IT contracting experience to resolve the ongoing issues within the section. wish i never took the role on now.
I wish i could provide solutions to some of th problems, but with the comapny being on both NDS and AD, i can not provide and ideas or possibles ways to resolve the NDS problems. i know my round AD & Exchange reasonably well.
Above all this is far from my day job, i am not a IT expert by profession no more i got out 3 years ago. But i was put forward because of my IT contracting experience to resolve the ongoing issues within the section. wish i never took the role on now.
Seem like things are starting to get resolved.
I have been invited to join the IT stratergy Team to draft the IT requirements for the next 3, 5, 10 years. based up on the companies growth. Which is a small success in itself.
Further to this the IT policy ios still inforce as is, but i am have been included in the process of getting the policy updated which is a big success.
Thanks for the help
I have been invited to join the IT stratergy Team to draft the IT requirements for the next 3, 5, 10 years. based up on the companies growth. Which is a small success in itself.
Further to this the IT policy ios still inforce as is, but i am have been included in the process of getting the policy updated which is a big success.
Thanks for the help
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff