Skip to main content
Find a Lawyer

Internal IT Corporate Snooping

This article was edited and reviewed by FindLaw Attorney Writers

| Last reviewed

This article has been written and reviewed for legal accuracy, clarity, and style by FindLaw’s team of legal writers and attorneys and in accordance with our editorial standards.

The last updated date refers to the last time this article was reviewed by FindLaw or one of our contributing authors. We make every effort to keep our articles updated. For information regarding a specific legal issue affecting you, please contact an attorney in your area.

By Eric Sinrod of FindLaw

While companies provide certain rights to information technology and other employees to access specified categories of data, they may not be aware that those workers often exceed those rights.

According to a recent survey of IT professionals by Cyber-Ark Software, one-third of respondents admitted that they go beyond their rights and they access data relating to such matters as salary details, merger and acquisition plans, personal emails of others, board meeting minutes, or additional categories of confidential information.

Indeed, a whopping 47 percent of respondents conceded that they have accessed information that is not related to their employment roles.

Why is this happening? Of course, curiosity is at play. But curiosity only can be acted upon if proper safeguards are not in place.

Obviously, password rights are being provided, but unfortunately, at some companies those passwords currently seem to afford an array of data access beyond the scope of the role of designated employees. Moreover, passwords need to be changed on a more frequent basis.

The survey surprisingly indicates that passwords having to do with access to confidential information actually are changed less often than user passwords. And while only 30 percent of confidentiality passwords get changed every quarter, nine percent NEVER get changed. This is not good news. On top of all of this, the survey results show that approximately 70 percent of companies depend on outdated and insecure methods for sensitive data exchanges with business partners.

Sensitive and confidential data may be like oxygen – only truly valued when it is gone. But then it is too late. Companies now should do their best to develop practices and methods that allow access to confidential information only to those with a need-to-know, and they should ensure that they exchange such information only when necessary and with protections in place. Companies should consider technological as well as legal measures, with the help of skilled counsel, to best position themselves.

Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP (http://www.duanemorris.com) where he focuses on litigation matters of various types, including information technology and intellectual property disputes.  His Web site is http://www.sinrodlaw.com and he can be reached at ejsinrod@duanemorris.com.  To receive a weekly email link to Mr. Sinrod’s columns, please send an email to him with Subscribe in the Subject line.

This column is prepared and published for informational purposes only and should not be construed as legal advice.  The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.
Was this helpful?

Copied to clipboard