[LINK] Spying on staff no solution to privacy protection: professor

brd at iimetro.com.au brd at iimetro.com.au
Wed Aug 30 10:28:54 AEST 2006 

<brd>

While I agree with the comments that spying on staff is not the way to go and
neither is waiting for workers to breach privacy laws and then take action, I
don't think that enforcing policy outside of an application is the way to go.

</brd>

Spying on staff no solution to privacy protection: professor
Sandra Rossi
Computerworld
29/08/2006 12:27:40
http://www.computerworld.com.au/index.php/id;1622226737;fp;16;fpid;0

Instead of spying on staff who snoop into private records while at work,
organizations should adopt security measures that prevent staff breaching
privacy laws, a Queensland University of Technology privacy expert said today.

His comments follow news last week that Centrelink is using keylogging software
to monitor staff access to company records. The surveillance has led to the
sacking of 19 staff. Similar steps are being taken at the Australian Tax Office
(ATO) where 27 workers have been sacked.

Centrelink CEO Jeff Whalan dubbed the surveillance a "success" and said there
would be no apologies for the tough stance the welfare agency has taken to
protect public records.

Professor Peter Croll, from QUT's Faculty of Information and Technology, said
the current approach to privacy regulation was to wait for workers to breach
privacy laws and then take action.

"What's happening is that we have organizations snooping on their staff to see
if their staff are snooping," he said. "This just isn't the answer."

Professor Croll supported privacy protection and moves to prevent staff from
snooping, but said organizations shouldn't just rely on audits. Next month
Professor Croll and his research team at QUT's Information Security Institute
will release the first software prototype said to be suitable for all
businesses to prevent snooping by staff.

"If you have a security policy then this new software enforces that security
policy. It can't be overridden," he said.

"It offers military standard, mandatory access controls to ensure privacy is
enforced in commercially available, enterprise-level computer systems."

He said the development of this prototype, which has been funded by an
Australian Research Council grant, provides strict access control technology to
prevent unauthorized viewing of sensitive data.

Professor Croll, in collaboration with the CSIRO, has also developed another
security measure that protects privacy.

"It is a Web-based software tool that asks questions of the user and then makes
sure that the user is aware of the relevant privacy regulations and rules
before allowing access to information," he said.

"It encourages privacy policy compliance and enforces access controls."

-- 
Regards
brd

Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.au


----------------------------------------------------------------
This message was sent using iiMetro WebMail

More information about the Link mailing list