Your Risk Management Magazine
Closer watch on email snooping sought

Font size : + -

email print

Employers should have to log any access of employee emails and undergo random external audits, according to an IT professional body.

There should also be an alert system mandated so that when emails are accessed by someone other than the sender they are notified.

The Australian Computer Society (ACS) said information technology practitioners should also be bound by a code of conduct that makes it a disciplinary offence for them to use or divulge any information obtained through the exercise of any statutory or corporate interception power.

The ACS said it has made its call in response to the Federal Government’s plans to consult on giving private companies that operate critical infrastructure – such as the financial system, electricity and transport – the power to vet online communications at work as a national security measure.

At present, employers can monitor employee communications, but only with their consent.

“The Federal Government’s decision to review privacy laws to protect national security raises the issue of professional conduct around new technologies and the absence of a robust system of checks and balances to ensure that privacy is protected,” said ACS president, Kumar Parakala.

“Any changes to government, telco or employer powers in this area should be supported by appropriate education, guidelines and protocols for industry and the community, as well as technological solutions to help safeguard against invasion of privacy.”

He said audits should also be conducted to ensure organisations were compliant with privacy laws.

Privacy advocates Electronic Frontiers Australia said the move would give “quasi-police interception powers” to private organisations.

It said privacy was already inadequately protected under existing legislation, and any further extension of workplace surveillance powers would make it worse.

Australian Computer Society wishlist:

• Authorisation process and policy
• Logs of when email records are accessed
• Alert system for employees if their emails are accessed as part of routine corporate business
• A Code of Conduct for IT practitioners to make it an offence for them to use or divulge any information obtained through exercise of any statu tory or corporate interception power
• Random auditing to discover any breach of privacy laws

  • Bookmark & Share
go back
Your comment
Risk management is the place for positive industry interaction and welcomes your professional and informed opinion.
eNewsletter

Breaking news, video interviews, opinion and analysis delivered straight to your inbox. Subscribe now
Categories

Home   |    Advertising   |    About Us   |    Contact Us   |    Privacy Policy  

© 2012 Key Media Pty Ltd.