Spying on staff won’t protect privacy, expert says

Instead of spying on staff who snoop into private records while at work, organizations should adopt security measures that prevent staff breaching privacy laws, a Queensland University of Technology (QUT) privacy expert said today.

His comments follow news last week that Centrelink is using keylogging software to monitor staff access to company records. The surveillance has led to the sacking of 19 staff. Similar steps are being taken at the Australian Tax Office (ATO) where 27 workers have been sacked.

Centrelink CEO Jeff Whalan dubbed the surveillance a “success” and said there would be no apologies for the tough stance the welfare agency has taken to protect public records.

Professor Peter Croll, from QUT’s Faculty of Information and Technology, said the current approach to privacy regulation was to wait for workers to breach privacy laws and then take action.

“What’s happening is that we have organizations snooping on their staff to see if their staff are snooping,” he said.”This just isn’t the answer.”

Professor Croll supported privacy protection and moves to prevent staff from snooping, but said organizations shouldn’t just rely on audits. Next month Professor Croll and his research team at QUT’s Information Security Institute will release the first software prototype said to be suitable for all businesses to prevent snooping by staff.

“If you have a security policy then this new software enforces that security policy. It can’t be overridden,” he said.

“It offers military standard, mandatory access controls to ensure privacy is enforced in commercially available, enterprise-level computer systems.”

He said the development of this prototype, which has been funded by an Australian Research Council grant, provides strict access control technology to prevent unauthorized viewing of sensitive data.

Professor Croll, in collaboration with the CSIRO, has also developed another security measure that protects privacy.

“It is a Web-based software tool that asks questions of the user and then makes sure that the user is aware of the relevant privacy regulations and rules before allowing access to information,” he said. “It encourages privacy policy compliance and enforces access controls.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now