Categories compliance

29 posts

All kind of compliances

GDPR : Clean up your mailbox

This post is made for very large portion of business population. We are talking about 90% here. Companies with very small number of desktops.

It this is you please read on. You are (very likely) using Office (365 or not). And you are categorized as SME , and thus very likely, you have no services of this mythical creature called: Administrator.

You have nobody but yourself. And this good blog 🙂 Continue reading

GDPR conundrums

 

 

Consider this.

Imagine you have applied for a patent. Patent award approval takes some time (or more) and during that period, your name is publicly available and related to that patent request to be granted.

And after that. until a patent expires and goes into the archive. Where your name is still available and associated with a patent expired. Continue reading

What are: RTO and RPO?

Modern IT products, used by modern and compliant businesses, must convince customers that they contain sound High Availability (HA) strategy in place. Architected, Designed and Implemented. Continue reading

Safe Harbour Decision: “Jarring”

“Even if in the case that the EU Safe Harbour 2.0 passes soon, I think that the general climate is a preference for data locality, and even if the regulations are cleared and there’s a path forward for legal transfer of data, I think that the appetite for the Europeans to have local data has increased.”

Continue reading

Why Use Exchange Online?

0365 icons blurred

Yet another post on this subject but this time with real costs of owning Exchange on premises. Clearly showing all the Capex and Opex costs related to savings made by adopting Exchange on line.

Note: technical bits are removed so that focus is on the business benefits.

Continue reading

GDPR: Things to Know About Your Work Email

Don't Pull a Hillary
Don’t Pull a “Hillary email stunt” on GDPR officer please.

 Things to Know About Your Work Email

Handy micro guide to your e-mail rights and obligations

[Original source] of this text.

Digital privacy at the workplace is actually something everyone should at least be thinking about. And not just high-profile folks in the limelight of the media, but all of us. In fact, these issues arguably affect us the commuting work-a-day masses far more than the power brokers. If you lose your job because of emails you sent, you’ll probably find yourself in a precarious situation.

Let us begin this discussion by first acknowledging the following: As an employee, you have entered into an agreement to rent your brain and body to a company in return for a salary. Your HR department may attempt to sugarcoat this sad fact of adulthood with free coffee in the break room or the occasional “Tapas Tuesday,” but you are essentially just a (replaceable) tool your company uses to create a product or provide a service. It is therefore in your company’s interest to get as much out of their tools (i.e. you) as possible. And that often takes the form of monitoring of your digital behavior.

Unfortunately, there aren’t a lot of universal hard-fact rules regarding privacy and employment. This is because there’s a messy patchwork of overlapping laws at the state, and local level, many of which were conceived and codified long before anyone was even aware of what an “e-mail” was.

Therefore, few universal pronouncements can be made and the courts tend to rule on a case-by-case basis in a “very fact-specific” manner, according to a law professor, who helped us highlight six general principles about using digital communication in the workplace. Please keep in mind that aspects of this laws have been actively evolving both in US and EU. Until now that is, when we count last “days of freedom” before 25 may 2018 and the GDPR.

1. Don’t say anything that could get you fired over company email.
As a general rule, an employer can’t intentionally access digital communications when you have a reasonable expectation of privacy. But ask yourself if your privacy expectations match up with that of the law.

One place you should probably expect to be monitored is when using company email. If you are using a company-issued computer to access company email stored on company-owned servers, you shouldn’t have an expectation of privacy. All those communications are basically your employer’s property.

Courts also look to what your company’s email policy says in deciding whether you reasonably expected privacy for your emails. It matters, for example, if that policy clearly says that workers can’t use company computers for personal email activity, and that they will be monitored.

If any of this is news to you, hopefully you haven’t been emailing anything that you wouldn’t want your boss to find out about.

2. Personal email accounts on third-party servers are protected, even if you access them on a company-owned computer.

If you use your company’s computer to check your private, password-protected email (i.e. one that lives on a third-party server like Gmail), then it is probably protected. There’s a Electronic Communications Privacy Act —that bans your employer (and others) from deliberately accessing that email without your permission.  But. There are many court cases in which employees accessed private email through a company computer and an employer wanted to monitor these activities. The court found that these emails were inadmissible as they were accessed without the employee’s authorization in violation of the Stored Communications Act.

3. Employers can’t require that employees (or potential employees) give them access to their social media accounts.

As much as you might want to know if your current or potential employees are getting up to any shenanigans in their spare time, you—in a growing number of jurisdictions —won’t be able to request or require them to give you access to their social media accounts so you can find out. In fact, many countries are working on laws specifically making this practice illegal  (surely based on no small part from lobbying and legal efforts of Facebook itself).

4. You can be fired because of what you post on social media.

As with email, an employer can’t use your work computer to directly access your social media accounts without your approval. But just because an employer can’t access your Facebook or Instagram accounts, it doesn’t mean they can’t use your social media to judge—and possibly even fire or discipline—you.

If your social media is password protected and the employer gains access without your authorization, that’s against the law. However, if there’s no privacy setting and you make your postings available to the world, it’s going to be harder for you to argue privacy.

Facing consequences at work for social media posts you put up in your spare time is something that we see happen all the time.

5. BYOD (Bring Your Own Device) is a big confusing mess.

Many people use their own personal phone and tablet at work and will use these devices to access company email as well as other company documents. This is known as a “Bring Your Own Device” (or BYOD) setup. And when it comes to monitoring, unfortunately there’s not a lot we can do to guide you.

So, how far can your employer go to monitor your activity on a device that you purchased and use for your own personal communications? It’s TBD.

If your employer is intercepting or accessing your communications on your personal electronic device and you haven’t given them authorization to do so, then there is a risk that activity is going to violate the law.

6. Civil servants have protections that private employees do not.

Since their employer happens to be the government, public employees are protected from intrusion in many cases where private employees are not. Specifically, public employees would have the protection, which “protects a person from ‘unreasonable searches’ of their ‘persons, houses, papers, and effects,’ and also limits public employers to only ‘reasonable searches’ of the digital communications of their employees.

Of course, what counts as “reasonable” varies a lot by the kind of civil servants work setting. But for those of us employed in the private sector this  just doesn’t apply.

[Source] of this text.