Today CNN reported Wal-Mart fired a systems technician who was “intercepting text messages of people who were not Wal-Mart employees and for recording telephone conversations with a New York Times reporter without authorization.”
Reportedly the snooping was going on from September 2006 through January 2007, and was against their policy of not allowing monitoring without written approval from the Wal_Mart legal counsel, and in any case communications involving non-employees would not be approved.
“Wal-Mart said it has taken disciplinary action against two management associates for failure to carry out their management duties and that it has removed the recording equipment and related hardware from the system.”
This points out the very real threat and need for implementing compensating controls for those folks in your organization who have trusted access to your network and phone equipment for admin and other purposes. There must be monitoring oversight for the activities admin-capable personnel have to ensure they are not stepping beyond the realm of what is acceptable or legal. It sounds like the two managers disciplined were not exercising proper oversight.
The article does not say how the monitoring was discovered…it would be interesting to know!
Tags: awareness and training, Information Security, insider threat, IT compliance, monitoring, privacy, privacy breach, surveillance