Over the weekend a news story appeared in Australia that I’m sure is occurring in MANY other organizations, far beyond just schools; “Teachers being secretly filmed by students”
First of all, with regard to cell phones in the classroom, I think allowing this is absolutely unnecessary. As a former 7th – 12th grade math and computer science teacher, and now an MSIA professor, there is absolutely no good reason to allow cell phones in the classroom. If there is an emergency, the school office can be called and someone can go get the student tout de suite, just like has always been done throughout the past several decades. Besides being unnecessary distractions, cell phones also breed multiple methods of cheating, along with these reported clandestine recordings.
But putting aside the purely educational issues, the use of technology within any type of organization to secretly record…audio, video and photo…information that is then widely posted for the world, or competitors or customers or employees or family members or criminals, to see is an issue that all organizations should think about.
Over the past few years I have visited many different client sites and facilities, including government agencies, technology companies, communications companies, healthcare companies, manufacturing companies, and many others throughout a wide array of industries. There were glaring vulnerabilities with regard to this issue within virtually all of them. All had procedures, but they were not comprehensive and left much to the discretion of the visitor to reveal.
For example, one facility logged detailed information about my notebook computer I had with me, but said they didn’t need any information about my cell phone, which has a clearly apparent camera capability. As another example, an organization did take my cell phone and kept it at their front desk, but allowed my notebook computer, with a visible but admittedly not clearly apparent built-in cam, into the facility with no comments or directives whatsoever.
What’s happening in Australian schools can easily happen, and IS happening, within most organizations.
People can be capturing not only embarassing moments that are later ridiculed by millions through a viral YouTube posting, but there can also be some very sensitive data being captured…on white boards, computer monitors, on printed documents, and many other places…that can then be posted and used for fraud, crime, or any number of other harmful activities.
What are your organization’s policies on allowing visitors to use their cell phones and notebook computers within your facilities? What about allowing recording devices into meeting rooms? Or allowing them into areas where vast amounts of personally identifiable information (PII) or other sensitive information is stored, displayed, handled or otherwise viewable?
This is not an easy issue to address. This is probably why it does not get addressed within most organizations. Most determine there is nothing that can feasibly be done to prevent secret surveillance, and so do nothing. However, doing nothing certainly does not demonstrate a standard of due care.
No solutions are perfect or undefeatable. However, that does not mean the threats should be dismissed.
Tags: awareness and training, cell phones, Information Security, IT compliance, monitoring, MySpace, policies and procedures, privacy, risk management, surveillance, YouTube