Big Fines for Nosey Bosses

Nik Barron - www.virus.org - 30 October 2009Security

A German company has been fined over one million Euros for monitoring the communications of thousands of its employees

A German company has been fined over one million Euros for monitoring the communications of thousands of its employees. Concerned about corruption claims and leaks of company information, the German national rail company Deutsche Bahn contracted a security company to monitor all external emails for over a year. This included communications with members of Parliament and the press, which are subject to special legal protection.

Particularly worrying is that the company were able to find a security vendor prepared to take such unethical action. While it is sometimes necessary to perform covert monitoring of employee communications, it should only be done in exceptional circumstances and then appropriately proportionate. Information gleaned from the monitoring was kept long after the targets had been cleared of any wrong doing. A clear and open statement about what routine monitoring of employee access takes place and under what circumstances more intrusive action would be authorized is always the best option.

Ironically under UK Data Protection law a fine of only ú5,000 would be possible, although such interception would probably fall foul of the Regulation of Investigatory Powers Act, resulting in criminal prosecution. Moves to increase the penalties that can be applied for such data protection breaches are planned later this year.

Out-law: German rail firm pays Ç1.1m fine over employee snooping

Nik Barron - www.virus.org