What Does Your IT Department Know About You?

Did you ever wonder who knows the most about you in your organization? Is it your boss, who has files about your performance on his sharedrive? Your HR rep, who has your compensation and personnel information? Or your IT guy, who has access to both (plus your own files, your web browsing history, etc.)?

Along these lines, I just read some interesting survey results from info security vendor Cyber-Ark. According to the survey (pdf), 67% of IT professionals admit to accessing confidential employee information not related to their jobs. Also, according to a CNet story:

"Even further, 41 percent of the IT folks questioned confessed to abusing administrative passwords to check out sensitive or confidential information, a rise from 33 percent from the last two years. Those in the U.S. said they were most interested in seeing the customer database, while people in the U.K. wanted to peep at their internal HR records.

Point is, such activities -- whether done on colleagues or customers -- is wrong, and in some cases against the law. And at least some of these culprits are probably in Information Security departments themselves. Which begs the question -- Quis custodiet ipsos custodes? (Who watches the watchers?)

http://t2.gstatic.com/images?q=tbn:QGNyK2_hkM7MZM:http://tstein4.files.wordpress.com/2009/12/spies_like_us.jpg