Manager accessing computer

ncmc

Not really a problem per se, but just interested to see if it this is a common occurrence. About once every fortnight, my manager stays behind after everyone else has left work and frequently the following morning I will notice that he has been on my computer. For example, this morning I came in and my computer was on (I always turn it off) and an email was read that I hadn’t opened.

I can’t for the life of me see why he would need to access my computer, the only thing on my computer that he wouldn’t have on his own is the generic reception email which I deal with and forward each email to the correct person.

I just find it a bit annoying and a bit of an invasion of privacy. There is nothing on my computer that I would be worried he would see, but I don’t like the idea of him being at my desk and rooting around.

Is this a common occurrence? Am I completely in the wrong in thinking it’s a bit of an invasion? I wouldn’t say anything to him as I know it’s a work desk, work computer etc but I do think it’s a little invasive and unnecessary.

Mrs OBumble

ncmc wrote: »

Am I completely in the wrong in thinking it’s a bit of an invasion?

Yes.

Especially since you're managing a generic email, I'd almost say that your manager has a responsbility to audit your work occasionally and make sure that you are handling it all correctly.

Procrastastudy

I find it odd in all honesty. Not the fact that he's doing it but that he is staying behind to do it. Have you been made aware of a policy of doing this. I have something in the back of my mind about telephones/email being monitored in a word situation.

BaronVon

Mrs OBumble wrote: »

Yes.

Especially since you're managing a generic email, I'd almost say that your manager has a responsbility to audit your work occasionally and make sure that you are handling it all correctly.

So why is he being so sneaky about it?

Auditing the generic email is fine, why doesn't he need to do it after work and not inform the employee?

Perfectly entitled to do this....have a look at your contract, there's probably a section in there about IT policies and this will be laid out specifically (former techie here, so have been through this with people many many times)

The computer/email and everything on it is the companies property, and you can expect no privacy WHATSOEVER while you're using them. Many companies do this without you knowing (directly on servers etc). The company is entitled to do this in their own self-interest (maybe procrastastudy can explain in better terms the legalities behind it!)

Maybe the company don't have the systems in place to check the mail from his own computer - it could be a simple pop account setup in outlook or another mail client as opposed to a mail client accessing an account on an internal server. He might be doing it after hours so that you don't feel that you're being snooped on (I see the irony in this, don't worry).

They can also check internet sites you've been accessing etc etc.......

inforfun

So you turn off your pc and the manager somehow manages to login with your profile and reads emails sent to your personal email account (as in yourname@thecompany.com, not your gmail or whatever account)?

Or are the pc's not password protected?

Outkast_IRE

In my opinion if its a work computer and a generic email then the manager has done nothing wrong as such, but i think mentioning it to employees that occasionally the computers and emails accounts are checked would be fair enough.

My gf, is acting manager of her department while the manager is on sick leave, one of the employees was taking a weeks holiday and she was asked to leave her computer password written down so other employees can access it as needed. The employee going on holidays went into a defensive speech on why should they need access to "her" computer, as her generic department email account can be read from other computers.

I dont understand such complaints
1. its not the employees computer its the companies.
2. The employee may have documents saved to local drive which could be finalised by other staff while they are on holiday.
3. In many fields its necessary to audit computers, as for instance procedures should not be kept on local drives as if they are updated the version on the local drive wont update, such items should be on network drive only to ensure only one version exists. To ensure this compliance, computers in each department need to be checked as part of the audits.

inforfun

inforfun wrote: »

So you turn off your pc and the manager somehow manages to login with your profile and reads emails sent to your personal email account (as in yourname@thecompany.com, not your gmail or whatever account)?

Or are the pc's not password protected?

It's the companies computer, the companies email account. As an employee of a company, you have no right to privacy while you are using their property and their systems. It's as simple as that.

To be honest, it sounds very like a small office setup, where the email is just on that computer and it's not password protected, otherwise the manager would be able to open the mailbox on his own computer as well and wouldn't need to access the ops computer at all.

Outkast_IRE

Outkast_IRE wrote: »

In my opinion if its a work computer and a generic email then the manager has done nothing wrong as such, but i think mentioning it to employees that occasionally the computers and emails accounts are checked would be fair enough.

My gf, is acting manager of her department while the manager is on sick leave, one of the employees was taking a weeks holiday and she was asked to leave her computer password written down so other employees can access it as needed. The employee going on holidays went into a defensive speech on why should they need access to "her" computer, as her generic department email account can be read from other computers.

I dont understand such complaints
1. its not the employees computer its the companies.
2. The employee may have documents saved to local drive which could be finalised by other staff while they are on holiday.
3. In many fields its necessary to audit computers, as for instance procedures should not be kept on local drives as if they are updated the version on the local drive wont update, such items should be on network drive only to ensure only one version exists. To ensure this compliance, computers in each department need to be checked as part of the audits.

Most companies will have it in their IT policy in emplyees handbooks etc etc. Companies in Ireland are actually far too lenient when it comes to this in my own opinion....the amount of money spent and man-hours on clearing virus' off networks, computers, etc etc due to somebody bringing in infected usb keys, downloading sh1te off the internet (screensavers etc etc) is actually mind boggling.

runawaybishop

My work desk and my work computer are considered personal and if my manager wanted to have a root through them they would need to inform me and have a member of HR and myself present.

ncmc

Many thanks for all the replies, as I say, it’s not a big deal, just interested to see if other people have their PC’s checked in this manner.

Mrs OBumble wrote: »

Yes.

Especially since you're managing a generic email, I'd almost say that your manager has a responsbility to audit your work occasionally and make sure that you are handling it all correctly.

I can totally see where you are coming from here and I have no problem with my work being checked. But I do find it odd that it is done without my knowledge and that he does it in a sneaky way.

Deleted User wrote: »

Perfectly entitled to do this....have a look at your contract, there's probably a section in there about IT policies and this will be laid out specifically (former techie here, so have been through this with people many many times)

The computer/email and everything on it is the companies property, and you can expect no privacy WHATSOEVER while you're using them. Many companies do this without you knowing (directly on servers etc). The company is entitled to do this in their own self-interest (maybe procrastastudy can explain in better terms the legalities behind it!)

Maybe the company don't have the systems in place to check the mail from his own computer - it could be a simple pop account setup in outlook or another mail client as opposed to a mail client accessing an account on an internal server. He might be doing it after hours so that you don't feel that you're being snooped on (I see the irony in this, don't worry).

They can also check internet sites you've been accessing etc etc.......

Yes it does say something about the company having the right to examine internet access/emails in my contract. The company I work for is family owned and fairly informal, so I get the feeling he’s not checking up on my work, but just being nosy! But that’s just the feeling I have and as you say, he’s totally within his rights to have a look.

inforfun wrote: »

So you turn off your pc and the manager somehow manages to login with your profile and reads emails sent to your personal email account (as in yourname@thecompany.com, not your gmail or whatever account)?

Or are the pc's not password protected?

My PC isn’t password protected, if I am away or on hols, then someone needs to access the generic reception email, so I don’t password protect. As I said, it’s a fairly informal, family run place, so have never really felt the need to password protect. There are two email addresses that both come into the one Outlook on my PC, reception@mycompany.ie and myname@mycompany.ie so in seeing one, he is seeing the other.

I know I am probably over-reacting, but it just all feels a bit sneaky. I would have no problem if he said, “oh I was just on your PC, I needed to access an email” but it’s just the fact that he does it ‘under cover of night’ so to speak! I suppose no-one likes to feel spied on!

runawaybishop

runawaybishop wrote: »

My work desk and my work computer are considered personal and if my manager wanted to have a root through them they would need to inform me and have a member of HR and myself present.

They really wouldn't. You might consider it personal to yourself, but it's the companies computer....they paid for it, it's theirs, end of. I can't speak for your desk etc, but they can logon to your computer at any stage, with or without your permission.

Of course, if they suspect you of wrongdoing or anything like that, I'm sure they have procedures to follow that involve HR etc.

Actually....they don't even need to be at your computer to root through it.....they can do it from another station and you won't even know it's happening

runawaybishop

Deleted User wrote: »

They really wouldn't. You might consider it personal to yourself, but it's the companies computer....they paid for it, it's theirs, end of. I can't speak for your desk etc, but they can logon to your computer at any stage, with or without your permission.

Of course, if they suspect you of wrongdoing or anything like that, I'm sure they have procedures to follow that involve HR etc.

Actually....they don't even need to be at your computer to root through it.....they can do it from another station and you won't even know it's happening

No, they really would. Its company policy.

ncmc

ncmc wrote: »

Yes it does say something about the company having the right to examine internet access/emails in my contract. The company I work for is family owned and fairly informal, so I get the feeling he’s not checking up on my work, but just being nosy! But that’s just the feeling I have and as you say, he’s totally within his rights to have a look.



My PC isn’t password protected, if I am away or on hols, then someone needs to access the generic reception email, so I don’t password protect. As I said, it’s a fairly informal, family run place, so have never really felt the need to password protect. There are two email addresses that both come into the one Outlook on my PC, reception@mycompany.ie and myname@mycompany.ie so in seeing one, he is seeing the other.

I know I am probably over-reacting, but it just all feels a bit sneaky. I would have no problem if he said, “oh I was just on your PC, I needed to access an email” but it’s just the fact that he does it ‘under cover of night’ so to speak! I suppose no-one likes to feel spied on!

Yeah, as I suspected, that's exactly how an awful lot of small businesses are run. I doubt there's anything malicious to it, probably was told of an email sent to the generic address and maybe wanted to check it out before going home....I wouldn't be reading to much into it

inforfun

ncmc wrote: »

My PC isn’t password protected, if I am away or on hols, then someone needs to access the generic reception email, so I don’t password protect. As I said, it’s a fairly informal, family run place, so have never really felt the need to password protect. There are two email addresses that both come into the one Outlook on my PC, reception@mycompany.ie and myname@mycompany.ie so in seeing one, he is seeing the other.

I know I am probably over-reacting, but it just all feels a bit sneaky. I would have no problem if he said, “oh I was just on your PC, I needed to access an email” but it’s just the fact that he does it ‘under cover of night’ so to speak! I suppose no-one likes to feel spied on!

If that is the set up, then so be it.
Just make sure there is nothing not meant for everybody's eyes, as you always should on a company pc.
Big(ger) companies with a proper IT department can do the same thing without you ever finding out anyway.

runawaybishop

This is worth a read, just because the employer owns teh PC doesnt suddenly mean the employee has no rights.

http://www.dataprotection.ie/viewprint.asp?fn=/documents/guidance/3gm3.htm


the legitimate interests of the employer - to process personal data that is necessary for the normal development of the employment relationship and the business operation - justify certain limitations to the privacy of individuals at the workplace. However, these interests cannot take precedence over the principles of data protection, including the requirement for transparency, fair and lawful processing of data and the need to ensure that any encroachment on an employee’s privacy is fair and proportionate. A worker can always object to processing on the grounds that it is causing or likely to cause substantial damage or distress to an individual.
monitoring, including employees’ email or internet usage, surveillance by camera, video cameras or location data must comply with the transparency requirements of data protection law. Staff must be informed of the existence of the surveillance, and also the purposes for which personal data are to be processed. If CCTV cameras are in operation, and public access is allowed, a notice to that effect should be displayed. Any monitoring must be carried out in the least intrusive way possible. Only in exceptional circumstances associated with a criminal investigation, and in consultation with the Gardai, should resort be made to covert surveillance
monitoring and surveillance whether in terms of email use, internet use, video cameras or location data are subject to data protection requirements. Any monitoring must be a proportionate response by an employer to the risk he or she faces taking into account the legitimate privacy and other interests of workers.
at a very minimum, staff should be aware of what the employer is collecting on them (directly or from other sources). Staff have a right of access to their data under section 4 of the Data Protection Acts.
any personal data processed in the course of monitoring must be adequate, relevant and not excessive and not retained for longer than necessary for the purpose for which the monitoring is justified.

runawaybishop

runawaybishop wrote: »

No, they really would. Its company policy.

Well fair enough (you do work there after all and not me ), I will say, I'm very surprised at that.....it'd be one of the exceptions from my experience in the industry.

I'd be interested in seeing the wording of that policy...I don't doubt that if they physically want to search your desk or actually sit down at the computer and look through it then it's necessary to have HR there (as if something was requiring that level of a search, then there's really a deeper issue I'm sure you'd agree!).
However emails, files stored etc are all accessible remotely and would be covered by their internet/intranet policies as they would have to protect themselves from any misuse (be it accidental or intentional). They can/do (if they have any sense!!) monitor incoming and outgoing emails....scanning files for viruses etc

runawaybishop

runawaybishop wrote: »

This is worth a read, just because the employer owns teh PC doesnt suddenly mean the employee has no rights.

http://www.dataprotection.ie/viewprint.asp?fn=/documents/guidance/3gm3.htm

monitoring, including employees’ email or internet usage, surveillance by camera, video cameras or location data must comply with the transparency requirements of data protection law. Staff must be informed of the existence of the surveillance, and also the purposes for which personal data are to be processed.

Bingo......there's a few lines in most standard employment contract outlining their IT policies and this will be mentioned.

As for personal email/internet browsing etc - at the end of teh day you're on company time and being paid. Most places will allow a certain amount of use, but that's being clamped down on all the time, especially in bigger companies who will have very strict policies and web-filtering software in place - why should you be paid to browse facebook, send personal emails etc etc.

runawaybishop

Deleted User wrote: »

Bingo......there's a few lines in most standard employment contract outlining their IT policies and this will be mentioned.

As for personal email/internet browsing etc - at the end of teh day you're on company time and being paid. Most places will allow a certain amount of use, but that's being clamped down on all the time, especially in bigger companies who will have very strict policies and web-filtering software in place - why should you be paid to browse facebook, send personal emails etc etc.

The times, they are a changing. Current policies on employee data are open to challenge on privacy rights. I do understand why companies need to monitor employees work, I'm just pointing out that they do not have a carte blanche to do as they wish.

rgmmg

Outkast_IRE wrote: »

In my opinion if its a work computer and a generic email then the manager has done nothing wrong as such, but i think mentioning it to employees that occasionally the computers and emails accounts are checked would be fair enough.

My gf, is acting manager of her department while the manager is on sick leave, one of the employees was taking a weeks holiday and she was asked to leave her computer password written down so other employees can access it as needed. The employee going on holidays went into a defensive speech on why should they need access to "her" computer, as her generic department email account can be read from other computers.

I dont understand such complaints
1. its not the employees computer its the companies.
2. The employee may have documents saved to local drive which could be finalised by other staff while they are on holiday.
3. In many fields its necessary to audit computers, as for instance procedures should not be kept on local drives as if they are updated the version on the local drive wont update, such items should be on network drive only to ensure only one version exists. To ensure this compliance, computers in each department need to be checked as part of the audits.

Whatever about the legalities of giving a password to your boss (that's a no-no where i work - IT will access your PC if needs be), allowing multiple users to access a single user's PC account is asking for trouble. If it's to access specific software on that PC, it may be contravene software license agreements. If it's to access files, these should be on a network. What if the employee gets hit by the proverbial bus? That shows a lack of business continuity.

runawaybishop

runawaybishop wrote: »

The times, they are a changing. Current policies on employee data are open to challenge on privacy rights. I do understand why companies need to monitor employees work, I'm just pointing out that they do not have a carte blanche to do as they wish.

Oh I agree, I'd never say that they should have carte blanche to do what they wish, and I'm sure that data-protection and hr policies & procedures then come into play should any action need to be taken (warnings etc etc), but web/email monitoring should be there to protect the companies interests.....most would have software looking for certain keywords/files as emails are coming in/out and also web-monitoring software on servers/firewalls that flag any suspicious activity as well.
To be honest, alot of companies would rarely be that strict anyway, and the vast majority of employees don't take the piss.

Vast majority of businesses wouldn't have their own IT staff anyway and would contract out the work and it's only really if problems occur that any monitoring is done, but I know of some companies (and have implemented systems on their behalf) that are insanely strict.

Anyway, hopefully one of the legal heads might explain that side of things, as I'm only speaking from my own experience on the administration/nerdlinger side of it

Outkast_IRE

rgmmg wrote: »

Whatever about the legalities of giving a password to your boss (that's a no-no where i work - IT will access your PC if needs be), allowing multiple users to access a single user's PC account is asking for trouble. If it's to access specific software on that PC, it may be contravene software license agreements. If it's to access files, these should be on a network. What if the employee gets hit by the proverbial bus? That shows a lack of business continuity.

Its a small company, the password comes from the IT department, the guys doing the IT fall in with other tech support of products as well so would be busy most of the time, as you said if needs be IT can access it no problem.

Multiple Users dont access a single users account, it is only the user and if she is away for a period of time or on sick leave it is understandable that someone can access to the account if needs be.

Files are always kept on the network as you mentioned, however if a file is being updated then a temporary copy is allowed on the local drive until it ready to put up on the network. The temporary copy is then deleted off the local drive.

And as you said if an employee gets hit by a bus then IT can access the computer no problem. Theres no lack of continuity, its a small businesss and within each department managers would always know what the employees in their deparment are working on that day/week.

runawaybishop

Outkast_IRE wrote: »

Its a small company, the password comes from the IT department, the guys doing the IT fall in with other tech support of products as well so would be busy most of the time, as you said if needs be IT can access it no problem.

Multiple Users dont access a single users account, it is only the user and if she is away for a period of time or on sick leave it is understandable that someone can access to the account if needs be.

Files are always kept on the network as you mentioned, however if a file is being updated then a temporary copy is allowed on the local drive until it ready to put up on the network. The temporary copy is then deleted off the local drive.

And as you said if an employee gets hit by a bus then IT can access the computer no problem. Theres no lack of continuity, its a small businesss and within each department managers would always know what the employees in their deparment are working on that day/week.

This is really bad security, there's really no excuse for it.

rgmmg

Outkast_IRE wrote: »

Its a small company, the password comes from the IT department, the guys doing the IT fall in with other tech support of products as well so would be busy most of the time, as you said if needs be IT can access it no problem.

Multiple Users dont access a single users account, it is only the user and if she is away for a period of time or on sick leave it is understandable that someone can access to the account if needs be.

Files are always kept on the network as you mentioned, however if a file is being updated then a temporary copy is allowed on the local drive until it ready to put up on the network. The temporary copy is then deleted off the local drive.

And as you said if an employee gets hit by a bus then IT can access the computer no problem. Theres no lack of continuity, its a small businesss and within each department managers would always know what the employees in their deparment are working on that day/week.

I didn't mean it that way. Where practical, everyone should take leave for a set period each year to ensure things operate without an individual and an individuals PC - without the need to get IT to hack into systems i.e. continuity (what if the PC gets a virus/becomes corrupt?). Still, it ain't my shop

rgmmg

rgmmg wrote: »

I didn't mean it that way. Where practical, everyone should take leave for a set period each year to ensure things operate without an individual and an individuals PC - without the need to get IT to hack into systems i.e. continuity (what if the PC gets a virus/becomes corrupt?). Still, it ain't my shop

We're getting into different territory now, but how is that possible - take for example a business with 2/3 employees with different roles. It's nigh on impossible for one person to be away for 2/3 weeks without having cover for that role, business doesn't just stop because the person is away.
It's a different story in larger organisations with multiple people working in the same department, but even then, an auto-response email can be setup to be returned to anybody contacting this person giving another persons contact details.

But the beauty of being an employee and not an employer is that you don't have to worry about that

rgmmg

Deleted User wrote: »

We're getting into different territory now, but how is that possible - take for example a business with 2/3 employees with different roles. It's nigh on impossible for one person to be away for 2/3 weeks without having cover for that role, business doesn't just stop because the person is away.
It's a different story in larger organisations with multiple people working in the same department, but even then, an auto-response email can be setup to be returned to anybody contacting this person giving another persons contact details.

But the beauty of being an employee and not an employer is that you don't have to worry about that

I'm not talking about life changing breaks in fairness - 2-3 days would be more realistic in a smaller business. Anyways..

tatli_lokma

I know we are getting off topic here, but just on the whole 'draft copy on local drive' thing - take it from one who has learned the hard way, even when working on something and it is in draft stage, you should still be saving it either to an external drive or a server. If your pc crashes you will know all about it if it was only saved locally. Absolute madness for any company, of any size, to allow documents which others may need access to (to finalise or whatever) to be stored locally. Our company has the pc's set up that it is not possible to save to the c:drive without administrator rights. This is for business continuity, and also for privacy and security. How many cases have we heard of laptops and old PC's being discovered or stolen and a heap load of sensitive information on them???

Little Ted

Little Ted wrote: »

I know we are getting off topic here, but just on the whole 'draft copy on local drive' thing - take it from one who has learned the hard way, even when working on something and it is in draft stage, you should still be saving it either to an external drive or a server. If your pc crashes you will know all about it if it was only saved locally. Absolute madness for any company, of any size, to allow documents which others may need access to (to finalise or whatever) to be stored locally. Our company has the pc's set up that it is not possible to save to the c:drive without administrator rights. This is for business continuity, and also for privacy and security. How many cases have we heard of laptops and old PC's being discovered or stolen and a heap load of sensitive information on them???

This.

With a server in place, it's quite easy to setup roaming profiles so that all documents are basically saved to a location on the server and allows for desk hopping as well, in that you can log onto any computer and all your files/settings will be there as you're just basically accessing the information on the server.
Takes up quite a bit of disk space, but well worth and when combined with a solid tape or remote backup solution can be worth every penny.

The only problem with IT I suppose, is that people rarely notice how valuable it is - if the IT dept are doing their jobs well, you'll hardly know they exist.

dr strangelove

I'd be very uncomfortable with this set-up. I understand that your boss has the right to access your computer, but the fact that he's doing it with no one else involved - you, or, say, a HR rep. worries me.

What's to stop him looking at kiddie porn on your computer, and then claiming innocence?

Also, the fact that your computers don't even have a password on them means that if they get stolen, the thief now has full access to everything that's on the computer - customer details, personal and company information.

jd83

Sharing passwords and allowing others access your profile on a work computer is a big no no for me. Its a security issue and also removes accountability for the users actions as they can just turn around a say someone else is responsible for their actions on a work computer as there's a culture of letting anyone log on to your laptop ( including managers ) in the company. Its just bad form and no excuse for it even if its a small company.

In my job there's a policy if they want to access something on my profile they would have to have a good reason for it and I and a hr person would have to be present. If i was going on holidays and I wrote my password on a piece of paper for someone to access my computer while I was gone, I would be lucky to have a job when I come back.

dr strangelove

dr strangelove wrote: »

I'd be very uncomfortable with this set-up. I understand that your boss has the right to access your computer, but the fact that he's doing it with no one else involved - you, or, say, a HR rep. worries me.

What's to stop him looking at kiddie porn on your computer, and then claiming innocence?

Also, the fact that your computers don't even have a password on them means that if they get stolen, the thief now has full access to everything that's on the computer - customer details, personal and company information.

By the sounds of it, it's a small company, 2/3 people, so no hr dept or anything like that.

As for the kiddie porn - that's simple enough for authorities to trace back to a time/date if images are being looked at online.....easy enough to prove that the op wasn't in work at that time if it came to it.

As for the security issue - you're right, it's appalling, but as it's a standalone computer, even setting a password on a user account locally is next to useless if somebody really wants to access the information on the disk.....google it, you can crack/reset that within a few minutes extremely easily (I have a cd here that will do it in 30 seconds!). If the computer was stolen etc....it's so so easy to take any information off it....even if you're unable to crack the password....you can put the hard drive into another computer as a 2nd drive, or into an external case and access it via usb.