• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Can employees be solely blamed for data loss?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
chaand
Just Arrived
Just Arrived


Joined: 25 Apr 2008
Posts: 0


Offline

PostPosted: Fri Apr 25, 2008 5:15 pm    Post subject: Can employees be solely blamed for data loss? Reply with quote

Hello everyone, I really need some robust info and would be thankful if someone could help me out please!

I work in UK for a scientific firm. The computer I work on is stand-alone (not connected to other computers for data backup). 2 weeks ago the computer hard disk crashed & there was significant data loss. The data DID NOT contain any personal/sensitive information. It was just loads of technical data. Data recovery experts couldn't retrieve everything.

Since then my boss has been blaming me as to why I didn't back up data on blank CDs and DVDs that are in the office. He is washing off his hands from his responsibility to provide a continuous backup system. I only backed up some crucial bits, but that's just a fraction.

The boss has made my life a hell and I am agonising wayyy too much, so I found another job and am about to quit this one. But boss says I MUST hand over all the data before I go, which I can't, as it has been destroyed!

What can I do now?? I am so worried! What is the worst he can do to me REALISTICALLY if I left just like that? Would truly appreciate answers from legal experts or those who've seen similar cases b4.
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Fri Apr 25, 2008 5:17 pm    Post subject: Reply with quote

does the IT / data / backup / DR policy state that you have to backup all the data yourself? if not, you're in the clear as far as I can see.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
chaand
Just Arrived
Just Arrived


Joined: 25 Apr 2008
Posts: 0


Offline

PostPosted: Fri Apr 25, 2008 5:33 pm    Post subject: Reply with quote

I wasn't handed any specific documents outlining such rules. But after this happened, I dug deep into the company website and I found some "guidelines" within the Code of Practice where it says data "should" be backed up on CDs. Two things I should re-emphasize: (1) I was not given this document explicitly, I had to dig deep into the website to find it and (2) the word they use is "should", not "must".
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Fri Apr 25, 2008 5:47 pm    Post subject: Reply with quote

unless they can prove you have seen it, understood it and signed it then as far as I can see, it's not a binding guideline or policy.

Of course, that's just my opinion and shouldn't be taken as legal or even sane sometimes Smile lol
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
chaand
Just Arrived
Just Arrived


Joined: 25 Apr 2008
Posts: 0


Offline

PostPosted: Fri Apr 25, 2008 6:15 pm    Post subject: Reply with quote

Yeah sure, I understand, you're just trying to help me out. And thanks a lot for your replies, which cheered me up a bit actually - after days of agonising and feeling guilty! Cheers! Very Happy
Back to top
View user's profile Send private message
ThePsyko
SF Mod
SF Mod


Joined: 17 Oct 2002
Posts: 16777178
Location: California

Offline

PostPosted: Fri Apr 25, 2008 6:41 pm    Post subject: Reply with quote

If it makes you feel any better, I agree with Graycat - unless they informed you of this ahead of time, and have written proof that they did, you're on pretty solid ground. I would double check and make sure that you didn't sign something stating you agreed to review all policies and such that are available on the company website (odd place to put such things unless it's an intranet I would think?)
Back to top
View user's profile Send private message Send e-mail
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Mon Apr 28, 2008 5:22 pm    Post subject: Reply with quote

I am no legal expert, but this sounds like something the I.T. or DR department would be responsible for. As mentioned, if you were unaware of the policy then it would be pretty hard to litigate.
Back to top
View user's profile Send private message
Fracker
Just Arrived
Just Arrived


Joined: 23 Apr 2008
Posts: 0


Offline

PostPosted: Fri May 02, 2008 8:45 am    Post subject: Reply with quote

Most of the IT Security Guy if give the responsibility to the User, they include in employee induction programs, most likely they introduce a line.

For Company Information Security Policy, check the website.

Wink we know how to put our own blame to the helpless users
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Fri May 02, 2008 5:19 pm    Post subject: Reply with quote

Fracker wrote:
we know how to put our own blame to the helpless users


Yes, IT workers like you give all of us a bad rep.
Back to top
View user's profile Send private message
larsmhansen
Trusted SF Member
Trusted SF Member


Joined: 11 Jan 2003
Posts: 0
Location: Boston, MA, USA

Offline

PostPosted: Fri May 02, 2008 7:21 pm    Post subject: Reply with quote

Hard drive failure is an "act of God", and an employee should not be held responsible for data loss cause by such failure.

If a stand-alone machine is the store valuable information, then the IT dept. must provide a reasonable means of backing this data up. CDs or DVD's are hardly "reasonable", as the process is often manual, they provide insufficient storage space, and are too time consuming for the end user. Also, the end user should have been trained in using the backup software, regardless of its nature.
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Fracker
Just Arrived
Just Arrived


Joined: 23 Apr 2008
Posts: 0


Offline

PostPosted: Sat May 03, 2008 6:42 am    Post subject: Reply with quote

PhiBer wrote:
Fracker wrote:
we know how to put our own blame to the helpless users


Yes, IT workers like you give all of us a bad rep.


Shocked , I just told the reality That happens in many organizations.

@Person Above me

The topic starter said they have provided the backup policy as well as the mean, unless the employee wont ask for the facilities how come the IT guy will know that He has Valuable Information on his system. also when IT Security mentioned that for Company Security Policy you have to go on the website or web portal. Than it become employee responsibility as per Legal.

But yes, it shouldn't be like that, many organization form an Employee Induction program where they involve the IT Security into it. And every employee has to read and sign the acceptable Use policy.
Back to top
View user's profile Send private message
The_Real_Gandalf
Trusted SF Member
Trusted SF Member


Joined: 14 Apr 2004
Posts: 0
Location: Athens,Greece

Offline

PostPosted: Fri May 30, 2008 9:36 am    Post subject: Reply with quote

i do not know what stands in US , but in E.U. i think you have to sign a paper given describing policy and guidelines on how to use , backup, handle in general network resources, along with privillege rights and security measures from user's side.

So unless there is no such signed document by the user, it is only user's word against the IT's dpt one.

A variation though of it, is if the company has made the first browser's page to be an Internal Webpage with guides mentioned as above. It that exists, it also stands as a legal fact for the user.

In any other case, there is no proof that user sould have complied with policies of the company. Unless of course his actions violate , general laws, like Warez or other of the same nature , where both user and IT persons considered equally guilty for that.

My advice... consult with a lawyer to give you proper guides on this, since you wont find anything here more than oppinions , which wont stand as responsible legal statements.


Gandalf
Back to top
View user's profile Send private message Visit poster's website AIM Address
ThePsyko
SF Mod
SF Mod


Joined: 17 Oct 2002
Posts: 16777178
Location: California

Offline

PostPosted: Fri May 30, 2008 5:32 pm    Post subject: Reply with quote

The_Real_Gandalf wrote:
... like Warez or other of the same nature


The thing about that is it's going to be hard to prove with the drive gone Smile
Back to top
View user's profile Send private message Send e-mail
The_Real_Gandalf
Trusted SF Member
Trusted SF Member


Joined: 14 Apr 2004
Posts: 0
Location: Athens,Greece

Offline

PostPosted: Mon Jun 02, 2008 9:47 am    Post subject: Reply with quote

nope.. not really..

Routrer's logs could identify if there was any connection or activity , that was made by this Terminal's IP, which indicate warez or porn files existance, on this "disappeared disk" of his.

Gandalf
Back to top
View user's profile Send private message Visit poster's website AIM Address
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register