catwho, pet mage of Jabober wrote:
Uh, I know for a fact that our IT staff snoops on email because we were warned that they would when we were hired. If you're caught sending non business related emails, you get booted out for the day or worse. Happened to one of my coworkers just last week who was forwarding a chainmail (what a bint.)
They also snoop on our desktops using WinVNC. After the second time getting caught surfing Alla, I gave up and now write in a notebook and stick to web surfing on breaks.
You could argue that that's all "work related" though, since the purpose is to ensure that you're not using company resources for non-company reasons.
That sort of activity only occurs at smaller businesses though. It's pretty much impossible to do in larger environments. We'd need an IT department about 20x larger then the one we have if we actually had people reading folks emails or connecting to their PCs just to see if they're browsing a website they're not supposed to. At most sites, no one cares what you do with your email and web browser as long as it's not illegal and as long as you're getting your job done.
This is part of why I'd like to see who was actually involved in the survey, and what the exact questions asked were. This is an area that's incredibly easy to make sound worse then it is. If you split it into two questions ("have you ever used your admin privileges to open up someone's email?" and "When doing this, have you ever viewed material that wasn't specific to the job you were doing?"), you could quite easily get a "yes" to both, but at no time is the IT guy saying that his purpose for accessing the email was no work related.
If someone calls me and says that his email isn't working, I might log onto the mail server, and use my root access to edit his mail spool file. Quite often, the header will get corrupted (happens when someone has two email client programs operating on the same spool at the same time). A quick deletion of a couple lines usually clears this up, and he's on his way. However, I'm certainly going to see the top part of some random email the contents of which have *nothing* to do with the work I'm actually doing. If asked whether the information I saw in the email was related to my job, I'd have to answer "no", but nothing I did was in violation of the users privacy expectations.
Just yesterday, I mentioned this thread to a co-worker of mine. He related a story about how he was clearing up some temp data on a system. As part of that process, he was checking some of the files to see what they were (ones that didn't have obvious names). One of those just happened to have payroll information contained within. Oops! Was he authorized to view that payroll info? Absolutely not. Was he supposed to have that information as part of his job? Nope. But he viewed it anyway, not deliberately, but as a consequence of doing what he believed he needed to do in order to fix the machine he was working on.
The point is that if you ask around, you'd actually be hard pressed to find *any* senior level IT guy who doesn't have a story about something he ran across accidentally once. It doesn't mean that they can't be trusted. Quite the opposite. Most serious IT engineers approach their jobs in the same way a priest would. We know we have access to information that others don't. We know we could abuse that access. And we know that if we do our jobs long enough, we will run into private information about people. We take that responsibility very very seriously.
Oh. And we also sign legal forms. Lots and lots of legal forms...