View previous topic :: View next topic |
Author |
Message |
chaand Just Arrived
Joined: 25 Apr 2008 Posts: 0
|
Posted: Fri Apr 25, 2008 5:15 pm Post subject: Can employees be solely blamed for data loss? |
|
|
Hello everyone, I really need some robust info and would be thankful if someone could help me out please!
I work in UK for a scientific firm. The computer I work on is stand-alone (not connected to other computers for data backup). 2 weeks ago the computer hard disk crashed & there was significant data loss. The data DID NOT contain any personal/sensitive information. It was just loads of technical data. Data recovery experts couldn't retrieve everything.
Since then my boss has been blaming me as to why I didn't back up data on blank CDs and DVDs that are in the office. He is washing off his hands from his responsibility to provide a continuous backup system. I only backed up some crucial bits, but that's just a fraction.
The boss has made my life a hell and I am agonising wayyy too much, so I found another job and am about to quit this one. But boss says I MUST hand over all the data before I go, which I can't, as it has been destroyed!
What can I do now?? I am so worried! What is the worst he can do to me REALISTICALLY if I left just like that? Would truly appreciate answers from legal experts or those who've seen similar cases b4.
|
|
Back to top |
|
|
graycat SF Mod
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
|
Posted: Fri Apr 25, 2008 5:17 pm Post subject: |
|
|
does the IT / data / backup / DR policy state that you have to backup all the data yourself? if not, you're in the clear as far as I can see.
|
|
Back to top |
|
|
chaand Just Arrived
Joined: 25 Apr 2008 Posts: 0
|
Posted: Fri Apr 25, 2008 5:33 pm Post subject: |
|
|
I wasn't handed any specific documents outlining such rules. But after this happened, I dug deep into the company website and I found some "guidelines" within the Code of Practice where it says data "should" be backed up on CDs. Two things I should re-emphasize: (1) I was not given this document explicitly, I had to dig deep into the website to find it and (2) the word they use is "should", not "must".
|
|
Back to top |
|
|
graycat SF Mod
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
|
Posted: Fri Apr 25, 2008 5:47 pm Post subject: |
|
|
unless they can prove you have seen it, understood it and signed it then as far as I can see, it's not a binding guideline or policy.
Of course, that's just my opinion and shouldn't be taken as legal or even sane sometimes lol
|
|
Back to top |
|
|
chaand Just Arrived
Joined: 25 Apr 2008 Posts: 0
|
Posted: Fri Apr 25, 2008 6:15 pm Post subject: |
|
|
Yeah sure, I understand, you're just trying to help me out. And thanks a lot for your replies, which cheered me up a bit actually - after days of agonising and feeling guilty! Cheers!
|
|
Back to top |
|
|
ThePsyko SF Mod
Joined: 17 Oct 2002 Posts: 16777178 Location: California
|
Posted: Fri Apr 25, 2008 6:41 pm Post subject: |
|
|
If it makes you feel any better, I agree with Graycat - unless they informed you of this ahead of time, and have written proof that they did, you're on pretty solid ground. I would double check and make sure that you didn't sign something stating you agreed to review all policies and such that are available on the company website (odd place to put such things unless it's an intranet I would think?)
|
|
Back to top |
|
|
PhiBer SF Mod
Joined: 11 Mar 2003 Posts: 20 Location: Your MBR
|
Posted: Mon Apr 28, 2008 5:22 pm Post subject: |
|
|
I am no legal expert, but this sounds like something the I.T. or DR department would be responsible for. As mentioned, if you were unaware of the policy then it would be pretty hard to litigate.
|
|
Back to top |
|
|
Fracker Just Arrived
Joined: 23 Apr 2008 Posts: 0
|
Posted: Fri May 02, 2008 8:45 am Post subject: |
|
|
Most of the IT Security Guy if give the responsibility to the User, they include in employee induction programs, most likely they introduce a line.
For Company Information Security Policy, check the website.
we know how to put our own blame to the helpless users
|
|
Back to top |
|
|
PhiBer SF Mod
Joined: 11 Mar 2003 Posts: 20 Location: Your MBR
|
Posted: Fri May 02, 2008 5:19 pm Post subject: |
|
|
Fracker wrote: |
we know how to put our own blame to the helpless users |
Yes, IT workers like you give all of us a bad rep.
|
|
Back to top |
|
|
larsmhansen Trusted SF Member
Joined: 11 Jan 2003 Posts: 0 Location: Boston, MA, USA
|
Posted: Fri May 02, 2008 7:21 pm Post subject: |
|
|
Hard drive failure is an "act of God", and an employee should not be held responsible for data loss cause by such failure.
If a stand-alone machine is the store valuable information, then the IT dept. must provide a reasonable means of backing this data up. CDs or DVD's are hardly "reasonable", as the process is often manual, they provide insufficient storage space, and are too time consuming for the end user. Also, the end user should have been trained in using the backup software, regardless of its nature.
|
|
Back to top |
|
|
Fracker Just Arrived
Joined: 23 Apr 2008 Posts: 0
|
Posted: Sat May 03, 2008 6:42 am Post subject: |
|
|
PhiBer wrote: |
Fracker wrote: |
we know how to put our own blame to the helpless users |
Yes, IT workers like you give all of us a bad rep. |
, I just told the reality That happens in many organizations.
@Person Above me
The topic starter said they have provided the backup policy as well as the mean, unless the employee wont ask for the facilities how come the IT guy will know that He has Valuable Information on his system. also when IT Security mentioned that for Company Security Policy you have to go on the website or web portal. Than it become employee responsibility as per Legal.
But yes, it shouldn't be like that, many organization form an Employee Induction program where they involve the IT Security into it. And every employee has to read and sign the acceptable Use policy.
|
|
Back to top |
|
|
The_Real_Gandalf Trusted SF Member
Joined: 14 Apr 2004 Posts: 0 Location: Athens,Greece
|
Posted: Fri May 30, 2008 9:36 am Post subject: |
|
|
i do not know what stands in US , but in E.U. i think you have to sign a paper given describing policy and guidelines on how to use , backup, handle in general network resources, along with privillege rights and security measures from user's side.
So unless there is no such signed document by the user, it is only user's word against the IT's dpt one.
A variation though of it, is if the company has made the first browser's page to be an Internal Webpage with guides mentioned as above. It that exists, it also stands as a legal fact for the user.
In any other case, there is no proof that user sould have complied with policies of the company. Unless of course his actions violate , general laws, like Warez or other of the same nature , where both user and IT persons considered equally guilty for that.
My advice... consult with a lawyer to give you proper guides on this, since you wont find anything here more than oppinions , which wont stand as responsible legal statements.
Gandalf
|
|
Back to top |
|
|
ThePsyko SF Mod
Joined: 17 Oct 2002 Posts: 16777178 Location: California
|
Posted: Fri May 30, 2008 5:32 pm Post subject: |
|
|
The_Real_Gandalf wrote: |
... like Warez or other of the same nature |
The thing about that is it's going to be hard to prove with the drive gone
|
|
Back to top |
|
|
The_Real_Gandalf Trusted SF Member
Joined: 14 Apr 2004 Posts: 0 Location: Athens,Greece
|
Posted: Mon Jun 02, 2008 9:47 am Post subject: |
|
|
nope.. not really..
Routrer's logs could identify if there was any connection or activity , that was made by this Terminal's IP, which indicate warez or porn files existance, on this "disappeared disk" of his.
Gandalf
|
|
Back to top |
|
|
|