IT departments are being called on to support more telecommuting employees and make sure they have the technology needed to effectively work and communicate with their peers back in the office.

In addition to productivity concerns and other day-to-day questions, allowing employees to work from home creates some new legal pitfalls for companies.

Here are a few of telecommuting’s biggest legal issues, and ways you can advise IT managers to avoid them:

1. Worker’s compensation

Multiple court cases have held companies liable for covering costs incurred by employees who injured themselves while working at home.

Therefore, when companies get their home offices set up, experts recommend they take safety into account — for example, by making sure the employee has ergonomically suitable equipment and furniture.

Companies’ efforts should also be documented (for example, by getting a photograph of the workstation) so the company can later prove it did its part to give the employee a safe work area.

2. Wage & hour law

Another legal issue with telecommuting is that letting employees work from home makes it much more difficult to monitor employees’ work hours, making companies potentially more susceptible to violations of wage & hour laws.

For example, employees may work overtime hours without their manager knowing, but then later sue for back pay.

One way IT can help is by installing time clock software on remote workers’ machines that requires them to clock in and out.

3. Privacy and data protection

In many cases, telecommuting employees will have jobs that require the use of sensitive company or customer information. Because people’s home networks are often less secure than a company’s, that confidential data could be more likely to be hacked when it’s handled by a remote worker.

To keep that from happening, IT should make sure remote employees have the right security technology in place, such as VPNs, firewalls and antivirus software.

The post Hidden costs of telecommuting appeared first on Finance Tech News.

In an post on Symantec’s corporate blog, the security firm reported that certain Facebook applications may have inadvertently been giving advertisers access to users’ account information.

An estimated 100,000 applications may have been giving this access for years, according to Symantec. However, it’s not clear whether any advertisers realized this. And, Symantec reports it has notified Facebook and the bug has been fixed.

Some of the access tokens that were handed out may still be valid, though, so Symantec recommends concerned users change their passwords.

The post Facebook accused of leaking personal data appeared first on Finance Tech News.

Because, as a new report from Ernst & Young points out, new directions in technology have dramatically increased the risk to this kind of data.

With the rise in popularity of mobile devices, cloud computing and social networking, there’s also a new government that’ more prone to both regulation and law enforcement, both of which make it likely that data breaches and leaks will come with a big pricetag.

The Ernst & Young report, “Privacy Trends 2011: Challenges to Privacy Programs in a Borderless World,” found that companies will spend money in 2011 to hire highly skilled certified privacy professionals and invest in technical controls that monitor and manage external attacks and internal leaks from within the organization.

Look for this in the next IT budget you get. If you don’t see it, you might want to ask why.

The post Plan on spending more to protect privacy appeared first on Finance Tech News.

Many folks already had big concerns about their privacy on Facebook, but a change in policy could increase the risk.

The social networking site recently announced that developers of third-party apps can now access users’ personal information, including phone numbers and home addresses.

To get that info, developers must first ask permission in the form of a dialogue box with options to “Allow” or “Don’t Allow.” But as security vendor Sophos’s Graham Cluly points out, there are a number of attacks taking place that trick people into granting that permission.

There are already plenty of rogue applications that send spam and steal data — this new feature just makes it easier for criminals to commit identity theft, Cluly says.

The ability to access personal data is not limited to approved developers or developers making apps with a legitimate need for that information. It’s all Facebook app developers, and they aren’t all on the up-and-up.

That puts personal information at risk, and for people who use the site for business purposes, rogue developers could gather information as reconnaissance for other hacks or for sophisticated social engineering attacks.

His advice: Just delete phone numbers and addresses from profiles entirely.

Talk with IT about the situation and suggest they they pass that advice on to your company’s users for their personal and businesses accounts — and remind them to check privacy settings and avoid posting potentially sensitive company information to the site.

The post Hackers get help from Facebook appeared first on Finance Tech News.

Zuckerberg seems to have made a less-than-inspiring appearance at the Wall Street Journal’s “All Things Digital” conference, reigniting the furor over his site’s convoluted and confusing privacy controls.

This right after Facebook announced a revamp of those controls that attempted to streamline the process and make it more, well, intelligible. (Which was actually pretty easy, since the old controls were so totally unintelligible users often had trouble actually getting to them.)

So now the folks with a lot to gain by piling on Zuckerberg and Facebook have started to, well, pile on. Not that the CEO and his social networking site don’t deserve it. But make no mistake: There’s an ox to be gored here and a line’s forming for the entertainment.

In response to a discussion draft of a new privacy bill currently under consideration by the House Subcommittee on Communications, Technology and the Internet, ten leading privacy and consumer organizations today called for much stronger provisions to protect consumer privacy both online and off.

Yes, that’s ten privacy and consumer groups. Didn’t know there were that many, but believe me, they’re coming out of the woodwork.

The groups, including the Consumer Federation of America, Electronic Frontier Foundation, Consumer Watchdog, World Privacy Forum, Consumer Action, USPIRG, Privacy Rights Clearinghouse, Privacy Times, Privacy Lives, and the Center for Digital Democracy, raised their concerns in a letter to Subcommittee Chairman Rick Boucher and Ranking Member Cliff Stearns.

Recognizing that “consumers increasingly rely on the Internet and other digital services for a wide range of transactions and services, many of which involve their most sensitive affairs, including health, financial, and other personal matters,” the groups made a number of recommendations for strengthening the draft privacy bill, including the following items:

• The bill should incorporate the Fair Information Practice Principles that have long served as the bedrock of consumer privacy protection in the U.S., including the principle of not collecting more data than is necessary for the stated purposes, limits on how long data should be retained, and a right to access and correct one’s data
• The bill’s definitions of what constitutes “sensitive information” need to be expanded; for instance, to include health-related information beyond just “medical records.”
• The bill should require strict “opt-in” procedures for the collection and use of covered data and should prohibit the collection and use of any sensitive information except for the transactions for which consumers provided it.

Any chance any of this will happen? Stay tuned.

The post Privacy sharks starting to swarm appeared first on Finance Tech News.

The survey, conducted for security audit toolmaker nCircle, talked to 257 experts nationwide.

One of the key reasons for a federal law is that state after state is now passing data collection and breach laws with different provisions, giving national companies an increasingly tangled set of requirement for customer consent, notification and liability when a data breach occurs.

“Security professionals know that allowing private industry to ‘self-regulate’ on security issues hasn’t worked so far,” stated nCircle CEO Abe Kleinfeld, and it’s unlikely to improve without some external stimulus. “A federal data breach law could become a catalyst for increased security investment and awareness for businesses of every size.”

But…

The big problem is passing any meaningful legislation in a U.S. Congress that is riven with partisan strife, powerful interest groups and vast technical ignorance.

The latest attempt at such a bill, the so-called Boucher Bill, drafted by several congressmen from both parties, deals with companies that gather and store information about consumers online, The draft bill has been submitted to get conversation started. Has it ever! The proposal has been strongly attacked by both corporate interests and by consumer groups.

Here’s a sample of the reactions:

• The Direct Marketing Association is going ballistic over requirements that before companies collect marketing information on consumers, that they get the consent of that consumer.
• The Progress and Freedom Association, an industry trade group, claimed that the bill would be the death of the “free” Internet.
• The Electronic Privacy Information Center declared that the law doesn’t do anything but maintain the unsatisfactory status quo.
• Consumer Action is complaining that the privacy provisions of the law are actually far weaker than those already in place for some states, and that the law would limit liability in cases where critical personal information leaks out and harms a consumer.

Companies like Microsoft and Google are holding their fire, “welcoming” the chance to discuss the bill. But you know that they and many others who have built a business on collecting such data have lobbyists lining up to write in exceptions to the already mild provisions of the bill.

Count us as cynical, but even if a law gets passed, it will be so watered-down and filled with loopholes that it will create more problems than it solves.

The post Congress working on new data security law appeared first on Finance Tech News.

An employer gave cell phones to a group of employees so they could communicate via text messages. The contract with the wireless provider said the company would be charged an overage fee if any phone sent more than a certain number of words in a given month. Employees had to reimburse the company for those charges.

After one employee went over his limit four times, the company obtained copies of his messages from the wireless provider. The transcripts revealed the employee was sending a lot of personal messages — in fact, many of them were sexually explicit.

The employee was disciplined, but sued, claiming his privacy was violated when the vendor provided — and the company read — his personal messages.

A jury ruled in favor of the company, before an appeals court reversed the decision. The reason: The messages weren’t the company’s property because they were stored by a third-party vendor (unlike company e-mail, which is often held on the company’s own network).

Now, the Supreme Court has agreed to hear the case. We’ll keep you posted on the outcome.

Cite: Quon v. Arch Wireless

The post Firm paid for text messages; can it read them? appeared first on Finance Tech News.

Well, I must admit that this holiday season some health problems are preventing me from shopping in stores and forcing me more than ever to buy presents online. So far, I’ve got no complaints with the stuff I’ve bought.

I buy an item online, the seller ships it, I receive it and we’re all happy. End of story.

But therein, I believe, lies the crux of the ongoing problem with online transactions, be they social networking exchanges or “news stories” from amateur journalists.

The old rules still apply to new technology: You get what you pay for. If you want information to be private, don’t think you can stash it on a free Facebook account. The shock of Facebook addicts when the site’s owners “monetize” their information by selling it to marketing firms is somewhat laughable. And, if you want credible reporting by trained journalists who’ll get fired if they make things up, you’ve gotta pay for that too.

Let’s first look at Facebook, which is first and foremost, a business. It has to make money to survive. The commodity they have to sell is your information. Users of Facebook want to enjoy the forum but not accept any of the risk that’s involved in sharing intimate details of their life in a free and very public space.

Now, in the immortal words of Casablanca’s Captain Renault: “I”m shocked, shocked to find out…” that the owners of this free, public forum are actually trying to make a buck off of my fun!

I’ve got just one question Facebook fans: How’s this whole free Facebook thing working out for you?

The same goes for Mr. Murdoch, who had no qualms about selling tainted right-wing propaganda as news on his network, but now is crying foul because the public’s appetite for news that fit their views is cutting into his profitable business model.

Look, anybody can make up facts and present them as truth to support a point of view. It takes discipline and layers of nasty editors to flush out the charlatans in the news business — and even then a few sneak by. To get real journalism, you have to hire a whole gaggle of trained reporters and keep a real short leash on them. And that costs money — that has to be recouped by the sale of the news to a discerning and demanding public.

What Murdoch created was a fantasy-land kind of reporting that allows all the news that fits the narrow perspective of the audience.

And my question for him: How’s that working out for you, Rupert?

To read an excellent overview of the new Facebook policies and just how insidious these “upgrades” to privacy really are, check out the post by the Electronic Frontier Foundation.

To read about Mr. Murdoch, well, do a Google search.

The post Getting what you pay for online — or not appeared first on Finance Tech News.

The conventional wisdom: Anything an employee does on company-owned equipment can be monitored.

But the conventional wisdom is wrong in many cases, according to a recent Wall Street Journal article. As personal and professional lives continue to overlap, courts have a greater tendency to protect employees’ privacy, even when they’re at work.

Take these recent cases:

• One company used a keylogging application to monitor computer use. An employee sued after he learned his manager had read his personal e-mail. The employee won (Cite: Brahmana v. Lembo).
• An employee won $400,000 in court after her boss logged into her personal e-mail account to read messages she sent (Cite: Van Alstyne v. Electronic Scriptorium Limited).
• While investigating a discrimination claim, a company found e-mails the employee had sent to her attorney at work. Though they contained info that would’ve helped the company, the court ordered that they be deleted because the messages were protected by attorney-client privilege (Cite: Stengart v. Loving Care Agency).

In most cases, whether monitoring is legal or not comes down to one question: Who owns the e-mail?

In other words, are the messages stored on the company’s network or by a third party (as is the case with personal accounts, like Yahoo and Gmail)?

While employers are normally within their rights to monitor employees’ work e-mail, courts will usuaully draw the line when the data’s stored by a third party.

The post E-mail monitoring mistakes cost companies in court appeared first on Finance Tech News.

Typically, keylogging is done secretly, so the employee is unaware of it. Just as typically, it’s implemented because the employee is under suspicion of using a computer in an unauthorized or illegal way. So far, so good.

However, some targeted employees have dredged up a section of the Electronic Communications Privacy Act as a defense — and a reason to sue employers for invasion of privacy.

Title I of the ECPA amended the federal Wiretap Act covers the “interception of electronic communications,” making it an offense to“intentionally intercept . . . any wire, oral, or electronic communication.”

The issue came up in a California federal-court case, Brahmana v. Lembo. The question was whether a keylogger that records keystroke information in transit between the keyboard and the computer’s central processing unit violated the EPCA.

The short story is that the court didn’t find the company general keylogging to be in violation of EPCA.

There’s a complication because, using the keylogger, the company captured some of the employee’s confidential passwords and used them to access private accounts. The court is allowing the case to continue to determine whether using the passwords violated the EPCA.

So, at this point, the verdict is:

• Keylogging to track Internet usage? Probably OK.
• Using keylogging to access private info? Probably not.

The post Keylogging: When it’s legal, when it’s not appeared first on Finance Tech News.