CXO

Talking Shop: Was this tech's e-mail investigation abuse of power or necessary precaution?

Read an example of when an IT pro may have let his power overstep ethics.


Our "What would you do?" column is a forum for sharing your knowledge and experience in dealing with the softer side of computer support. Every two weeks, I will present a scenario that requires more than a technical solution. Each situation will be an accurate description of an actual event, with the names and other identifying factors changed to protect the innocent—and sometimes not so innocent.

I will first present the outcome and discussion of a scenario from a previous week. Then, we'll jump right in to the next problematic situation. So without further ado, here are your responses to our column "Employee borrows company equipment for personal use: How should IT respond?"

Case of the missing Zip drive
With the exception of a few readers who felt that Mark had done nothing wrong in borrowing the Zip drive, the overwhelming consensus was that, at minimum, the tech should:
  • Begin securing his equipment.
  • Suggest an addition to the company policy regarding the use of computer equipment for noncompany purposes.
  • Confront Mark and/or report the incident to Mark’s boss or the IT manager.

Much of the discussion focused on the degree of heinousness of Mark’s actions; many members offered suggestions on whether he should be asked politely not to do it again, be fired, or be arrested. Some felt that the tech should also bear some responsibility for the incident because he had failed to secure his equipment.

Unfortunately, many of the actions suggested would, in most companies, be beyond the authority of the tech. Some extreme actions could seriously jeopardize the tech's relationship with the employee if the tech did not receive managerial support for his actions. “This guy should make no political moves whatsoever, except to inform his boss of the situation," wrote Aaron_lvs_IT. "It is important for a support technician to establish and maintain a good working relationship with everyone.”

So what did the tech actually do?
After considering the situation for a couple of days, the tech unofficially reported the incident to his boss. The tech felt considerable conflict in so doing, because the company was lax on taking appropriate action to correct such problems. The tech was afraid Mark would receive a slap on the wrist and then try to make the tech’s life miserable for reporting him.

The tech’s boss reported the incident to his own boss who was also disturbed by the incident and was already aware of Mark’s tendency to misuse company time/resources. As of this date, however, nothing has been said or done to Mark. Our tech now locks his office, has suggested that an explicit statement be added to the company computer usage policy regarding the use of company equipment, and has informed Mark of his rates for consulting outside company hours. We'll continue to track this case, so stay tuned for future updates.

Tech reads user e-mail: Abuse of power or necessary action?
This week's scenario is a little complicated, but all good detective stories are. Once you've looked it over, I hope you'll take a moment to comment.

Update: So what really happened?
To learn the outcome of the scenario outlined below and get a recap of the comments and suggestions given by TechRepublic members, click here.

A tech is called into the IT manager’s office and is told that Marcus, a secretary, has complained to the IT manager's boss, the IT director, that the tech treated him very discourteously when denying his request for help downloading clip art from the Internet. The manager instructs the tech to meet with Marcus, discuss his clip art needs, and make an appropriate purchase. Furthermore, the tech should treat Marcus' request as a top priority.

Because our tech takes prides in his customer service skills, he is deeply disturbed by Marcus' complaint. The entire conversation perplexes the tech, since he can remember no such request from Marcus. Regardless, he agrees to quickly resolve the issue and leaves the IT manager's office.

A little IT detective work
The tech immediately consults with other techs and reviews the help desk logs, but he finds no record of Marcus' request. This leads him to suspect there is more to this situation than meets the eye. Unfortunately, the tech feels unable to address Marcus directly without first knowing all the facts. To investigate the matter on his own, our tech exercises his privilege as an e-mail administrator to access Marcus' company mailbox.

Even though the company has a written policy stating that there is no expectation of privacy when using the company's e-mail system, the tech feels a little uncomfortable in taking this approach but doesn't feel he has any other option. Almost immediately, he finds the e-mail that started the incident.

Marcus had sent an e-mail to the IT director's secretary complaining about several IT procedures. In particular, Marcus mentioned that he disliked having to send an e-mail requesting assistance when the help desk office was just down the hall.

On several occasions, Marcus had walked into the support techs' offices and been informed that the help desk could not help him until they had received an e-mail request. Marcus had found this response personally offensive. Marcus also objected to the policy forbidding users from installing their own applications; he was disappointed to discover that this policy included clip art downloaded from the Internet.

It all makes sense now
The tech now understood the source of Marcus' complaint and deduced that as the complaint had been filtered through the IT director's secretary, the IT director, and finally the IT manager, it had lost something in the translation. But what should he do about it? Should he proceed to purchase a clip art program for Marcus as instructed, or should he try to address the underlying issue—Marcus' resistance to follow company policy?

Following the IT manager's instructions would ensure that the tech remained in good standing, but it would also serve to perpetuate Marcus' belief that he doesn't need to follow standard IT procedures, which would set a bad precedent for the other users. On the other hand, attempting to address the underlying problem could require the tech to reveal that he read Marcus' e-mail.

What would you do?
After reading this scenario, if you have ideas about how a satisfactory resolution might be achieved, send them to us. Don’t hold back and don't be afraid to be creative. And if you've ever encountered a similar situation, we're particularly interested in hearing the steps you took to achieve a resolution.

You can submit your ideas either by sending us e-mail or by posting a discussion item at the end of each column. A week after the publication of a scenario, we'll pull together the most interesting solutions and common themes from the discussion. We will later present them with the situation's actual outcome in a follow-up article. You may continue to add discussion items after the week has elapsed, but to be eligible for inclusion in the follow-up article, your suggestions must be received within a week of the scenario's publication.

Editor's Picks