General discussion
-
CreatorTopic
-
June 24, 2008 at 2:50 pm #2151215
HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
Lockedby drakebrown · about 15 years, 9 months ago
I am the Director Of I.T. The Director of HR is demanding that i provide all the passwords of the administration department employees. I am being told they have a right to this information as they want to check email whenever they want. I consider that snooping. I recognize that email is the property of the company. However I feel unsure of whether legally they have a right to just go in carte blanche and look at email without just cause. My position is i will log into the individual account and let them peruse email without divulging the suers password. How do other companies handle this.
Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
June 24, 2008 at 3:11 pm #2908916
Be VERY careful.
by locrian_lyric · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
Tell HR that you want something in writing from compliance before you even THINK of doing anything of the sort.
While the company can of course view what is on their equipment at any time, granting access to individual’s passwords is lunacy and asking for a lawsuit.
You may wish to grant some sort of super-user access to ONE person in HR, but nothing more than that.
Our company checks email on the servers and never goes into the accounts themselves. ALL email is monitored on the server, they have sniffers and pick out emails as they wish.
Now, here’s a question I have for you:
If an employee is disciplined due to information gleaned from this method of spying, how can you prove it?
“Hey, I didn’t write that email. One of you HR people must have logged in as me! I know you poke around because I noticed that my account had been logged on when I wasn’t even here!”
Can you say “lawsuit” boys and girls?
-
June 24, 2008 at 3:17 pm #2908910
That needs to be elevated
by dawgit · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
With a written Policy Letter (that would hold up in a Court of Law) as to specificaly Who, and for What Purposes, would have acess to What. You of course need to start that with a memo (at least) to the upper levels, with a copy to the HR, expressing the negitive effects of not having that policy. With out an effective policy your company maybe be in violation of several laws. (depending on your location, and type of business) IMHO of course. -d
-
June 24, 2008 at 4:59 pm #2908846
Company policy
by mjd420nova · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
We have a company policy that says that the employees direct reporting manager has the right to review any employees E-mail upon request from that employees manager. The employee will open his/her E-mail account and allow the manager to look through it at anytime. The catch is that the manager must request this and the employee must be present but that no passwords are to be revealed. This way there can be no denial of the origin of any content. Makes sense to me and actually has a very trusting effect and a restricting policy at the same time without being to constraining.
-
June 24, 2008 at 5:50 pm #2908819
The other answers are great
by zlitocook · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
But a user that is doing something that they should not, they would delete or create many subfolders so that some thing they are trying to hide will be hard to find. And a search of their email would not show this. Only the back ups if kept, on the server would show what the user has done. And only the IT department can get to the back ups.
You need to point the HR department to government compliance websites Even if your company is not a public company.
And point this out if some one else opens and reads the emails they will no longer be new so the next time the user checks their email they will not see new mail.
This kind of thing (spying) needs to start at management and needs to be promoted up to HR and lawyers to see what it could mean to the company.
If it did not go as planed could the company be sued or could it lead to a news story with the user telling every one that they are being singled out for some reason?
This is a vary tricky thing to start and company lawyers need to look at it first.
No do not give HR access to email with out doing allot of research first.
It could be your problem if you have to go to court.
It could be that an HR person has a problem with a person and wants to find a reason to dismiss that person. -
June 24, 2008 at 6:56 pm #2908796
Bad News
by cognos · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
I think it depends on your locale. However, I would say that it is highly unethical to provide any person the ability to impersonate another in any format — including email. Giving someone credentials to an email account does just that, and guess who is party to any illegal behavior undertaken in that case? *YOU*. Fun, eh?
While most companies do have a right to look into employee email, doing so can be justification enough for the establishment of a hostile working environment in the event that something about the employee is revealed to the employer and the employee sues for some reason. (Harassment…?) Further, the employee can sue the employer if anything personal is revealed.
Unless I suspect something illegal, I don’t turn passwords and user names over to anyone — period. In the event something illegal goes on — and it has on a few occasions — giving the information to law enforcement won’t get me in hot water or my employer in a lawsuit. I think that’s the only “safe” case for that type of disclosure.
My opinion, of course. 🙂 I wouldn’t do it without as documented (written, dated, signed) request from your CEO. I wouldn’t do it unless there’s provision for it in the employee manual. And I would certainly make all users aware that their email is open to snooping from the get go.
-
June 26, 2008 at 8:57 am #2904814
very well stated
by drakebrown · about 15 years, 9 months ago
In reply to Bad News
Thank you. You have provided a concise accurate analysis. Believe me when i got the request from HR the first thing i though about was what you pointed out in your opening paragraph. I would be the one singled out not HR.
Thanks
Drake
-
-
June 25, 2008 at 2:27 am #2905952
If they want look they want to look
by tony hopkinson · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
Howver they don’t need an individual’s user to do it. Hand that out and they can impersonate ann employee. This would make any evidence garnered dubious.
What you have here is some non tech person asking you to implement their solution instead of asking you to solve their problem.
Never a good idea to go along with that sort of thing.
-
June 25, 2008 at 3:48 am #2905930
I’m in the UK, but….
by gadgetgirl · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
I’d tell you to rapidly do some research on digital evidence collection and justification.
There is no reason to ballpark all the admin dept people – they MUST have an idea of who it *could* be; that means, of course, that they have to do this through incident investigation. That means proper authorisation.
At the very least, following digital evidence collection best practice, there needs to be a lead collecter and witness at every stage, otherwise (over here, at least) the evidence wouldn’t even get IN to court, never mind be thrown OUT of it.
This is an absolute minefield – CYA as much as you can: if necessary, refuse to do it, and give them a detailed explanation in writing, as to your reasons for refusal.
Over here, through the EU P & M Directive, we can’t look at EVERYTHING in a persons’ mailbox in any case….
Yes, I’ve done this before, yes, I investigate incidents, yes, I write policies and procedures too, and yes, I will accept a pm from you as you no doubt realise this is an absolute minefield.
GG
-
June 25, 2008 at 5:48 am #2905902
NO!
by charliespencer · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
As many others have pointed out, there’s no way to prove someone in HR didn’t log in as that user and commit an offense. Worse, having the password provides access to all data the user has rights to, not just his e-mail. Not only should HR not have an employee’s password, neither should IT or anyone else.
Work with HR to develop an e-mail auditing policy. This should specify that requests to audit an account must be in writing, and should be signed by the person requesting the audit and his supervisor. (Where I work that requires a VP signature.) Then change the employee’s password to a temporary one, log in, audit the e-mail with at least two people present at all times, log out, and require the employee to change the p/w when he next logs on. This way you have an electronic trail of the p/w being changed.
-
June 25, 2008 at 8:22 am #2905770
Giving out passwords is a no-no
by notsochiguy · about 15 years, 9 months ago
In reply to NO!
I ran into an instance of just why passwords should NEVER be given out or shared a few years back.
A high level person within a company I was working for ‘resigned’ via e-mail to the CEO. The problem was that he was out of the country on a mission for his church (this was widely known, too).
At the time, we didn’t offer OWA, so the only way someone could send e-mails was to either be connected internally or via the VPN. The CEO asked us to check if this was legit, and sure enough, there were no logins from the person on the VPN. HOWEVER, someone had logged onto his computer to presumably send the resignation (as well as some other choice messages, I may add…if not for these other messages, we would have written it off as a friendly prank….but these other messages were rather mean spirited).
Unfortunately, we never found out who did it. The user said he didn’t give out his password, and he didn’t have it under his keyboard (I checked)…but somehow, someone got a hold of it.
Like others have mentioned…catching messages on the server or having a policy in place to outline spot checks is a much better route to go.
-
June 29, 2008 at 6:46 pm #2907249
Faking “from” address of email is easy…
by sdrucker · about 15 years, 9 months ago
In reply to Giving out passwords is a no-no
and generally doesn’t require knowing any passwords. Thats what sounds like happens to your missionary guy.
If you look at the headers of the original email, you can see what ip address it came from. I could send an email from president@whitehouse.gov to hillary@hillaryclinton.com telling her that her green pantsuit makes her feet look big.
The FBI and Secret service would be knocking on my door within a few hours for that little prank (the originating IP would track back to my ISP), but my name and email would remain anonymous to the recipient (until AT&T told them).Giving HR access to passwords seems irresponsible. You might compromise by giving a specific HR officer a special user/pw that has access to a SPECIFIC user’s home directory and email with a LIMITED time factor. They do have legitimate reasons to snoop(audit) occasionally, but if my HR rep had a user/pw list on her laptop (that her boyfriend/corporate spy/hacker) might get access to, well, bad things could come from that.
-
-
June 26, 2008 at 8:53 am #2904817
email auditing policy
by drakebrown · about 15 years, 9 months ago
In reply to NO!
I like that idea of an email auditing policy which would be in the form of an official request signed by the President of the company. I hadn’t thought of that.
Thanks
Drake
-
-
June 25, 2008 at 5:55 am #2905893
as a rule of thumb
by jck · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
I can not vouch for law in your state or jurisdiction.
Emails that are sent or received on company computers are viewable by the company management at any time for any reason.
However as Director of I.T., you are not obliged to divulge ANYONE’s password. That is not only a violation of system security for which YOU are directly responsible. But, it is also not the right of anyone other than the user to know his or her password.
If the Director of H.R. keeps insisting, take this to your immediate supervisor for consultation with your corporate legal counsel.
I believe you are in the right. Providing them access to emails is one thing, but giving them sensitive account information is wrong and could put you and your employer at jeopardy.
-
June 26, 2008 at 8:50 am #2904822
nice summation
by drakebrown · about 15 years, 9 months ago
In reply to as a rule of thumb
I believe this to be the clearest most accurate view of any suggested.
Drake
-
-
June 25, 2008 at 7:33 am #2905823
Sounds like trouble
by himdownstairs · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
To me it seems like your HR department is overstepping its boundaries. While it’s important to monitor if a user is abusing policy, it’s also important to not go on a witch hunt. HR needs to let the people who deal with computers, deal with computers. Shouldnt they be dealing with more pressing issues (i.e. creating policies protecting an employees personal information)?
-
June 26, 2008 at 8:48 am #2904826
It is trouble
by drakebrown · about 15 years, 9 months ago
In reply to Sounds like trouble
Thank you, that was my initial reaction. Ironically the HR director subtly implied she may sue me if the person she wanted to investigate ever threatened her. The argument HR made was one of i went to I.T. and they wouldn’t get me the passwords thereby putting me (the HR director) at risk. My point was to allow her to see it but under controlled supervision with the President of the company’s approval. I would then log into that person’s account and supervise HR’s inquiry into the various emails requested. The fact that she might sue me because i didn’t roll over for her is very disconcerting.
Drake
-
June 27, 2008 at 12:55 pm #2906707
That is a threat!
by 1bn0 · about 15 years, 9 months ago
In reply to It is trouble
And the last time I looked at the labour laws here, it was ILLEGAL
-
-
-
June 25, 2008 at 7:33 am #2905822
HR is not IT
by cactus pete · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
HR personnel do not generally have the background required to properly do this sort of IT work. That’s why there is an IT department, after all…
Also, why in the world would you know everyone’s password? Shouldn’t passwords be changed regularly, as well? Are you to provide updates to the HR department every time someone changes their password?
I suspect HR doesn’t understand much at all about IT, since they asked for this in the first place. Passwords are to be secret. That’s why we have elevated admin accounts that don’t need a user password to view the data…
If there is a legitimate need for HR to see something, they should provide IT with detailed search criteria so you can help them out.
Now, if they are investigating an IT employee, obviously you, as the director, need to be the one handling the search.
Frankly, I am astonished that HR would have such little knowledge about what they can or can’t do, or should or shouldn’t do. I’d watch my 6 if I were you.
-
June 26, 2008 at 8:43 am #2904831
why I.T. has passwords
by drakebrown · about 15 years, 9 months ago
In reply to HR is not IT
You raise a good point, one that i have wrestled with. When i set up a new user i have my unix server generate a random password, generally meets the requirements of a good password and then instruct the user that they can change it if they want. Most never do. Also, i have found through experience that it is a big headache to not be able to log in to that persons account to troubleshoot an issue as the individual sees it. Sometimes the problem has to do with a users profile for instance. Anyway even though i have elevated status i still couldn’t troubleshoot someone’s email problems without logging in as them. But it does put me in an ethical dilemma at times. That is why i instruct them to change their password if they prefer. Perhaps you have a better strategy.
Drake
-
June 26, 2008 at 8:58 am #2904810
What if
by wesley.chin · about 15 years, 9 months ago
In reply to why I.T. has passwords
What happens in a scenario when user changes the password, only the employee knows what it is, and then later down the road, the employee can’t login to his computer….
-
June 26, 2008 at 9:29 am #2904778
Then you reset it to a temporary p/w and require them to change it.
by charliespencer · about 15 years, 9 months ago
In reply to What if
The user logs in with the temporary p/w and is then prompted to create a new password. This is SOP in almost all shops.
-
June 26, 2008 at 2:38 pm #2906929
Hmm
by wesley.chin · about 15 years, 9 months ago
In reply to Then you reset it to a temporary p/w and require them to change it.
It may be doable in a network with a server, but if that isn’t one, then that might not be an option.
-
June 27, 2008 at 12:25 pm #2904345
-
August 20, 2008 at 9:42 am #2930521
Don’t keep the passwords
by cactus pete · about 15 years, 7 months ago
In reply to why I.T. has passwords
If you generate it and give it to them without forcing them to change, just give them the original copy and never record it.
Should you need to log in as them later, ask them what the password is, and don’t record it.
-
August 20, 2008 at 11:10 am #2930473
I wouldn’t even do that.
by charliespencer · about 15 years, 7 months ago
In reply to Don’t keep the passwords
If I need to log on as them, I’d force the password to a new one, use it, and force a p/w change when after I log them back in.
I don’t ever want to know a password, and I’ll force you to change it if you tell me.
-
August 20, 2008 at 12:03 pm #2930444
actually
by cactus pete · about 15 years, 7 months ago
In reply to I wouldn’t even do that.
I was going to suggest you WALK over to the user and look at their system. Or at least make them type in their password.
But I wasn’t sure about the whole setup. I realize sometimes you have to balance security and functionality. (for example, the user can’t ever have the password accepted – it’s a keyboard issue…)
-
-
-
June 26, 2008 at 8:57 am #2904811
I would advise of options
by tonythetiger · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
most email systems have methods of looking at email without logging in as the user.
In my opinion passwords must be kept private. Otherwise why even have them?
-
June 27, 2008 at 9:59 am #2904421
Similar in concept to Payroll
by drakebrown · about 15 years, 9 months ago
In reply to I would advise of options
That was my point originally. Passwords by definition must remain private and kept from all parties. Obviously I.T., since they set it up will know the passwords. I see it similar to Payroll. Of course no employee has access to other peoples wage information except their own. The Payroll Dept of course does have that information. They simply have to be trusted to be confidential. The same with I.T. I’m going to have information (like passwords) that no one else has. I simply have to be ethical and confidential. And no one else should get that information unless approved by very senior and/or upper management. I don’t consider HR senior or upper management.
-
June 27, 2008 at 12:27 pm #2906718
You have the passwords??!!!!!
by ic-it · about 15 years, 9 months ago
In reply to Similar in concept to Payroll
You should set it up initially, then force a user must change on next logon. This protects you as well as the user.
-
June 27, 2008 at 1:09 pm #2906700
IT does not have the passwords
by rfink · about 15 years, 9 months ago
In reply to You have the passwords??!!!!!
In most OSes the passwords are unknown to the administrators. They have the power to reset them, but they don’t have the power to see what they currently are.
IT couldn’t gave the passwords away if it wanted to.
-
June 27, 2008 at 1:25 pm #2906689
Read his third sentence
by ic-it · about 15 years, 9 months ago
In reply to IT does not have the passwords
Then my response will make sense. It should not have the password after initial account setup.
-
June 27, 2008 at 2:05 pm #2906675
Obviously I.T., since they set it up will know the passwords
by tony hopkinson · about 15 years, 9 months ago
In reply to Similar in concept to Payroll
I’m getting confused here.
That you have say the sa password for a database server. or the domain admin, fine.You should n’t have any passwords for anybody else though. Setting up wise you might know it until the user first logs on and is forced to enter their own, but that’s it.
You are on seriously shaky ground here, the standard get out for this is “I don’t have their password”, and you shouldn’t.
How could you prove it was me who sent the email, could have been you. I’m not suggesting you’d do such a thing, but a lawyer will…..
-
June 27, 2008 at 5:02 pm #2906615
The bottom line is
by tonythetiger · about 15 years, 9 months ago
In reply to Similar in concept to Payroll
if anyone knows anyone else’s password, they could pose as that person. Not only would it be possible to use someone else’s account to perform some bad act, it gives the account holder deniability should they perform a bad act.
-
-
-
June 27, 2008 at 2:24 pm #2906664
take it to the boss
by oz_media · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
You boss or teh owner should autjorize this, it i not your esponsiobility to do so unless yoru employer asks you to. HR is just a group of employees, would you do give the receptionist all the passowrds for office admins?
It is not YOUR call and it is not HR’s call, only the owner/boss has authorization to allow computer access.
-
June 29, 2008 at 4:56 pm #2907286
Security Breach
by samuellthomasjr · about 15 years, 9 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
Apparently, you have a turf battle at hand. HR is HR; and IT is IT. Information Technology, and anything related to it, remains the pre-imminent responsibility of the CIO or Director of Information Technology. Providing your or another person’s password to anyone else is a complete violation of every security policy ever written and enforced.
Monitoring is the answer. Monitor network utilization by the HR and everyone else are, including web content and email filtering. Extract detailed reports of non-business related activities and you will find that HR is the biggest culprit. The password thing is a smoke screen. Focus on what is really happening.
You are totally correct in NOT providing the passwords, but permitting company HR & Security to work WITH you to resolve security breaches. Be Proactive! And see how quickly HR backs off.
I had a HR Director, that was breathing down my neck. She was using an outside HR firm to do her job. Little did the CEO and CFO know this, until I provided the network logs of activity between that company and ours … and the origination. She was stood down very quickly; required to do her job; and stayed clear of me the remainder of the time I was there.
There are several issues here, rolled into one. But, the underlying issue is security. Users are provided with an initial password and required to change it frequently.
HR’s ploy compromises security of your Information Technology infrastructure.
Review and audit your company’s security standards. Make certain this policy complete defines “appropriate business use”. Make certain that this policy is included in the employee handbook and each employee signs an agreement to adhere to this policy. That is where HR’s responsibility stops! Then it becomes you responsibility to assure compliance.
To avoid these issues, most companies that I consult with implement security standards that avoid the root cause and negate the HR invasion.
Email content filters do have the capability of detecting, storing and preventing delivery of illegitimate or compromising email. And, you, as the Director of IT, determine the flow direction. Most of this filter software also has notify capability, acting as a “red flag” to potential security risk.
Much like web content filtering, email filtering software for security content comes in many flavors. The more granular the software, the more expensive it becomes.
I hope this helps avoid the scourge. Good luck in dealing with HR.
-
August 20, 2008 at 2:15 pm #2930313
How can you even give a password?
by gsg · about 15 years, 7 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
I’m perplexed at how you would even know their passwords. Unless you have a system that stores the passwords as clear text somewhere, you shouldn’t be able to even see them.
We assign a password that is set to expire at first logon. The user signs in and can go no farther until they change it. If they forget it, then we re-set with a generic and the whole dance starts again.
No one, not even an IT person should be able to know anyone else’s password, so any request to have someone’s password would be impossible to grant.
(Of course, I’m ignoring key loggers and other hacking tools)
-
August 21, 2008 at 8:07 am #2930910
I came to that conclusion myself
by drakebrown · about 15 years, 7 months ago
In reply to How can you even give a password?
You’re right. At first i thought it a hassle to have to always ask for a password from users. So i just stored them in a DB and used them when needed to log in on their pc. I trusted my ethics. But now i realize knowing this info is a liability that i would prefer not to have.
-
August 21, 2008 at 10:48 am #2930796
You asked for their passwords?!?!!
by gsg · about 15 years, 7 months ago
In reply to I came to that conclusion myself
And they actually gave them to you? That is a huge no-no here. We train our people to not do that and actually fired one of our IT people for asking. There’s no reason for an IT person to know any one’s password here.
If they need help and we need them logged on, then they have to stay with us. Otherwise, we’ve opened ourselves to a big risk.
-
August 22, 2008 at 9:01 am #2931400
Hold on there
by drakebrown · about 15 years, 7 months ago
In reply to You asked for their passwords?!?!!
Look I am the I.T. manager. The only I.T person here at this company. I set up all new users and give them a randomly generated password. I don’t have a huge staff. I am the staff and i set the policy. That’s why I’m askin the question. How are others doing this and handling this.
-
August 22, 2008 at 9:22 am #2931395
I AM the IT staff here
by dumphrey · about 15 years, 7 months ago
In reply to Hold on there
and I have no idea, or any desire to know, the users passwords. As the IT manager I can reset a password, but the user would know right off when they come back. As a rule, I do not reset a users password without their consent. And on our network, there has not been an issue I could not work around until the user became available.
-
August 22, 2008 at 8:09 pm #2929631
IT numbers
by gsg · about 15 years, 7 months ago
In reply to Hold on there
I was just saying how we do it at our organization. In fact, we are audited yearly by the state and at a minimum every 3 years, by the JCAHO and that’s one of the things that can affect our licensure. It would take about the same amount of time to re-set a password in AD as it does to look up the user’s password in a database (I’m assuming that you run windows as I’m not that familiar with other OS’s).
The point here is that it’s just not recommended as good practice for you to know their passwords. If one of them downloads child porn, they could say that you did it as you know their passwords.
HR may force you to turn over passwords now, but in the future, if you keeping the passwords in a database is not your organization’s policy, I’d seriously consider not keeping them. When they expire then this becomes a mute point as they will then change their passwords and you can tell HR honestly that you have no idea what they are. That removes you as the middle-man and the perceived bad guy when your end users find out. And they will find out.
-
-
-
August 22, 2008 at 9:18 am #2931396
Alot depends on your company email policy
by dumphrey · about 15 years, 7 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
But access to email is one issue, access to their password is another. If they want to monitor email, they need to pay for a solid solution, or use the MTA to copy all incoming mail to their account 😉
-
August 22, 2008 at 9:35 am #2931388
DUPE POST
by oz_media · about 15 years, 7 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
DUPE POST
-
August 22, 2008 at 9:42 am #2931381
not an issue
by Anonymous · about 15 years, 7 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
Where I am, there is a person who has a list of the passwords of all employees. So that issue is a non issue here.
-
November 18, 2009 at 1:25 am #3015976
we need to go as per the company policy
by urpraveens · about 14 years, 4 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
we need to go as per the company policy. Need to be escalated to higher management. Finally passwords are highly confidential. Don’t disclose with anyone and don’t provide to HR also.
-
November 18, 2009 at 1:42 am #3015974
only a year late…
by .martin. · about 14 years, 4 months ago
In reply to we need to go as per the company policy
thanks for the input
-
-
November 18, 2009 at 12:28 pm #3015845
Proper way to handle this
by theprofessordan · about 14 years, 4 months ago
In reply to HR DEPARTMENT DEMANDING EMPLOYEE PASSWORDS
My opinion is that you approach the HR Manager and tell him that he can have the passwords as long as there is a written policy in place agreed upon by the what ever form of executive committee or baord that your organization has. I am not opposed to HR doing this but there has to be concrete policies in place to protect the company in case of potential lawsuits. This will either open the door for discussion or close it because the HR manager will know that they are out of line.
-
-
AuthorReplies