Amazon Design

Oh isn’t Amazon great. Don’t forget to fix your Wish List settings too. Heaven forbid they place that information in one central spot and let you control the privacy there.

Amazon Wish List

Share

Identity Tidbits

I am sure everyone who reads online articles, blogs etc has seen the talk about Facebook being used to gather data for Identity theft. I stumbled onto one little tidbit. Amazon. Would you believe that your birthdate (minus year) and email used for your Amazon account shows up publically to everyone by default?

You should log into your account. Click Yourname’s Amazon the click the “Your Profile”. Make sure to edit it and change your email and birthdate lines to show for you only. Then on the right side do the view page as seen by Everyone. I sure hope I accidently set that and it was not Default.  If it was default Amazon ought to be ashamed.

Amazon Profile

Share

Employee Privacy

I previously posted about having to make sure we have something in place to protect employees from misuse of the new surf control deployment. Here is a sample of what I went with.

Employee records and data which includes, but not limited to, telephone use,
cell phone use, computing resource, video surveillance and Internet use, are
to be handled with the extreme sensitivity and confidentiality. Management,
or others requesting access to this type of information, must submit their
request to the Human Resource Department location for which the employee in
question is based. All HR-approved requests must be then be also approved
by the Corporate Security Officer. The appropriate local IT Department must
provide all requested data to the local Human Resources Department, who in
turn will provide this data to those initiating the information request.
In reviewing all data and record requests, the HR department must assess the
appropriateness for the individual requesting the data, as well as the
relevance of the data being requested.

There are occasions where employees are unavailable (e.g. vacation) and a
manager assigns a stand in. In these instances where no investigation is
involved the manager must submit a notification with duration or access
required to the Human Resource Department location for which the employee in
question is based. Human Resources will review the appropriateness of the
temporary access. HR-Approved requests will be sent to the local IT
Department. The IT Department will send notification of access change to HR
and the requesting manager. Access must be removed at the end of the
assigned duration and confirmation sent of the removal. If the requesting
department is HR then they must obtain approval of the Company Site manager.
If any information is discovered that relates to policy or legal violations
it must be immediately brought to the attention of Human Resources and the
Corporate Security Officer notified.

There are occasions where managers may request site entry and exit logs of
their employees for use in time and attendance tasks. This is accepted by
Company as a standard tool to ensure employees receive proper compensations.
Each site may determine its own policies concerning requesting and receiving
this information.

Share

Employee Privacy

Today I got my first new Surf Control box up and running at work.  During the configuration I noticed a few things about some employees I did not want to know.  So likely I will make it policy that one IT person per site is designated as the surf control admin with their backup being the designated admin from another site.  Those folks will be trained that only if something is requested through Human Resources can personally identifiable reports be generated and given to management.  Generic usage by volume, category etc is ok.  I just do not want this to turn into a witch hunt by supervisors or managers.

If it stays an issue I may mandate we redo our installations to work only in Privacy Mode.  This requires two passwords be entered to expose user details.  This is expected to usually be a management and labor representative.

Share