On Fri, 23 Jan 1998, conor coghlan wrote:
> if a firm chooses to monitor or publish use or block everything except
> approved sites, they are welcome to, but as this list knows, they will
> never be 100% successful in implementing whatever policy they choose to
> implement.
>
> the legal ramifications and consequences of specifically blocking some
> sites may lead to the interpretation that other sites (including other
> 'bad' sites that were missed or are new) are specifically permitted by
> management ("I'm not a lawyer, but I play one on TV....").
This thread is getting rather old, but I don't recall seeing this angle
mentioned here... Forget "everything". Seems to me (we don't do it here)
that it might be worthwhile, if you have a clear policy about such things,
that catching even half of the accesses and redirecting them to a reminder
of what the policy is and that accesses *are* logged could be useful in
reinforcing the message. You wouldn't have to bat 1.000 to be pretty
effective at getting your message across and, perhaps, instilling a little
"fear" concerning your monitoring capabilities and activities.
Liability? Perhaps you could compose the warning message to state that
the employee is responsible for following company policy and it is not
to be construed from this instance of an interception of a connection
to a known offending site that the company is able to or attempts to
enforce the policy automatically but rather relies on the good-faith
compliance of all employees with published company policy. Ask you
lawyer.
--
KH
References:
|
|
