The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Employee Use of Peer-to-Peer Software Presents Data Security Concerns

Leave a comment

The data security risks involved in the installation of peer-to-peer file-sharing software on corporate computers were demonstrated by a recent security breach incident at a major pharmaceutical company that was traced to the use of unauthorized P2P software on a company laptop. The data security breach occurred when an employee’s spouse installed the software on a laptop provided by the company for the employee’s use at home. According to the company’s letter notification to its affected employees, the names, social security numbers, and, in some cases, addresses and bonus information of some 17,000 present and former employees could have been accessed and copied by third parties via the P2P software. Now the company is being sued by its employees in a putative class action.

At about the same time, Rep. Henry Waxman held hearings in Washington on July 24, and concluded that the use of such software in government and corporate environments is a "national security threat." Tests conducted by his staff using popular P2P applications revealed that a multitude of varieties of sensitive corporate information is inadvertently made available on P2P file-sharing networks.

The security breach incident, and the results of Rep. Waxman’s tests, underscore the importance of having, and enforcing, data security policies in the corporate environment. A properly drafted security policy should include the following:

  • Provisions prohibiting the installation of unauthorized software on all company computers, specifically including laptops and other computers provided by the company for use in the home environment.
  • Provisions prohibiting the use of company-provided computer equipment by anyone other than the company employee.

Advertisements

Author: ABA Antitrust

Learn more about the ABA Section of Antitrust Law: http://ambar.org/antitrust

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s