Working from home and confidentiality

Glenomra · 03-09-2022 11:09am #1

I have a relation who works in Revenue, in a busy family house on his computer on his kitchen table, regularly surrounded by family members. Even, when I walk in and have the coffee he keeps the computer active occasionally clicking a few buttons. He deals with the accounts of high earners, particularlythe self-employed. I am fascinated at the nonexistent controls Revenue have over its employees working from home. The most highly confidential information is easily accessible to any family member interested in same. Possession of that information could have profound implications for taxpayers who are totally unaware of how accessible their private financial information is. That to me is unforgivable negligence by Revenue

Mrs OBumble · 03-09-2022 11:31am

That's why some employers insist that WFH is only for people with separate lockable offices. Unfortunately not many properties have them as yet.

Glenomra · 03-09-2022 1:18pm

https://www.boards.ie/discussion/comment/119564033#Comment_119564033

i wonder why Revenue doesn't insist on same. If the behaviour I see regularly is commonplace then there are major legal implications down the track. wait until someone hears their private tax\financial situation been discussed arising from a data breach in the home.

03-09-2022 1:38pm

Most offices these days are open plan and employees are walking away from their desks without locking their PCs with their password on a posit stuck to the monitor.

Probably safer at home anyways.

How likely is it that a family member would glance at your screen and see anything of any interest.

Ash.J.Williams · 03-09-2022 2:28pm

https://www.boards.ie/discussion/comment/119564591#Comment_119564591

In an auditable office sticking your password on a postit is sackable

kaymin · 03-09-2022 2:55pm

https://www.boards.ie/discussion/comment/119564591#Comment_119564591

Employees are subject to confidentiality clauses in their employment contracts. Bit of a difference.

03-09-2022 2:59pm

https://www.boards.ie/discussion/2058261698/working-from-home-and-confidentiality

And yet, after 2+ years of WFH we have yet to have heard any reports of any such leaks.

🥱🥱🥱🥱

Mrs OBumble · 03-09-2022 3:08pm

https://www.boards.ie/discussion/comment/119565127#Comment_119565127

Well breaches happened before WFH, with secured workspaces.

https://www.irishtimes.com/news/crime-and-law/three-inquiries-on-alleged-social-protection-privacy-breaches-1.2683136

Staff are now WFH, in far less secured spaces.

It ain't rocket science to know that humans will human.

Every government agency has always had few of these types of cases each year.

Jim2007 · 03-09-2022 3:16pm

https://www.boards.ie/discussion/comment/119564499#Comment_119564499

Well first of all who says they don’t? Secondly you are talking about one person you observed while popping in for a coffee and then jumping to conclusions… Were you able to clearly read their screen while drinking your coffee? Peruse that confidential documents that were casually left in front of you? Have they ever discussed the confidential details of their work with you or have you over heard them discussing them with other family members?

Kurooi · 03-09-2022 5:08pm

What is the risk here? Data on an individual has no value, no risk. Someone sees a random persons tax return, okay. In what scenario will this harm anyone?

Someone physically glancing at a screen captures wild imaginations. Maybe we can talk investing into the data security side instead? As you worry about your relations family being secret gangland members who somehow figured out how to capitalize on a tax return, HSE is pretty much publishing our data. Is our revenue stored any better? mygov? Bet not.

L1011 · 03-09-2022 6:54pm

This really isn't an A&P issue. Moving to Legal.

completedit · 03-09-2022 7:13pm

So much nonsense surrounds this sort of stuff. Locking cabinets for confidentiality, closing laptops etc.

I'm a random average Joe if am talking to people I'll disclose info I come across in work if I see fit, working from home or office makes no difference. We make up these rules and precautions as if the workplace exists in a vacuum. I regularly get access to confidential info. Who am I to handle such information? Our entire society depends on trust.

Jim2007 · 03-09-2022 7:44pm

https://www.boards.ie/discussion/comment/119566379#Comment_119566379

I think you will find yourself very much in the minority. Most people these days knows the dangers of having their data published and are concerned about it and if you want to do business with them you need to show that you respect their concerns and comply with the data protection legislation. The question is why are you not?

completedit · 03-09-2022 7:49pm

Thr same people who wanted perpetual lockdowns. As a human being we have to act ethically. I'm not going to divulge personal info on someone that I come across in my line of work(within reason) but it makes no odds whether I am at home or in an office. Its pretend make believe performative to act like it makes a difference. We as a society have collectively have given up our privacy and this is only going to become more pronounced in the decades ahead.

gauchesnell · 04-09-2022 1:09am

https://www.boards.ie/discussion/2058261698/working-from-home-and-confidentiality

How do you actually know what is or isnt accessible. A laptop or PC being active does not mean you can actually access anything or even if you could actually do anything with that info. Is VPN required etc A laptop being on doesnt necessarily meahn anything. There is so much MFA these days.

uch · 04-09-2022 1:47am

https://www.boards.ie/discussion/2058261698/working-from-home-and-confidentiality

I worked for Revenue for 12 years and you have to sign a non negotiable official secrets act, so your relation could be going to prison 'If' they release any information

Strumms · 04-09-2022 1:56am

When I did some remote working in other countries or here off site we had a fob, similar to this…

you’d log is as normal..

Employee ID
Password
FOB code like as above, retrieved from the FOB key. I think an OTP ( one time password ) was how it was referred.

code changed every few minutes…

Glenomra · 04-09-2022 6:49am

https://www.boards.ie/discussion/comment/119567887#Comment_119567887

Interesting but I am outlining a case where an employee is working on Revenue cases in the same domestic room that family members and visitors are also using without any visual monitoring by Revenue. I don't know whether that practice is commonplace or not. All I'm highlighting is the potential for significant release of private confidential information.

Jim2007 · 04-09-2022 7:34am

https://www.boards.ie/discussion/comment/119566591#Comment_119566591

The thing is most people do take their work seriously and do act responsibly. And most people have pride in their work whether it’s the guy filling the vending machine or the person sitting at a desk in the office.

We are living in an age where the propaganda are of the Ukrainian government uses social media and face recognition to let Russian mothers know their son is dead…. So to sum extent privacy is dead, but that doesn’t mean we should not try to respect people’s wishes and at least not be the source of the disclosure.

Jim2007 · 04-09-2022 7:57am

https://www.boards.ie/discussion/comment/119568006#Comment_119568006

What is actually interesting is that despite being asked twice now, what you actually saw or heard, you have chosen to ignore those questions. Your entire argument is based purely on supposition without either a shred of evidence or knowledge of the Revenue’s actual practices of procedures.

All organizations involved in the handling of sensitive data have practices and procedures in place to protect that data and those involved in enforcing them, who might be on here are certainly not going to tell you about it. Over the past 35 years I have at various times been involved in enforcing Swiss banking secrecy, where it’s actually a criminal offense to disclose confidential data. Am I going to discuss how it’s done? Certainly not, to do so would weaken the system.

Now unless you have got something more substantial than supposition it’s time to move on.

Flinty997 · 04-09-2022 8:11am

https://www.boards.ie/discussion/comment/119568006#Comment_119568006

They'll have background systems that both log and check what people are looking at. Anything gets leaked they'll be able to see who looked at what and when. Pretty standard with large systems. They may also have systems to check unusual activity on their systems. User behavior and malicious.

End users would only have limited access to data, only pertaining to their job. Likely have to request further permissions when required and those permissions likely deliberately expire after a set time.

walterking · 04-09-2022 8:20am

Op shows a classic example of catastrophe syndrome.

Flinty997 · 04-09-2022 8:39am

It's the usual nonsensical rant against wfh.

Princess Calla · 04-09-2022 8:40am

https://www.boards.ie/discussion/comment/119568006#Comment_119568006

I suspect your relation thought you'd have enough cop on not to be looking at their work computer.

Left it open as an unconscious sign of trust.

Would you look through their phone if it was left open?

I'd imagine on day 1 of working from home the family were warned to stay away from the laptop.

They are not the only ones working at the kitchen table not everyone has the space for a designated office.

04-09-2022 11:03am

Probably watched a few movies where someone swoops in with a flash drive and downloads the contents of a computer in seconds .... it doesn't actually work that way.

Mrs OBumble · 04-09-2022 1:25pm

https://www.boards.ie/discussion/comment/119568033#Comment_119568033

Eh? I thought we lived in an age of quiet-quittting, where most people do the bare minimum.

The way people here are treating the issue, I guess you have never worked in HR or been a union delegate: people who should have known better occasionally do very dumb things.

And it doesn't tale hundreds of people's data being leaked to cause an issue: inappropriate a access to even one fact about someone is a problem Agencies need to have policies about, and also monitoring and enforcement tools. Which ye would hate.