If you have a new account but are having problems posting or verifying your account, please email us on [email protected] for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact [email protected]

Working from home and confidentiality

  • 03-09-2022 10:09am
    Registered Users Posts: 661 ✭✭✭Glenomra

    I have a relation who works in Revenue, in a busy family house on his computer on his kitchen table, regularly surrounded by family members. Even, when I walk in and have the coffee he keeps the computer active occasionally clicking a few buttons. He deals with the accounts of high earners, particularlythe self-employed. I am fascinated at the nonexistent controls Revenue have over its employees working from home. The most highly confidential information is easily accessible to any family member interested in same. Possession of that information could have profound implications for taxpayers who are totally unaware of how accessible their private financial information is. That to me is unforgivable negligence by Revenue

    Post edited by The_Conductor on



  • Registered Users Posts: 25,265 ✭✭✭✭Mrs OBumble

    That's why some employers insist that WFH is only for people with separate lockable offices. Unfortunately not many properties have them as yet.

  • Registered Users Posts: 661 ✭✭✭Glenomra

    i wonder why Revenue doesn't insist on same. If the behaviour I see regularly is commonplace then there are major legal implications down the track. wait until someone hears their private tax\financial situation been discussed arising from a data breach in the home.

  • Posts: 4,727 ✭✭✭ Davian Scruffy Shortchange

    Most offices these days are open plan and employees are walking away from their desks without locking their PCs with their password on a posit stuck to the monitor.

    Probably safer at home anyways.

    How likely is it that a family member would glance at your screen and see anything of any interest.

  • Registered Users Posts: 1,471 ✭✭✭kaymin

    Employees are subject to confidentiality clauses in their employment contracts. Bit of a difference.

  • Advertisement
  • Registered Users Posts: 25,265 ✭✭✭✭Mrs OBumble

    Well breaches happened before WFH, with secured workspaces.

    Staff are now WFH, in far less secured spaces.

    It ain't rocket science to know that humans will human.

    Every government agency has always had few of these types of cases each year.

  • Moderators, Business & Finance Moderators Posts: 9,440 Mod ✭✭✭✭Jim2007

    Well first of all who says they don’t? Secondly you are talking about one person you observed while popping in for a coffee and then jumping to conclusions… Were you able to clearly read their screen while drinking your coffee? Peruse that confidential documents that were casually left in front of you? Have they ever discussed the confidential details of their work with you or have you over heard them discussing them with other family members?

  • Registered Users Posts: 404 ✭✭Kurooi

    What is the risk here? Data on an individual has no value, no risk. Someone sees a random persons tax return, okay. In what scenario will this harm anyone?

    Someone physically glancing at a screen captures wild imaginations. Maybe we can talk investing into the data security side instead? As you worry about your relations family being secret gangland members who somehow figured out how to capitalize on a tax return, HSE is pretty much publishing our data. Is our revenue stored any better? mygov? Bet not.

  • Moderators, Music Moderators Posts: 19,718 Mod ✭✭✭✭Mr.S

    Well it's confidential / personal data - you would expect that only those at Revenue would be looking at it, not OP's brother when he's over for a pint and they giggle over how much money X person has. If there was malicious intent, there are additional risks.

    I would bet anything that Revenue actually has proper processes and procedures in place to support securely working from home, but employees can be lax, e.g writing down passwords, working when random people are in the house (most, if not all contracts have clauses in them around data protection and confidentiality - there is not some magical solution that can notify Revenue when the lads are over for a beer and the laptop is open, so it's on the employee to ensure this is followed or face the fall-out later on if something happens). At the end of the day if they are showing PII to people and are caught, they are fired. If they have the laptop open while you come over for a coffee, it's one of those things that shouldn't happen, but in reality - not that big of a deal unless your friends are in the business of selling trade secrets and leaking data.

  • Advertisement
  • Moderators, Business & Finance Moderators, Motoring & Transport Moderators, Society & Culture Moderators Posts: 64,964 Mod ✭✭✭✭L1011

    This really isn't an A&P issue. Moving to Legal.

  • Registered Users Posts: 2,639 ✭✭✭completedit

    So much nonsense surrounds this sort of stuff. Locking cabinets for confidentiality, closing laptops etc.

    I'm a random average Joe if am talking to people I'll disclose info I come across in work if I see fit, working from home or office makes no difference. We make up these rules and precautions as if the workplace exists in a vacuum. I regularly get access to confidential info. Who am I to handle such information? Our entire society depends on trust.

  • Moderators, Business & Finance Moderators Posts: 9,440 Mod ✭✭✭✭Jim2007

    I think you will find yourself very much in the minority. Most people these days knows the dangers of having their data published and are concerned about it and if you want to do business with them you need to show that you respect their concerns and comply with the data protection legislation. The question is why are you not?

  • Registered Users Posts: 2,639 ✭✭✭completedit

    Thr same people who wanted perpetual lockdowns. As a human being we have to act ethically. I'm not going to divulge personal info on someone that I come across in my line of work(within reason) but it makes no odds whether I am at home or in an office. Its pretend make believe performative to act like it makes a difference. We as a society have collectively have given up our privacy and this is only going to become more pronounced in the decades ahead.

  • Registered Users Posts: 920 ✭✭✭gauchesnell

    How do you actually know what is or isnt accessible. A laptop or PC being active does not mean you can actually access anything or even if you could actually do anything with that info. Is VPN required etc A laptop being on doesnt necessarily meahn anything. There is so much MFA these days.

  • Registered Users Posts: 7,000 ✭✭✭uch

    I worked for Revenue for 12 years and you have to sign a non negotiable official secrets act, so your relation could be going to prison 'If' they release any information


  • Registered Users Posts: 24,056 ✭✭✭✭Strumms

    When I did some remote working in other countries or here off site we had a fob, similar to this…

    you’d log is as normal..

    1. Employee ID
    2. Password
    3. FOB code like as above, retrieved from the FOB key. I think an OTP ( one time password ) was how it was referred.

    code changed every few minutes…

  • Registered Users Posts: 661 ✭✭✭Glenomra

    Interesting but I am outlining a case where an employee is working on Revenue cases in the same domestic room that family members and visitors are also using without any visual monitoring by Revenue. I don't know whether that practice is commonplace or not. All I'm highlighting is the potential for significant release of private confidential information.

  • Moderators, Business & Finance Moderators Posts: 9,440 Mod ✭✭✭✭Jim2007

    The thing is most people do take their work seriously and do act responsibly. And most people have pride in their work whether it’s the guy filling the vending machine or the person sitting at a desk in the office.

    We are living in an age where the propaganda are of the Ukrainian government uses social media and face recognition to let Russian mothers know their son is dead…. So to sum extent privacy is dead, but that doesn’t mean we should not try to respect people’s wishes and at least not be the source of the disclosure.

  • Moderators, Business & Finance Moderators Posts: 9,440 Mod ✭✭✭✭Jim2007

    What is actually interesting is that despite being asked twice now, what you actually saw or heard, you have chosen to ignore those questions. Your entire argument is based purely on supposition without either a shred of evidence or knowledge of the Revenue’s actual practices of procedures.

    All organizations involved in the handling of sensitive data have practices and procedures in place to protect that data and those involved in enforcing them, who might be on here are certainly not going to tell you about it. Over the past 35 years I have at various times been involved in enforcing Swiss banking secrecy, where it’s actually a criminal offense to disclose confidential data. Am I going to discuss how it’s done? Certainly not, to do so would weaken the system.

    Now unless you have got something more substantial than supposition it’s time to move on.

  • Advertisement
  • Registered Users Posts: 10,144 ✭✭✭✭Flinty997

    They'll have background systems that both log and check what people are looking at. Anything gets leaked they'll be able to see who looked at what and when. Pretty standard with large systems. They may also have systems to check unusual activity on their systems. User behavior and malicious.

    End users would only have limited access to data, only pertaining to their job. Likely have to request further permissions when required and those permissions likely deliberately expire after a set time.

  • Registered Users Posts: 1,297 ✭✭✭walterking

    Op shows a classic example of catastrophe syndrome.

  • Registered Users Posts: 10,144 ✭✭✭✭Flinty997

    It's the usual nonsensical rant against wfh.

  • Registered Users Posts: 5,286 ✭✭✭Princess Calla

    I suspect your relation thought you'd have enough cop on not to be looking at their work computer.

    Left it open as an unconscious sign of trust.

    Would you look through their phone if it was left open?

    I'd imagine on day 1 of working from home the family were warned to stay away from the laptop.

    They are not the only ones working at the kitchen table not everyone has the space for a designated office.

  • Probably watched a few movies where someone swoops in with a flash drive and downloads the contents of a computer in seconds .... it doesn't actually work that way.

  • Registered Users Posts: 25,265 ✭✭✭✭Mrs OBumble

    Eh? I thought we lived in an age of quiet-quittting, where most people do the bare minimum.

    The way people here are treating the issue, I guess you have never worked in HR or been a union delegate: people who should have known better occasionally do very dumb things.

    And it doesn't tale hundreds of people's data being leaked to cause an issue: inappropriate a access to even one fact about someone is a problem Agencies need to have policies about, and also monitoring and enforcement tools. Which ye would hate.

  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 89,382 Mod ✭✭✭✭Capt'n Midnight

    Census absolutely insisted on that long before Covid.

  • Registered Users Posts: 10,144 ✭✭✭✭Flinty997

    Who the heck has friends and family over for coffee. Then sits there clicking a work computer. No one.

  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 89,382 Mod ✭✭✭✭Capt'n Midnight

  • Advertisement
  • Registered Users Posts: 10,144 ✭✭✭✭Flinty997

    Those stories have got nothing to do with this one