Remix.run Logo
benny_s 3 hours ago

At least for the financial institutions on this list, I can say they have no other choice. Regulation forces them to log everything to avoid insider trading, etc. Any communication outside of their internal systems can't be logged and is therefore a compliance risk.

blitzar 2 hours ago | parent | next [-]

Been a sackable offence for over a decade in finance, I can not fathom why other sectors have been so slow to enforce some basic standards.

Recording every call, message (and in my office - thing you said at your desk) is mostly used for conflict resolution - when counterparties disagree you go to the tapes and see what was said. From there my word is my bond, it is done.

sigmoid10 3 hours ago | parent | prev [-]

GDPR guarantees a right to privacy even on work devices. I think you need to filter out personal messages if compliance requires logging.

raesene9 2 hours ago | parent | next [-]

It provides a right to privacy if the company allows personal messaging services on the device, but I don't think it provides a right to having personal messaging apps on the device(s).

Personally I think it's much cleaner to keep work stuff on your work device(s) and personal stuff on personal devices. The only place that gets sticky is where companies don't provide the device but want you to have work information on it (e.g. mobile phones)

wolvoleo 19 minutes ago | parent [-]

It is a right in EU to have some level of personal activity on work-supplied devices. This does not come from the GDPR but some other legislation. We had a call with HR about that only recently when some leader again suggested "just block xyz on work devices".

And if you don't want to use BYOD we are required to supply a phone if we require employees to use one (which we do, for MFA).

JoeBOFH 2 hours ago | parent | prev | next [-]

As much as I prefer the European way of some items. I think the American way of treating the work computer as a company asset and just locking it down to an insane degree makes way more sense. Especially for areas like finance.

nekusar 2 hours ago | parent [-]

Exactly this.

I've been in a lawsuit with Oracle (as engineer, not direct). And their discovery hit EVERYTHING.

If I used work devices for personal messages, my personal messages would absolutely been in scope.

Or if I used personal devices for work, my personal devices are now in scope. Hell NO!

My work laptop is on my personal network. Its also on its own vlan and can only talk to the imternet, and not fellow devices. And I can attest to that as much if I'm ever called in for a discovery hearing.

wolvoleo 18 minutes ago | parent | next [-]

Discovery doesn't work like that in Europe though. It's not nearly as all-encompassing. And personal messages definitely would not be in scope. I think this is one of the reasons there is so much difference in strategy.

When we get requests to "legal hold" an account for discovery, this is always coming from the US.

JoeBOFH an hour ago | parent | prev | next [-]

I have my work items on a separate network as well but my motivation is more not trusting some random item being pushed down from corp and having it scan my network or something.

wolvoleo 14 minutes ago | parent [-]

Yeah I'm about to do this too just to be safe.

Some of our antimalware like SentinelOne actually does this by default though we have switched it off for privacy reasons (EU)

sigmoid10 18 minutes ago | parent | prev [-]

That is more of a problem with the insane discovery system in the US than with anything else. If you had worked in Europe, GDPR would have protected your personal data from being sent over, as the Credit Suisse case has shown. They had to scrub all personal data before transferring files to a US counsel.

Ekaros an hour ago | parent | prev | next [-]

Not to forget many constitutions enshrining privacy of correspondence which extends to emails and instant messages. Lot of work done to poke holes on it but generally it still holds somewhat in many countries.

sib 2 hours ago | parent | prev [-]

Which is actually a good reason for entities subject to GDPR to forbid use of personal messaging apps on work devices... (And to forbid users to use work / official apps for personal messaging.)

wolvoleo 13 minutes ago | parent [-]

That sounds like a simple solution but it is not that simple, employees have a right to use work tools for personal reasons too within reason.

And GDPR explicitly forbids personal items to be released during discovery even to jurisdictions that require that.