Confidential Documentation and the role of the Sysadmin

backup

Solution 1:

My opinion on this may not be popular here but I think she's right, HR is a very specific role in most businesses, requiring one very key skill - absolute discretion. IT people have to have a very wide range of skills and while discretion is important it's not the 'be all and end all' that it is with HR. Typically recruitment of IT people is less thorough in this area too.

Perhaps there's a technical solution to this, how about getting your HR people to backup their own stuff to encrypted external disks that they own/manage/store?

Ultimately you have to protect yourself, if there's no way you could get at HR data then you're in the clear, if your management see that you've tried your best and provided as secure and private a means to functionally get your job done without exposing yourself to accusations of data prying then they'll be happy - even if the process is clunky and slow.

Basically don't be afraid to cover your own arse in this area - most people will understand and the HR people will appreciate that you're respecting their role and authority. Plus of course you should never piss off HR anyway, these ninny's help decide your fate for some crazy reason :)

Solution 2:

No. 1:

She has a point, but as you are trusted with other sensitive information you should be trusted with HR info as well. Explain you need access to backup the files.

No. 2:

I have full read access to my current systems. Everything gets backup and file access is logged. I've got more important things to worry about that poking through HR files, or finding how much the school spent on food for the school cat. In my previous workplace I was unable to view some of the Admin areas (but the network manager could).

No. 3:

enter image description here

Solution 3:

She is right, and so are you.

She is (maybe my law) obligated to protect these informations, you are directed to do your job.

Thats the dilemma.

Maybe you should offer her to reinstall her PC while she 's around you, so she can be sure her precious data is not compromised

Solution 4:

System Admins are trusted here, but all admin actions are logged. I don't know how much something like that would re-assure her - the logging of actions so it can be demonstrated that only the backup process is backing up this data, not you reading it for entertainment.

The other points to make is that as bad as it might be if you did read this stuff via the backups, firstly is she seriously saying that would be worse than the documents being lost forever because they were not backed up, and secondly that as HR director she should be able to ensure that any misuse of system admin privileges can be treated as gross misconduct.

Lastly, are you a member of the BCS / other IT Professional association? If so, these have members rules about ethics. If you're a member of such a professional association then pointing her to your professional ethics requirements might re-assure her.

Related

nginx without server_name and using only static ip address?
When do DNS queries use TCP instead of UDP? [duplicate]
How useful is mounting /tmp noexec?
How can I detect if a server is using SNI for HTTPS?
How to verify an imported GPG key
Is there a way to permanently set the font and window size in PuTTY?
PowerShell script, showing commands run
Is it possible to run sshd as a normal user?
Can't start php-cgi.exe - MSVCR110.dll is missing [closed]
How to get all fingerprints for .ssh/authorized_keys(2) file
Munin vs Nagios
Are arrays passed by value or passed by reference in Java? [duplicate]