Termination and Use of Passwords

Are there any laws against use of passwords by former employees who are terminated or leave the company? I know the #1 rule is to cancel all passwords, but if for some reason and employee had another password unkown to us, do we have any criminal recourse? Especially if there is no harm done?

Comments

  • 7 Comments sorted by Votes Date Added
  • A person can use any password he dreams up unless some systemic control blocks it as being a duplicate, too long or too short. However, I guess what you're really concerned about is him accessing your company's system.(??). If that's the problem, you have a legal issue. If he instead is taking his password along with him and it might even contain the company's name, you probably have no recourse. Just my opinion, nothing legal of course.
  • Believe it is the company's responsibility to ensure any potential security breach can not happen.
  • Indeed, but if an ex-employee is fraudulently entering the company computer it will be a criminal matter if pursued properly.
  • Thanks for everyone's input. So I think we all agree so far that it is truly the responsability of the company to ensure all passwords are cancelled so as not to allow a breach (which is fine with me) We have not had an issue but there was debate as to who was responsible. Our concern is that IT delays in cancelling passwords and we really are the ones (the Co.) responsible for securing our own info. I have not heard of any truly legal recourse against employees, for using passwords they know as part of the position, to gain access to company info (of course this is if there is no damage or harm done such as money stolen, etc)

    Anyone out there with any specific legal knowledge of this?
  • Our
    >concern is that IT delays in cancelling passwords and we really are
    >the ones (the Co.)
    Aside from legal concerns, the IT employee who has this practice should either be counseled or fired. IT has an immediate responsibility to come into play and should generally know who is going to terminate and when to pull their plug, preferrably at the moment of termination, sometime before, but NEVER long after. There should be a sense of urgency. This is not one some IT staffer should be able to prioritize! I realize they are messing with speakers and stuff and looking at the catalog of new monitors, but this should take precedence.
  • There would be legal recourse in a civil sense. You could sue the employee to enjoin further use. But that would be very expensive and probably only worth your while if you thought the employee was taking or accessing confidential information or trade secrets. If that is why the employee is accessing the system, then I suggest you consider suing. Most are probably just accessing the system to check emails.

    Also, you might want to warn the employee during out processing that he or she cannot access the system and to do so could subject them to criminal or civil liability.

    But, easier and cheaper for the company would be to insist that IT change the passwords right away. They are delaying because the company allows them to.

    Good Luck!


  • And I thought my IT people were the only ones too busy reading everyone else's e-mails to actually get passwords cancelled!
Sign In or Register to comment.