Worker Fired For Removing App That Tracked Her 24 Hours A Day

They're not forcing her with anything. She either accept the device or don't.

Plaintiff Myrna Arias, a former Bakersfield sales executive for money transfer service Intermex,
Click to expand...

Think of the information on that device if it was every stolen. That company would end up on the news that millions of dollars in accounts could be breached due to a lost/stolen phone.

The risk of her losing such a device is extremely high. Federal regulations alone would supersede this.

If I were the admin, damn skippy she'd be fired for removing the software.
 
wgm3446 said:
Think of the information on that device if it was every stolen. That company would end up on the news that millions of dollars in accounts could be breached due to a lost/stolen phone.

The risk of her losing such a device is extremely high. Federal regulations alone would supersede this.

If I were the admin, damn skippy she'd be fired for removing the software.
Click to expand...

Perhaps they need to rethink their policies if all it would take is someone losing their phone to lose data. Personally I don't think it would be acceptable for there to be a compromise even if someone lost their laptop.

In any case, they won't know there's a problem until the user reports it stolen, so they shouldn't be tracking the user until they KNOW it's stolen.
 
It's out of their hands. SEC regulations, which has jurisdiction in this case, oversees that mobile devices have some sort of mobile management (in the form of tracking most cases). Companies have to be compliant to that regulation.

The company is following industry standards for mobile security as regulated and they have to go by the rules/law.
 
Didn't read the article, cuz fuck those guys.

Anyway.... they also probably can't install the app after it's stolen. Unless they said they were tracking her everywhere, for "creepy" reason, seems like a bad argument. On top of that, there's also the chance of it not working, and so they would have to check to see if it's working correctly.

And.... if that laptop had sensitive data? Like blueprints for a new plane, new technology research, the cure for cancer?
 
pothb said:
Didn't read the article, cuz fuck those guys.

Anyway.... they also probably can't install the app after it's stolen. Unless they said they were tracking her everywhere, for "creepy" reason, seems like a bad argument. On top of that, there's also the chance of it not working, and so they would have to check to see if it's working correctly.

And.... if that laptop had sensitive data? Like blueprints for a new plane, new technology research, the cure for cancer?
Click to expand...

No sensitive data should be stored on any device that leaves company property, period. Not even with company executives.
 
dandragonrage said:
No sensitive data should be stored on any device that leaves company property, period. Not even with company executives.
Click to expand...

In a Utopian Information Security world.

But we as Info Sec Admins know that this isn't possible, so this feature mitigates the risk.
 
Dandragonrage, that sounds fine to say, but that is not today's reality by a long shot. The tech invovled makes it reasonably secure as long as the safetys remain in place. In fact, I would argue that ALL sensative data leaves company property all the time because companies and government agencies do backups and physically transport those backups to off site storage facilities all the time. Wouldn't want a fire to wipe out your business now would we?

Proof; and Proof of why things like this tracking software is needed.
http://cdn.nextgov.com/nextgov/interstitial.html?v=2.1.1&rf=http%3A%2F%2Fwww.nextgov.com%2Fhealth%2F2011%2F09%2Fsaic-medical-records-for-49-million-tricare-beneficiaries-were-stolen%2F49858%2F
 
wgm3446 said:
In a Utopian Information Security world.

But we as Info Sec Admins know that this isn't possible, so this feature mitigates the risk.
Click to expand...

Yes, believe me, I know that nearly all users are terrible. Including, in many cases, people in IT and security who should know better.

This just means that companies need to have devices to offer to users that literally don't even give them the capability to locally store company information. The devices should be so locked down that the only way they can access anything sensitive is via VPN (or similar) with zero option to store anything locally.

Do we have options that are so secure? Not particularly. I understand that you are trying to make a real world argument. However, I just don't accept that tracking a user when they are off the clock as an acceptable practice even if they can't come up with anything better.
 
wgm3446 said:
After re-reading the document she worked for a wire transfer company. That device HAD to be tracked all the time if it was stolen.
Click to expand...
The issue wasn't her phone being tracked, it was her boss tracking her personal whereabouts and then sharing that personal information with clients.
 
kbrickley said:
This ... unless she was oncall 24x7 she could have just left the phone at home or the office ... companies have a lot of legal room on devices they issue (including also the monitoring of communications, if they so desire)
Click to expand...

Agreed. Most companies I've worked for made users sign a doc that basically boiled down to not expect any level of privacy especially on company issued equipment. My last employer allowed BYOD but users were warned that A) You are being monitored and B) Failure to comply or if you leave the company on bad terms, etc we would wipe the device.

Also any attempt to circumvent security or monitoring would result in termination.
 
dandragonrage said:
Yes, believe me, I know that nearly all users are terrible. Including, in many cases, people in IT and security who should know better.

This just means that companies need to have devices to offer to users that literally don't even give them the capability to locally store company information. The devices should be so locked down that the only way they can access anything sensitive is via VPN (or similar) with zero option to store anything locally.

Do we have options that are so secure? Not particularly. I understand that you are trying to make a real world argument. However, I just don't accept that tracking a user when they are off the clock as an acceptable practice even if they can't come up with anything better.
Click to expand...

They don't care about the user, they care about the device and the data that is on it, the user could play in traffic for all they care just as long as if she get's hit she calls in and reports her device is no longer in controlled possession of the employee.
 
mope54 said:
The issue wasn't her phone being tracked, it was her boss tracking her personal whereabouts and then sharing that personal information with clients.
Click to expand...

Yes, I would then agree with you that there was definitely misuse. The article focused more than tracking on a company device is ethically wrong.
 
On this I too agree, it's one thing for a business to comply with regulations and enforce compliance within their workforce, it's another thing entirely for a supervisor to take advantage of such requirements in order to play the creep.
 
The fact she could remove it on a work provided/managed phone - I would fire the admin.

Hell I am required to be on call 24\7 and my work won't pay for my cell phone, my internet or a mifi spot. If I want to get work email on my phone I have to pay for a more expensive data plan (getting work emails on my phone would make my job easier). I would gladly let them track me 24/7 if they paid for it.
 
wgm3446 said:
The risk of her losing such a device is extremely high. Federal regulations alone would supersede this.

If I were the admin, damn skippy she'd be fired for removing the software.
Click to expand...

Then the company's IT management are idiots. If it was that simple for her to remove the tracking software then any idiot could do it. This is why you have secure phones that are custom rooted, password encrypted, and remotely wipe able.

I've seen some phones with quite literally a self destruct mechanism that will burn themselves up if data access is attempted in an unauthorized way.
 
The real stick in the thorn was is appears the boss was necessarily accessing that data and then sharing that information with those who didn't need to. Definitely a NO NO
 
DigitalGriffin said:
The real stick in the thorn was is appears the boss was necessarily accessing that data and then sharing that information with those who didn't need to. Definitely a NO NO
Click to expand...

The real stick in the thorn was this: It appears the boss was unnecessarily accessing that data and then sharing that information with those who didn't need to. Definitely a NO NO

I swear I need to proof my post more before I hit that submit button.
 
Haven't we figured out already that as an employee.. especially a salaried or 24x7 on-call type... you have little rights? If it was a company phone and she was supposed to be on-call.. meh.

Really.. people are upset about this but we have people being fired for making social media comments, either against the company they work for or even just something that ruffles some feathers? Priorities I guess. To me, I could care less if my employer knows where I am, even in my off-time and I'm more concerned about them possibly monitoring my freedom of speech and personal beliefs...
 
Unless the court feels like writing bench law this suit is DOA.
California is an "at-will" state, which means employment can be terminated for any or no reason whatsoever -- unless the employer is dumb enough to make an issue of the employee being in a protected class.
 
You must log in or register to reply here.
Back
Top