Comment Re:ignores (Score 1) 246
You can't be liable for having knowledge of information that people couldn't be bothered to encrypt. Executives can be lazy with their data and you can't be expected to do special efforts when they didn't do any to begin with.
I completely disagree. It is in fact your job to assist in this if you are IT. You are in a trusted position and if you gain access to something due to that trust, it is a duty to keep that trust (unless it reveals something so unconscionable that you have to remove yourself from that position of trust).
The rest, I agree with. An example was not something that happened to me but to a lawyer in a firm I administrated. The IT for another law firm for the plaintiffs in a lawsuit was having drinks bragging about some things he saw. He was making the statements as if in idolization of a couple of the lawyers at the firm. Turns out, one of the defendants of the same suit was there also and over heard some of the conversations. This led to finding evidence that completely nullified the lawsuit as the contract had been essentially broken but not officially broken by the plaintiffs before the breach in question they were suing over. In essence, the plaintiffs wanted out of a contract and were taking steps to void it before those steps ended up causing a failure in another party to the contract from delivering. Their steps to secure resources when they voided the contract removed the availability of resources from the market making the defendant in default of the contract obligations. Instead of voiding the contract, they decided to sue for the breach to recover expenses of setting up their in house facilities to do the contract work themselves- which they planned to do all along.
So even just telling friends outside of the job can cause things to come back at awkward moments. You have to forget you even noticed the information.