Should I do something unethical/possibly illegal if asked by management?Bring up a candidate's possibly unethical work experience in interview?How to disclose negative information about a candidate when I'd rather not reveal its source?How to convince management of changing unethical billing practices?

Why in most German places is the church the tallest building?

Why were movies shot on film shot at 24 frames per second?

Compelling story with the world as a villain

Algorithms vs LP or MIP

Why did this happen to Thanos's ships at the end of "Avengers: Endgame"?

How to use "Du hast/ Du hattest'?

Would it be possible to have a GMO that produces chocolate?

Is there any practical application for performing a double Fourier transform? ...or an inverse Fourier transform on a time-domain input?

How to respectfully refuse to assist co-workers with IT issues?

Earth rotation discrepancy

Is “I am getting married with my sister” ambiguous?

Was Switzerland really impossible to invade during WW2?

What to say to a student who has failed?

What is the hex versus octal timeline?

What is this symbol: semicircles facing eachother

Why different interest rates for checking and savings?

Are there any music source codes for sound chips?

Are illustrations in novels frowned upon?

Mathematical uses of string theory

Fried gnocchi with spinach, bacon, cream sauce in a single pan

Did the British navy fail to take into account the ballistics correction due to Coriolis force during WW1 Falkland Islands battle?

Non-visual Computers - thoughts?

C++20 constexpr std::copy optimizations for run-time

Why is less being run unnecessarily by git?

Should I do something unethical/possibly illegal if asked by management?

Bring up a candidate's possibly unethical work experience in interview?How to disclose negative information about a candidate when I'd rather not reveal its source?How to convince management of changing unethical billing practices?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

I work in the information security department of a fairly big transportation company. Recently, my team leader added me and my colleague to a WhatsApp group and told us to gather as much as information as possible about a couple of members of the public who criticized the company on a social platform. They want us to gather every information we can find online ("even shoe sizes") and create separate reports for each person that criticized the company.

According to my team leader, this request came from the upper management and we should finish the task quickly. But I feel like this request is unethical and maybe even illegal according to the law. My team leader doesn't come from an information security background, so he doesn't have the technical capabilities to do this himself. Nor has he any ethical problems with the task, it seems to me that he just wants to please upper management.

I have been finding excuses to not do the task, but my team leader is pressuring me to do it. I can't lose my job because economy is really bad here right now. But I also don't want to lose my self-respect or commit a crime.

I am in a dilemma. One part of me says I am overreacting and should just do the task, but another other side of me feels like this is wrong and I should decline this request, no matter the consequences. I believe talking to my team leader about my concerns wouldn't work because he wouldn't listen to me and he would just try to persuade me to do it.

Should I do the work anyways? Should I refuse and report this to HR/someone else?

edited Aug 13 at 13:49

schizoid04

4,3004 gold badges12 silver badges36 bronze badges

asked Aug 10 at 15:52

SoonToBeUnemployed

3941 gold badge2 silver badges8 bronze badges

1

Comments are not for extended discussion; this conversation has been moved to chat.

– Mister Positive♦
Aug 12 at 21:10

add a comment |

Should I do the work anyways? Should I refuse and report this to HR/someone else?

edited Aug 13 at 13:49

schizoid04

4,3004 gold badges12 silver badges36 bronze badges

asked Aug 10 at 15:52

SoonToBeUnemployed

3941 gold badge2 silver badges8 bronze badges

1

Comments are not for extended discussion; this conversation has been moved to chat.

– Mister Positive♦
Aug 12 at 21:10

add a comment |

Should I do the work anyways? Should I refuse and report this to HR/someone else?

edited Aug 13 at 13:49

schizoid04

4,3004 gold badges12 silver badges36 bronze badges

asked Aug 10 at 15:52

SoonToBeUnemployed

3941 gold badge2 silver badges8 bronze badges

Should I do the work anyways? Should I refuse and report this to HR/someone else?

ethics legal

edited Aug 13 at 13:49

schizoid04

4,3004 gold badges12 silver badges36 bronze badges

asked Aug 10 at 15:52

SoonToBeUnemployed

3941 gold badge2 silver badges8 bronze badges

edited Aug 13 at 13:49

schizoid04

4,3004 gold badges12 silver badges36 bronze badges

asked Aug 10 at 15:52

SoonToBeUnemployed

3941 gold badge2 silver badges8 bronze badges

edited Aug 13 at 13:49

schizoid04

4,3004 gold badges12 silver badges36 bronze badges

edited Aug 13 at 13:49

schizoid04

4,3004 gold badges12 silver badges36 bronze badges

edited Aug 13 at 13:49

schizoid04

4,3004 gold badges12 silver badges36 bronze badges

asked Aug 10 at 15:52

SoonToBeUnemployed

3941 gold badge2 silver badges8 bronze badges

asked Aug 10 at 15:52

SoonToBeUnemployed

3941 gold badge2 silver badges8 bronze badges

asked Aug 10 at 15:52

SoonToBeUnemployed

3941 gold badge2 silver badges8 bronze badges

1

Comments are not for extended discussion; this conversation has been moved to chat.

– Mister Positive♦
Aug 12 at 21:10

add a comment |

1

Comments are not for extended discussion; this conversation has been moved to chat.

– Mister Positive♦
Aug 12 at 21:10

Comments are not for extended discussion; this conversation has been moved to chat.

– Mister Positive♦
Aug 12 at 21:10

add a comment |

7 Answers
7

active

oldest

votes

Just putting aside the ethical aspects here, there are very real legal considerations.

In many jurisdictions, the work done by private investigators is regulated, with training and licencing mandatory. I assume you've had no training around the types of information you are legally allowed to store, and to what lengths you are to go to in order to collect it.

In addition, there are legal requirements (for example GDPR) that must be adhered to when obtaining information about an individual. For instance, with section 14 of the GDPR, you are required to inform the person you are collecting information on them and the purpose of this data collection (of which you don't seem to be aware). (Interestingly there are exceptions in the case of investigations, but it gets very complicated.) Now, the GDPR may or may not apply to you, but are you well placed to understand your legal requirements in this area?

This is a very complex area, and I wouldn't feel comfortable wading into it on the basis of a Whatsapp conversation. In addition, the lack of a paper trail and, I assume, documentation on how the data is to be stored does not look good.

If I was in your position, I would probably try to have a conversation, face-to-face if possible, with someone from the legal department (you say it's a large transportation company so I'm guessing there is a legal department). They may advise against doing the work, which gives you a concrete reason to push back. However, this is no substitute for getting your own personal legal advice.

It's important you don't send anything in writing indicating that you will do the work until you are sure such work is legal.

edited Aug 11 at 15:44

11684

1033 bronze badges

answered Aug 10 at 16:48

Gregory Currie

12.8k10 gold badges48 silver badges67 bronze badges

58

Thank you Gregory. I am sure the data that would have been gathered would contain GDPR sensitive stuff. This is very shady. I will tell my team-leader I won't do it, if it comes down to me being fired well I stood up for what I believed in.

– SoonToBeUnemployed
Aug 10 at 17:06

10

There shouldn't be any question of firing, if what you're being asked to do is illegal. (Of course, how much protection you get will depend on which jurisdiction you're in.) Though whether you'd want to continue working for such a company is another question…

– gidds
Aug 11 at 10:42

15

The GDPR has, I was astonished myself, consequences outside the EU as well: for example if the data deals with EU citizens, then regardless where it is stored, some parts of the GDPR are applicable.

– Willem Van Onsem
Aug 11 at 13:51

5

"Hey, Team Leader, I don't know whether this is ethical, but I'm pretty sure I'm too mature to participate in childish nonsense like this."

– B. Goddard
Aug 11 at 18:11

20

If you get fired over this, then you're in a perfect position to sue them for wrongful dismissal. But check yourown legal advice for that in your jurisdiction, and make sure you have evidence to show. Could turn out to be more lucrative than staying working for them!

– gbjbaanb
Aug 11 at 18:37

|
show 11 more comments

Recently, my team leader added me and my colleague to a Whatsapp group and told us to gather as much as information about a couple of people

This is big red alert to me, and the request looks completely unethical. If your team lead wanted you to get information for any official purpose, why is he not using office emails or messaging? How does a Whatsapp group substitute for an official mode of communication?

gather every information we can find online ("even shoe sizes")

This looks like a case of snooping on an individual to me for the team leader's personal agenda - and that is not what information security needs to be doing.

Can you please provide insight to me on what to do here?

CYA. Leave a mail trail, keep asking questions over email (Like which profiles need to be watched for, what information needs to be collected, are there any leads from previous investigation, any time window to look out for etc). If he gives a go ahead over email but you still have concerns, don't hesitate from looping in your skip level manager for FYI. In case you are not satisfied with the answers you get, ask them if they have a sign-off from the legal team (this usually gives cold feet to many ill thought ideas).

Fulfill this request only if you get directions on the proper channel with everyone being on the same page.

edited Aug 10 at 16:31

answered Aug 10 at 16:08

mu 無

2,11211 silver badges20 bronze badges

15

Before even leaving a paper trail, the OP should consult a professional.

– Jeffrey
Aug 10 at 16:16

1

I think you made some confusion - the team lead added OP to a Whatsapp group to gather information of individuals in that group, not to communicate with OP.

– Marc.2377
Aug 12 at 5:50

Also, recommending OP produces paper trail without getting legal advice first is a terrible idea. If the team lead is anything but stupid (which we should assume he is not), he'll quickly figure out OP's intentions and OP will likely be fired for "no apparent reason".

– Marc.2377
Aug 12 at 5:53

10

@Marc.2377 are you sure? I read it as the Whatsapp group being for communication (outside official office mail, probably). I can't see anything that would indicate that the targetted people are in that whatsapp group.

– Syndic
Aug 12 at 10:55

Why such emphasis on "paper trail" - 2019 version of reality WhatsApp is paper trail.

– Mars Robertson
Aug 12 at 14:21

add a comment |

This is definitely an interesting situation...and not at all a pleasant one.

You’re not overreacting. This is definitely a unmoral task given to you, or rather to the team lead, that was delegated to you.

What the company plans to do with said information is hard to know, but they will probably go on some kind of smear campaign, to publicly discredit the critics if they decide to do anything...or use it for blackmail. Depending on your country this can be highly illegal and linked back to you...assuming anyone cares that is.

This info depending on what you can find, could be used in the extreme cases to ruin their lives, or just embarrass them...or nothing at all depending on what you find.

So what are your choices? Do you feel like you can live with the idea that you personally will be responsible for supplying information on people for a corporations vendetta against normal people who criticize what the company you work for does? ( seems like the critics might have been criticizing for a good reason)

Or do your ethics say, ‘holy snap, i don’t want to work for a company that might want to ruin other peoples lives’ ?

Would the guilt of this action be something you can live with?

Unfortunately times are tough where you are so its hard to say quit right now and start looking, (though i suggest you do that anyways, cause the company you work for seems shady) but in the end its your choice.

As a tip, companies willing to be shady to the public, rarely have issues doing the same to their employees...especially using their employees as scapegoats.

Your other option is to do the work, but turn up with no information, you’re the expert afterall...you just couldnt find anything..., or do the task and whistleblow to the papers afterwards. Or go to the police...of course with documented evidence. Ensure the job you’re given is in emails or some written form, print and keep those locked away sonewhere, encase you need them.

Whistle blowing is also potentially dangerous or career ruining...so be careful about that.

I would stand my ground and refuse to do it and starting looking for another job.

answered Aug 10 at 16:17

morbo

1,1891 gold badge1 silver badge9 bronze badges

A well known ride sharing company did this kind of thing and seriously damaged their brand. You're being asked, by a company executive, to do something that could be really bad for the company.

– O. Jones
Aug 12 at 20:50

add a comment |

There is a comment above by @Bob Jarvis

If a job isn't worth doing, it's not worth doing well. Couple that with the fact that names are far more common that you'd think. I suggest that you find information about the "person" you've been tasked to track which is innocuous, uninteresting, non-pictorial in nature, and which is actually about three or four different people, none of whom are the person who works for your company. If someone criticizes the information, shrug your shoulders and point out that you're not a trained investigator.

I agree, this is a good time to do a half-assed job.

Get their public social media information, organize it into a good looking report, and turn it in. Job done.

If they ask for more, tell them to write down specifically what they want.

Edit:

Comments make a good point that this is less than ethical, and depending on copyright law, perhaps illegal. However, this method allows one to avoid disagreement with supervisors, and perhaps retain an otherwise decent job.

edited Aug 12 at 8:44

answered Aug 12 at 5:15

axsvl77

3501 silver badge7 bronze badges

5

No. This is a good time to do no work at all. "but judge, I did a really half-assed job when it came to breaking the law, surely you should be more lenient on me for being an incompetent criminal?"

– Stun Brick
Aug 12 at 8:24

4

Reprinting publicly available information is not law breaking.

– axsvl77
Aug 12 at 8:29

2

@axsvl77 That's wrong. For one, is copyright infringement. In addition, as I mentioned below, the collection and storing of personal information (even public information) can be regulated by law (for example with the GDPR).

– Gregory Currie
Aug 12 at 8:42

I was more making an appeal to ethics than law, but I understand throwing a judge in the situation confused the analogy.

– Stun Brick
Aug 12 at 8:42

1

@axsvl77 analogy

– Stun Brick
Aug 12 at 10:08

|
show 2 more comments

If you're gathering information that is publicly available then it probably isn't illegal.

Is it unethical? That depends on your personal definition of ethics. Assuming that this information is publicly available, how is this any different from you collecting information on your favorite author, or actor, or gathering information about the CEO of a large company? Have you been specifically asked to break the law? Have you been asked to collect information that isn't publicly available and that can only be gained illegally?

Whether or not it's ethical is in the context and in the intended purpose for collecting this information. Is it distasteful? Yes. Is it illegal? Probably not. Is it unethical? To some yes, to others, no. Would I do it? I'd find any and every reason I could for not doing it.

Are you willing to lose your job for taking a stand in opposition to this request? Sometimes we pay a price for adhering to our own moral and ethical compass. Are you willing to "die on this hill"?

answered Aug 10 at 16:31

joeqwerty

10.8k3 gold badges17 silver badges47 bronze badges

Thank you for your insight. I just feel like If I do this, I would be just pleasing some power-maniac, egoist upper-management guy. Also next time they will ask more shady things. It looks like it's time to move on to more professional companies I suppose.

– SoonToBeUnemployed
Aug 10 at 16:49

18

With the GDPR, the handling of personal information (even public information) is very heavily regulated. So the legal question is very much a question.

– Gregory Currie
Aug 10 at 16:55

1

@GregoryCurrie although the GDPR has become something of a defacto industry standard (which is a good thing) a lot of us aren't actually subject to it. As they say, it depends.

– Jared Smith
Aug 11 at 11:45

5

@JaredSmith Well, GDPR is underpinned by law in several countries, so it's more like law than an industry standard.

– Gregory Currie
Aug 11 at 12:00

@GregoryCurrie again, it just depends. If you're in the US, and you don't do business with or hire or gather data about any EU citizens/California residents, then you aren't subject. I realize that's an increasingly small group of entities, but for instance my workplace isn't subject to the GDPR.

– Jared Smith
Aug 11 at 12:46

|
show 3 more comments

Before making any decision, you need to consult with an external legal professional to make sure what you would be doing would not also be illegal, in addition to unethical.

You need this person to be licensed profesionnal because you'll need to provide him/her with information that could prove illegal behaviour from your company. Only a licensed professional will then be protected if/when the behaviour is exposed by someone else.

answered Aug 10 at 16:07

Jeffrey

1,8171 gold badge5 silver badges16 bronze badges

add a comment |

Give them an honest, professional answer describing what you can do:

For sure I can use information which was published to create a dossier/dossiers, but this would not include information which is not completely public, like informations from closed facebook groups etc.

It is for hard to collect more information, but I think it would be better for the company to have plausible deniability should something this come to light by one way or the other. I would suggest that these tasks is outsourced to professionals (private investigators), who should be well-versed in what is allowed here and what not.

answered Aug 10 at 16:31

Sascha

11.6k2 gold badges25 silver badges49 bronze badges

Hear no evil, see no evil. The company will just use someone else, your point would be dismissed

– Jeffrey
Aug 10 at 16:50

10

My observation is that in the moment when you force somebody to actually put his signature below something dubious and thus enforce liability, they suddenly are much more careful in what they ask for.

– Sascha
Aug 10 at 16:53

@Jeffrey My colleague did his part without complaining. I tried to voice my concerns to him but it seems like it's not a big deal to him.

– SoonToBeUnemployed
Aug 10 at 17:12

Yeah, that's what make this answer not to useful

– Jeffrey
Aug 10 at 17:52

1

@Jeffrey: That's why OP needs to forward the team leader's request to the company's legal department asking for an opinion on whether it can be done. Then legal will already be aware after OP says no and they try to get someone else to do it.

– R..
Aug 11 at 17:33

add a comment |

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "423"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: false,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f141964%2fshould-i-do-something-unethical-possibly-illegal-if-asked-by-management%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

StackExchange.ready(function ()
$("#show-editor-button input, #show-editor-button button").click(function ()
var showEditor = function()
$("#show-editor-button").addClass("d-none");
$("#post-form").removeClass("d-none");
StackExchange.editor.finallyInit();
;

var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True')
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');

$(this).loadPopup(
url: '/post/self-answer-popup',
loaded: function(popup)
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');

pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);

)
else
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true)
showEditor();

);
);

7 Answers
7

active

oldest

votes

7 Answers
7

active

oldest

votes

Just putting aside the ethical aspects here, there are very real legal considerations.

It's important you don't send anything in writing indicating that you will do the work until you are sure such work is legal.

edited Aug 11 at 15:44

11684

1033 bronze badges

answered Aug 10 at 16:48

Gregory Currie

12.8k10 gold badges48 silver badges67 bronze badges

58

Thank you Gregory. I am sure the data that would have been gathered would contain GDPR sensitive stuff. This is very shady. I will tell my team-leader I won't do it, if it comes down to me being fired well I stood up for what I believed in.

– SoonToBeUnemployed
Aug 10 at 17:06

10

There shouldn't be any question of firing, if what you're being asked to do is illegal. (Of course, how much protection you get will depend on which jurisdiction you're in.) Though whether you'd want to continue working for such a company is another question…

– gidds
Aug 11 at 10:42

15

The GDPR has, I was astonished myself, consequences outside the EU as well: for example if the data deals with EU citizens, then regardless where it is stored, some parts of the GDPR are applicable.

– Willem Van Onsem
Aug 11 at 13:51

5

"Hey, Team Leader, I don't know whether this is ethical, but I'm pretty sure I'm too mature to participate in childish nonsense like this."

– B. Goddard
Aug 11 at 18:11

20

If you get fired over this, then you're in a perfect position to sue them for wrongful dismissal. But check yourown legal advice for that in your jurisdiction, and make sure you have evidence to show. Could turn out to be more lucrative than staying working for them!

– gbjbaanb
Aug 11 at 18:37

|
show 11 more comments

Just putting aside the ethical aspects here, there are very real legal considerations.

It's important you don't send anything in writing indicating that you will do the work until you are sure such work is legal.

edited Aug 11 at 15:44

11684

1033 bronze badges

answered Aug 10 at 16:48

Gregory Currie

12.8k10 gold badges48 silver badges67 bronze badges

58

Thank you Gregory. I am sure the data that would have been gathered would contain GDPR sensitive stuff. This is very shady. I will tell my team-leader I won't do it, if it comes down to me being fired well I stood up for what I believed in.

– SoonToBeUnemployed
Aug 10 at 17:06

10

There shouldn't be any question of firing, if what you're being asked to do is illegal. (Of course, how much protection you get will depend on which jurisdiction you're in.) Though whether you'd want to continue working for such a company is another question…

– gidds
Aug 11 at 10:42

15

The GDPR has, I was astonished myself, consequences outside the EU as well: for example if the data deals with EU citizens, then regardless where it is stored, some parts of the GDPR are applicable.

– Willem Van Onsem
Aug 11 at 13:51

5

"Hey, Team Leader, I don't know whether this is ethical, but I'm pretty sure I'm too mature to participate in childish nonsense like this."

– B. Goddard
Aug 11 at 18:11

20

If you get fired over this, then you're in a perfect position to sue them for wrongful dismissal. But check yourown legal advice for that in your jurisdiction, and make sure you have evidence to show. Could turn out to be more lucrative than staying working for them!

– gbjbaanb
Aug 11 at 18:37

|
show 11 more comments

Just putting aside the ethical aspects here, there are very real legal considerations.

It's important you don't send anything in writing indicating that you will do the work until you are sure such work is legal.

edited Aug 11 at 15:44

11684

1033 bronze badges

answered Aug 10 at 16:48

Gregory Currie

12.8k10 gold badges48 silver badges67 bronze badges

Just putting aside the ethical aspects here, there are very real legal considerations.

It's important you don't send anything in writing indicating that you will do the work until you are sure such work is legal.

edited Aug 11 at 15:44

11684

1033 bronze badges

answered Aug 10 at 16:48

Gregory Currie

12.8k10 gold badges48 silver badges67 bronze badges

edited Aug 11 at 15:44

11684

1033 bronze badges

edited Aug 11 at 15:44

11684

1033 bronze badges

edited Aug 11 at 15:44

11684

1033 bronze badges

answered Aug 10 at 16:48

Gregory Currie

12.8k10 gold badges48 silver badges67 bronze badges

answered Aug 10 at 16:48

Gregory Currie

12.8k10 gold badges48 silver badges67 bronze badges

answered Aug 10 at 16:48

Gregory Currie

12.8k10 gold badges48 silver badges67 bronze badges

58

Thank you Gregory. I am sure the data that would have been gathered would contain GDPR sensitive stuff. This is very shady. I will tell my team-leader I won't do it, if it comes down to me being fired well I stood up for what I believed in.

– SoonToBeUnemployed
Aug 10 at 17:06

10

There shouldn't be any question of firing, if what you're being asked to do is illegal. (Of course, how much protection you get will depend on which jurisdiction you're in.) Though whether you'd want to continue working for such a company is another question…

– gidds
Aug 11 at 10:42

15

The GDPR has, I was astonished myself, consequences outside the EU as well: for example if the data deals with EU citizens, then regardless where it is stored, some parts of the GDPR are applicable.

– Willem Van Onsem
Aug 11 at 13:51

5

"Hey, Team Leader, I don't know whether this is ethical, but I'm pretty sure I'm too mature to participate in childish nonsense like this."

– B. Goddard
Aug 11 at 18:11

20

If you get fired over this, then you're in a perfect position to sue them for wrongful dismissal. But check yourown legal advice for that in your jurisdiction, and make sure you have evidence to show. Could turn out to be more lucrative than staying working for them!

– gbjbaanb
Aug 11 at 18:37

|
show 11 more comments

58

Thank you Gregory. I am sure the data that would have been gathered would contain GDPR sensitive stuff. This is very shady. I will tell my team-leader I won't do it, if it comes down to me being fired well I stood up for what I believed in.

– SoonToBeUnemployed
Aug 10 at 17:06

10

There shouldn't be any question of firing, if what you're being asked to do is illegal. (Of course, how much protection you get will depend on which jurisdiction you're in.) Though whether you'd want to continue working for such a company is another question…

– gidds
Aug 11 at 10:42

15

The GDPR has, I was astonished myself, consequences outside the EU as well: for example if the data deals with EU citizens, then regardless where it is stored, some parts of the GDPR are applicable.

– Willem Van Onsem
Aug 11 at 13:51

5

"Hey, Team Leader, I don't know whether this is ethical, but I'm pretty sure I'm too mature to participate in childish nonsense like this."

– B. Goddard
Aug 11 at 18:11

20

If you get fired over this, then you're in a perfect position to sue them for wrongful dismissal. But check yourown legal advice for that in your jurisdiction, and make sure you have evidence to show. Could turn out to be more lucrative than staying working for them!

– gbjbaanb
Aug 11 at 18:37

Thank you Gregory. I am sure the data that would have been gathered would contain GDPR sensitive stuff. This is very shady. I will tell my team-leader I won't do it, if it comes down to me being fired well I stood up for what I believed in.

– SoonToBeUnemployed
Aug 10 at 17:06

There shouldn't be any question of firing, if what you're being asked to do is illegal. (Of course, how much protection you get will depend on which jurisdiction you're in.) Though whether you'd want to continue working for such a company is another question…

– gidds
Aug 11 at 10:42

The GDPR has, I was astonished myself, consequences outside the EU as well: for example if the data deals with EU citizens, then regardless where it is stored, some parts of the GDPR are applicable.

– Willem Van Onsem
Aug 11 at 13:51

"Hey, Team Leader, I don't know whether this is ethical, but I'm pretty sure I'm too mature to participate in childish nonsense like this."

– B. Goddard
Aug 11 at 18:11

If you get fired over this, then you're in a perfect position to sue them for wrongful dismissal. But check yourown legal advice for that in your jurisdiction, and make sure you have evidence to show. Could turn out to be more lucrative than staying working for them!

– gbjbaanb
Aug 11 at 18:37

|
show 11 more comments

Recently, my team leader added me and my colleague to a Whatsapp group and told us to gather as much as information about a couple of people

gather every information we can find online ("even shoe sizes")

This looks like a case of snooping on an individual to me for the team leader's personal agenda - and that is not what information security needs to be doing.

Can you please provide insight to me on what to do here?

Fulfill this request only if you get directions on the proper channel with everyone being on the same page.

edited Aug 10 at 16:31

answered Aug 10 at 16:08

mu 無

2,11211 silver badges20 bronze badges

15

Before even leaving a paper trail, the OP should consult a professional.

– Jeffrey
Aug 10 at 16:16

1

I think you made some confusion - the team lead added OP to a Whatsapp group to gather information of individuals in that group, not to communicate with OP.

– Marc.2377
Aug 12 at 5:50

Also, recommending OP produces paper trail without getting legal advice first is a terrible idea. If the team lead is anything but stupid (which we should assume he is not), he'll quickly figure out OP's intentions and OP will likely be fired for "no apparent reason".

– Marc.2377
Aug 12 at 5:53

10

@Marc.2377 are you sure? I read it as the Whatsapp group being for communication (outside official office mail, probably). I can't see anything that would indicate that the targetted people are in that whatsapp group.

– Syndic
Aug 12 at 10:55

Why such emphasis on "paper trail" - 2019 version of reality WhatsApp is paper trail.

– Mars Robertson
Aug 12 at 14:21

add a comment |

Recently, my team leader added me and my colleague to a Whatsapp group and told us to gather as much as information about a couple of people

gather every information we can find online ("even shoe sizes")

This looks like a case of snooping on an individual to me for the team leader's personal agenda - and that is not what information security needs to be doing.

Can you please provide insight to me on what to do here?

Fulfill this request only if you get directions on the proper channel with everyone being on the same page.

edited Aug 10 at 16:31

answered Aug 10 at 16:08

mu 無

2,11211 silver badges20 bronze badges

15

Before even leaving a paper trail, the OP should consult a professional.

– Jeffrey
Aug 10 at 16:16

1

I think you made some confusion - the team lead added OP to a Whatsapp group to gather information of individuals in that group, not to communicate with OP.

– Marc.2377
Aug 12 at 5:50

Also, recommending OP produces paper trail without getting legal advice first is a terrible idea. If the team lead is anything but stupid (which we should assume he is not), he'll quickly figure out OP's intentions and OP will likely be fired for "no apparent reason".

– Marc.2377
Aug 12 at 5:53

10

@Marc.2377 are you sure? I read it as the Whatsapp group being for communication (outside official office mail, probably). I can't see anything that would indicate that the targetted people are in that whatsapp group.

– Syndic
Aug 12 at 10:55

Why such emphasis on "paper trail" - 2019 version of reality WhatsApp is paper trail.

– Mars Robertson
Aug 12 at 14:21

add a comment |

Recently, my team leader added me and my colleague to a Whatsapp group and told us to gather as much as information about a couple of people

gather every information we can find online ("even shoe sizes")

This looks like a case of snooping on an individual to me for the team leader's personal agenda - and that is not what information security needs to be doing.

Can you please provide insight to me on what to do here?

Fulfill this request only if you get directions on the proper channel with everyone being on the same page.

edited Aug 10 at 16:31

answered Aug 10 at 16:08

mu 無

2,11211 silver badges20 bronze badges

Recently, my team leader added me and my colleague to a Whatsapp group and told us to gather as much as information about a couple of people

gather every information we can find online ("even shoe sizes")

This looks like a case of snooping on an individual to me for the team leader's personal agenda - and that is not what information security needs to be doing.

Can you please provide insight to me on what to do here?

Fulfill this request only if you get directions on the proper channel with everyone being on the same page.

edited Aug 10 at 16:31

answered Aug 10 at 16:08

mu 無

2,11211 silver badges20 bronze badges

edited Aug 10 at 16:31

answered Aug 10 at 16:08

mu 無

2,11211 silver badges20 bronze badges

answered Aug 10 at 16:08

mu 無

2,11211 silver badges20 bronze badges

answered Aug 10 at 16:08

mu 無

2,11211 silver badges20 bronze badges

15

Before even leaving a paper trail, the OP should consult a professional.

– Jeffrey
Aug 10 at 16:16

1

I think you made some confusion - the team lead added OP to a Whatsapp group to gather information of individuals in that group, not to communicate with OP.

– Marc.2377
Aug 12 at 5:50

Also, recommending OP produces paper trail without getting legal advice first is a terrible idea. If the team lead is anything but stupid (which we should assume he is not), he'll quickly figure out OP's intentions and OP will likely be fired for "no apparent reason".

– Marc.2377
Aug 12 at 5:53

10

@Marc.2377 are you sure? I read it as the Whatsapp group being for communication (outside official office mail, probably). I can't see anything that would indicate that the targetted people are in that whatsapp group.

– Syndic
Aug 12 at 10:55

Why such emphasis on "paper trail" - 2019 version of reality WhatsApp is paper trail.

– Mars Robertson
Aug 12 at 14:21

add a comment |

15

Before even leaving a paper trail, the OP should consult a professional.

– Jeffrey
Aug 10 at 16:16

1

I think you made some confusion - the team lead added OP to a Whatsapp group to gather information of individuals in that group, not to communicate with OP.

– Marc.2377
Aug 12 at 5:50

Also, recommending OP produces paper trail without getting legal advice first is a terrible idea. If the team lead is anything but stupid (which we should assume he is not), he'll quickly figure out OP's intentions and OP will likely be fired for "no apparent reason".

– Marc.2377
Aug 12 at 5:53

10

@Marc.2377 are you sure? I read it as the Whatsapp group being for communication (outside official office mail, probably). I can't see anything that would indicate that the targetted people are in that whatsapp group.

– Syndic
Aug 12 at 10:55

Why such emphasis on "paper trail" - 2019 version of reality WhatsApp is paper trail.

– Mars Robertson
Aug 12 at 14:21

Before even leaving a paper trail, the OP should consult a professional.

– Jeffrey
Aug 10 at 16:16

I think you made some confusion - the team lead added OP to a Whatsapp group to gather information of individuals in that group, not to communicate with OP.

– Marc.2377
Aug 12 at 5:50

Also, recommending OP produces paper trail without getting legal advice first is a terrible idea. If the team lead is anything but stupid (which we should assume he is not), he'll quickly figure out OP's intentions and OP will likely be fired for "no apparent reason".

– Marc.2377
Aug 12 at 5:53

@Marc.2377 are you sure? I read it as the Whatsapp group being for communication (outside official office mail, probably). I can't see anything that would indicate that the targetted people are in that whatsapp group.

– Syndic
Aug 12 at 10:55

Why such emphasis on "paper trail" - 2019 version of reality WhatsApp is paper trail.

– Mars Robertson
Aug 12 at 14:21