Comment by schnitzelstoat
4 hours ago
Yeah, many companies don't want the liability issues. Like what happens if I open my bank account on my work computer? You could argue I can expect someone to be watching but I have no warning that someone is? Here in the EU that would probably be an easy lawsuit.
Why would you ever login to a sensitive account on a device you don't own and have root on? Like I trust my employer not to do anything shifty with my banking info, if I were to use it, but I'm not going to take that chance for a dozen reasons.
> Why would you ever login to a sensitive account on a device you don't own and have root on?
You mean like the phones that everyone uses with banking apps?
I don't. No financial transactions for me on something so easily lost or stolen, with any number of possible exploits lurking out there. Phones should be treated as compromised from day one.
I have my problems with this as well, but at least no one else already has root on my phone.
You probably use direct deposit in which case your employer already has your banking info
They have my account and transit number and stuff, sure, that's different than my username and password for online banking. We print them out on cheques that can be (reasonably) safely given to my plumber.
patio11/bitsaboutmoney has some good writing about this
In most cases, that's an external payroll service, not the actual employer that has that info.
People often have accounts at multiple banks…
your employer knows how much they paid you and what account they paid to. They don't know your balance, where else you might be getting money from (selling science fiction short stories eh, Cosgrove?! This job should be enough for you!!), that you have donated money to the Democrats recently!! We suggested that was bad!! And lots of other things that come under banking info.
What are the reasons?
Can’t speak for the EU, but the companies I’ve worked for in the US explicitly state what they do not track in their privacy/use policy when giving out laptops/phones/tablets.
E.g. their anti-virus or firewall system may ignore URLs related to banking, medical, or political affiliation and chose not to log or decrypt that traffic
Once I was trying to find a scene from a TV show at work for a joke with colleagues, and the quote I used ended up triggering a very NSFW search. Did not get fired, not even talked to. Thank goodness!
A lot is tolerated, until they want to get rid of you. But in the EU i'm pretty sure they can't use regular non-compliance stuff (general browsing, etc) in evidence. In DE you can't even identify an individual.
Moreover: what is the upside?
Spying on employees is not free. If you want to spend serious resources doing it, there has to be an upside.
How do you expect an employee to prove their banking actions on the company computer were spied on? I imagine this impossible to prove.
If the employer is spying on everything, it's quite easy.
In discovery you can ask for the records. Of course you would need some initial evidence to show it’s likely it exists.
By having it in a small window that's always on the screen.