Privacy is considered a human right in Europe and to this extent organizations have focused on protecting the privacy of their customers’ data. However, there’s a blurring of lines between monitoring employee’s activities to make sure that the organization is secure, with the employees perception of a 'right to privacy.'

To ensure the security of personal data, organizations have grasped the need to manage the people within the organization by restricting the data they have access to, specifically, providing access only to the information needed to complete their specific business related activities. While this ‘controlled’ access is in line with the fundamental security tenet of ‘Least Privilege’, in order to ensure the integrity of its information, an organization also needs to be able to identify if someone has done anything that they shouldn’t have done with this information, or the underlying systems,. For this reason companies need to know 1) who is logging in to the system, 2) what they’re doing and 3) if they had the rights and approval to do so. This is managed in order to deliver another fundamental security tenet ‘Trust, but Verify’, so that the organisation can justify the activity based on the final piece of the puzzle – the captured and recorded activity log.

Read more on Help Net Security.