Coworker posted a piece of source code on social network. What do I do?
Today I opened a social network and saw that one of my coworkers, let's call him Bob, posted a piece of source code of one of our projects.
The quick video is blurry, so it's hard to actually read it, but not impossible.
IANAL but I'm pretty sure that this is illegal.
There is no way that anyone else in my company will see it since no one has that social network but for me.
As I see it I have 3 options:
- Act as if I did not see it
- Talk to him in private and make him realize how potentially bad this could end up being, for him and the company.
- Report this to my boss.
Additional information:
This is the first work experience for Bob and he has been working with us for less than 3 months.
My question is: How should I behave in this situation?
I really don't want to escalate this, but if something bad happens because of that post, and my boss finds out I knew about it, I think I would be in legal danger.
social-media italy
|
show 11 more comments
Today I opened a social network and saw that one of my coworkers, let's call him Bob, posted a piece of source code of one of our projects.
The quick video is blurry, so it's hard to actually read it, but not impossible.
IANAL but I'm pretty sure that this is illegal.
There is no way that anyone else in my company will see it since no one has that social network but for me.
As I see it I have 3 options:
- Act as if I did not see it
- Talk to him in private and make him realize how potentially bad this could end up being, for him and the company.
- Report this to my boss.
Additional information:
This is the first work experience for Bob and he has been working with us for less than 3 months.
My question is: How should I behave in this situation?
I really don't want to escalate this, but if something bad happens because of that post, and my boss finds out I knew about it, I think I would be in legal danger.
social-media italy
28
I'm pretty sure that this is illegal
You sure about that? Not familiar with Italian law but this sounds like a private contract violation, not something illegal.
– rath
18 hours ago
7
BTW "I assumed it since averyone else in my company is way older than me" That's ageism right there.
– Peter M
17 hours ago
7
Was this an intentional posting of code? Or was he posting about something else, and this just happened to be in the shot? Was this a serious fragment coding some business logic which is regarded a trade secret, or some simple code? I wouldn't bother bringing it up with a manager if it's some code copying from Stackexchange doing a trivial thing. But I would if the code could reveal valuable information.
– Abigail
17 hours ago
8
@PeterM Or just an incorrect assumption. Let's not jump to conclusions about intent.
– only_pro
16 hours ago
14
@PeterM No, because there's no stereotype of black or Jewish people not using social media. There is a stereotype of older people not using social media, and that's based on the fact that social media users tend to be younger. That's not ageism. Just an assumption based on facts. It may be an incorrect assumption, but calling it ageism is ridiculous. Outrage culture has gone way too far. Stereotypes are based in facts. They can be useful, and they're not necessarily bad.
– only_pro
15 hours ago
|
show 11 more comments
Today I opened a social network and saw that one of my coworkers, let's call him Bob, posted a piece of source code of one of our projects.
The quick video is blurry, so it's hard to actually read it, but not impossible.
IANAL but I'm pretty sure that this is illegal.
There is no way that anyone else in my company will see it since no one has that social network but for me.
As I see it I have 3 options:
- Act as if I did not see it
- Talk to him in private and make him realize how potentially bad this could end up being, for him and the company.
- Report this to my boss.
Additional information:
This is the first work experience for Bob and he has been working with us for less than 3 months.
My question is: How should I behave in this situation?
I really don't want to escalate this, but if something bad happens because of that post, and my boss finds out I knew about it, I think I would be in legal danger.
social-media italy
Today I opened a social network and saw that one of my coworkers, let's call him Bob, posted a piece of source code of one of our projects.
The quick video is blurry, so it's hard to actually read it, but not impossible.
IANAL but I'm pretty sure that this is illegal.
There is no way that anyone else in my company will see it since no one has that social network but for me.
As I see it I have 3 options:
- Act as if I did not see it
- Talk to him in private and make him realize how potentially bad this could end up being, for him and the company.
- Report this to my boss.
Additional information:
This is the first work experience for Bob and he has been working with us for less than 3 months.
My question is: How should I behave in this situation?
I really don't want to escalate this, but if something bad happens because of that post, and my boss finds out I knew about it, I think I would be in legal danger.
social-media italy
social-media italy
edited 18 hours ago
Snow♦
59.5k51191239
59.5k51191239
asked 19 hours ago
Axel2DAxel2D
4861616
4861616
28
I'm pretty sure that this is illegal
You sure about that? Not familiar with Italian law but this sounds like a private contract violation, not something illegal.
– rath
18 hours ago
7
BTW "I assumed it since averyone else in my company is way older than me" That's ageism right there.
– Peter M
17 hours ago
7
Was this an intentional posting of code? Or was he posting about something else, and this just happened to be in the shot? Was this a serious fragment coding some business logic which is regarded a trade secret, or some simple code? I wouldn't bother bringing it up with a manager if it's some code copying from Stackexchange doing a trivial thing. But I would if the code could reveal valuable information.
– Abigail
17 hours ago
8
@PeterM Or just an incorrect assumption. Let's not jump to conclusions about intent.
– only_pro
16 hours ago
14
@PeterM No, because there's no stereotype of black or Jewish people not using social media. There is a stereotype of older people not using social media, and that's based on the fact that social media users tend to be younger. That's not ageism. Just an assumption based on facts. It may be an incorrect assumption, but calling it ageism is ridiculous. Outrage culture has gone way too far. Stereotypes are based in facts. They can be useful, and they're not necessarily bad.
– only_pro
15 hours ago
|
show 11 more comments
28
I'm pretty sure that this is illegal
You sure about that? Not familiar with Italian law but this sounds like a private contract violation, not something illegal.
– rath
18 hours ago
7
BTW "I assumed it since averyone else in my company is way older than me" That's ageism right there.
– Peter M
17 hours ago
7
Was this an intentional posting of code? Or was he posting about something else, and this just happened to be in the shot? Was this a serious fragment coding some business logic which is regarded a trade secret, or some simple code? I wouldn't bother bringing it up with a manager if it's some code copying from Stackexchange doing a trivial thing. But I would if the code could reveal valuable information.
– Abigail
17 hours ago
8
@PeterM Or just an incorrect assumption. Let's not jump to conclusions about intent.
– only_pro
16 hours ago
14
@PeterM No, because there's no stereotype of black or Jewish people not using social media. There is a stereotype of older people not using social media, and that's based on the fact that social media users tend to be younger. That's not ageism. Just an assumption based on facts. It may be an incorrect assumption, but calling it ageism is ridiculous. Outrage culture has gone way too far. Stereotypes are based in facts. They can be useful, and they're not necessarily bad.
– only_pro
15 hours ago
28
28
I'm pretty sure that this is illegal
You sure about that? Not familiar with Italian law but this sounds like a private contract violation, not something illegal.– rath
18 hours ago
I'm pretty sure that this is illegal
You sure about that? Not familiar with Italian law but this sounds like a private contract violation, not something illegal.– rath
18 hours ago
7
7
BTW "I assumed it since averyone else in my company is way older than me" That's ageism right there.
– Peter M
17 hours ago
BTW "I assumed it since averyone else in my company is way older than me" That's ageism right there.
– Peter M
17 hours ago
7
7
Was this an intentional posting of code? Or was he posting about something else, and this just happened to be in the shot? Was this a serious fragment coding some business logic which is regarded a trade secret, or some simple code? I wouldn't bother bringing it up with a manager if it's some code copying from Stackexchange doing a trivial thing. But I would if the code could reveal valuable information.
– Abigail
17 hours ago
Was this an intentional posting of code? Or was he posting about something else, and this just happened to be in the shot? Was this a serious fragment coding some business logic which is regarded a trade secret, or some simple code? I wouldn't bother bringing it up with a manager if it's some code copying from Stackexchange doing a trivial thing. But I would if the code could reveal valuable information.
– Abigail
17 hours ago
8
8
@PeterM Or just an incorrect assumption. Let's not jump to conclusions about intent.
– only_pro
16 hours ago
@PeterM Or just an incorrect assumption. Let's not jump to conclusions about intent.
– only_pro
16 hours ago
14
14
@PeterM No, because there's no stereotype of black or Jewish people not using social media. There is a stereotype of older people not using social media, and that's based on the fact that social media users tend to be younger. That's not ageism. Just an assumption based on facts. It may be an incorrect assumption, but calling it ageism is ridiculous. Outrage culture has gone way too far. Stereotypes are based in facts. They can be useful, and they're not necessarily bad.
– only_pro
15 hours ago
@PeterM No, because there's no stereotype of black or Jewish people not using social media. There is a stereotype of older people not using social media, and that's based on the fact that social media users tend to be younger. That's not ageism. Just an assumption based on facts. It may be an incorrect assumption, but calling it ageism is ridiculous. Outrage culture has gone way too far. Stereotypes are based in facts. They can be useful, and they're not necessarily bad.
– only_pro
15 hours ago
|
show 11 more comments
10 Answers
10
active
oldest
votes
Just speak personally, but make things unambiguous.
That's a great video, but it might be a good idea to remove the company specific stuff - just in case the manager sees it, I'm not too sure how they'd take seeing that there.
And then leave the implied outcome hanging and let your colleague decide what to do.
61
That's not really the tone I was going for here.
– Snow♦
17 hours ago
add a comment |
I think the answer depends on what code is visible in the video. If it's a "Hello, world!" type fragment, some loop that's meaningless without larger context, or an implementation of a simple standard algorithm like linked list etc., I would not consider it to be a big deal; StackOverflow is full of such code and no harm is done. Simply speak to your colleague and suggest they be careful when posting videos of source code so as not to leak anything important.
If one can see in the video a fragment of something critical to your company, such as an implementation of a proprietary algorithm, or encryption, or user authentication, you need to act to make sure the video is removed ASAP. Where I work this would be a major security incident that must be immediately reported to the security response team and to management.
add a comment |
How did he post the code? Screen shot? Video with his monitor in the background? Are machine readable text that I could copy, paste and compile? You say "it's blurry and hard but not impossible to read", so I assume it is a video with a monitor visible?
If that is the case, then let's be serious here: Nobody will be interested in that piece of code. The source code that I'm working on is highly valuable, but if one page of it is shown in a video, it's not of any use to anybody. One page, randomly picked, without any context, is completely useless to anybody. Nobody will even try to copy it.
Unless there are comments in the code that you wouldn't want to share like "this function contains the code where we siphon off the user's address book and send it to our server, and the losers will never find out", then very little harm is done.
I had the same thought. A screenshot of code does not contain any real information, it's just a prop.
– Džuris
9 hours ago
add a comment |
my boss finds out I knew about it, I think I would be in legal danger
If that code is important and has any security risk - Most definitely. You may only receive a warning if it is just generic code.
However I feel this line almost answers your question. You already said that it's your first time working with this person, you have no loyalties. It may be that the colleague in question doesn't know any better and needs educating.
You should tell your colleague to remove it and then tell your manager of what has happened and go from there for the off chance that the manager does see it you want to make sure he's informed so that your own job and financial safety is held.
add a comment |
You don't really have a choice: Your employer would probably tell you that you should go directly to your supervisor and report the incident. I don't think this would be ilegal, but it is probably against information security codes or regulations inside your company.
Now, as a human being, you could also talk to the guy first, tell him to delete that, and not post anything of the sort again. But you must understand the risk of this if HR of a supervisor were to find out.
New contributor
add a comment |
If possible present the video (in it's context) to your Information Security team without mentioning who the employee is, something along the lines of "I came across this video from one of our employees and it looks like they may have accidentally caught some of our code in the video". If you are asked who the employee is, it is better for you and the company to tell the information security team and let them handle it.
Even if we were to remove the video content, there may be policies against the use of recording devices within the workplace (phones with video/audio recording capabilities are generally included for the purposes of these policies).
Best case scenario: all employees are reminded of their responsibilities and the employee responsible receives a soft strike on their record.
Worst case scenario: the employee loses their job and faces a civil-case.
Handling the situation yourself could carry more risk than ignoring it or reporting it to the information security team. While I don't advocate ignoring it, it does provide you the option of deniability "I don't interact with x on the platform so I couldn't have seen it" (admittedly the posting of this question could reduce your ability to rely on that). Handling the situation yourself though, opens you up to the employee continuing this behaviour and you handling it, eventually you get fed up, report it and the employee throws you under the bus in desperation/retaliation.
As a bonus for one of your comments on your bosses not liking social media, this is a good example of why. People tend to forget that social media is not like hanging with a group of friends at your home, it's more like hanging with a group of friends in a crowded pub and you never know who is watching or listening.
add a comment |
I don't fully agree with all the answers so far because they leave too much wiggle room.
- I am assuming that posting anything on social media that includes software or any information about your employer is against policy.
- If all your code contains a boilerplate copyright blow, your co-worker has violated that copyright and could be in legal trouble depending on copyright law in Italy.
- You now know about this violation, and it is your duty to your employer to report it. Do NOT tip off your co-worker, when he gets in trouble he is going to be looking for someone to blame and he might use you
Most employers take this kind of thing very seriously, often too seriously.
Now, not every company is like that, but the way you phrased the question your employer is not one of those places that encourages people to participate in social sharing.
Some employers have anonymous tip lines. You may consider using this and providing them with any information you have including the employees name and the site/link he posted to.
At a minimum inform you boss. Keep it factual and just express your concern and that you felt it your duty to pass it along and let them handle it how they see fit.
add a comment |
The person is new to the workplace, suggesting they are quite young. I would recommend letting the manager know about it. You can tell the manager (assuming they won't consider it themselves), that a firm talking to by them now would make it clear what a person's responsibilities are in the professional environment and what is not acceptable despite the ease with which people post all sorts of personal information online.
New contributor
add a comment |
It is professional to call out security violations.
Whenever you see something dangerous happening, or a non-dangerous mistake for that matter, it would be professional to bring that to the attention of those who did it and those who can fix it. In the best case, those who did it and those who can fix it are the same person, and there is no need to deliver a "reprimand" in public.
To give you a trivial example, I've told juniors, peers, and seniors that they have forgotten to lock their screen while they were away from their desk. By and large, they said oops, sorry, I'll be more careful next time and I've left it at that.
See something, say something, but I'm not the security manager.
I've also seen things which were more of a pattern rather than individual mistakes. In those cases I went to the management and told them we have a systematic problem, it needs a systematic answer, without naming any specific names. (I'm fortunate that I trust them not to press me on individual names.)
add a comment |
Other options:
- Mention the topic of "social networks"in a casual way at lunch and clearly state that you don't think that anything related to work should be visible in a video posted there.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "423"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: false,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f126782%2fcoworker-posted-a-piece-of-source-code-on-social-network-what-do-i-do%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
StackExchange.ready(function () {
$("#show-editor-button input, #show-editor-button button").click(function () {
var showEditor = function() {
$("#show-editor-button").hide();
$("#post-form").removeClass("dno");
StackExchange.editor.finallyInit();
};
var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True') {
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');
$(this).loadPopup({
url: '/post/self-answer-popup',
loaded: function(popup) {
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');
pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);
}
})
} else{
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true) {
showEditor();
}
}
});
});
10 Answers
10
active
oldest
votes
10 Answers
10
active
oldest
votes
active
oldest
votes
active
oldest
votes
Just speak personally, but make things unambiguous.
That's a great video, but it might be a good idea to remove the company specific stuff - just in case the manager sees it, I'm not too sure how they'd take seeing that there.
And then leave the implied outcome hanging and let your colleague decide what to do.
61
That's not really the tone I was going for here.
– Snow♦
17 hours ago
add a comment |
Just speak personally, but make things unambiguous.
That's a great video, but it might be a good idea to remove the company specific stuff - just in case the manager sees it, I'm not too sure how they'd take seeing that there.
And then leave the implied outcome hanging and let your colleague decide what to do.
61
That's not really the tone I was going for here.
– Snow♦
17 hours ago
add a comment |
Just speak personally, but make things unambiguous.
That's a great video, but it might be a good idea to remove the company specific stuff - just in case the manager sees it, I'm not too sure how they'd take seeing that there.
And then leave the implied outcome hanging and let your colleague decide what to do.
Just speak personally, but make things unambiguous.
That's a great video, but it might be a good idea to remove the company specific stuff - just in case the manager sees it, I'm not too sure how they'd take seeing that there.
And then leave the implied outcome hanging and let your colleague decide what to do.
edited 12 hours ago
Kevin
2,73521117
2,73521117
answered 18 hours ago
Snow♦Snow
59.5k51191239
59.5k51191239
61
That's not really the tone I was going for here.
– Snow♦
17 hours ago
add a comment |
61
That's not really the tone I was going for here.
– Snow♦
17 hours ago
61
61
That's not really the tone I was going for here.
– Snow♦
17 hours ago
That's not really the tone I was going for here.
– Snow♦
17 hours ago
add a comment |
I think the answer depends on what code is visible in the video. If it's a "Hello, world!" type fragment, some loop that's meaningless without larger context, or an implementation of a simple standard algorithm like linked list etc., I would not consider it to be a big deal; StackOverflow is full of such code and no harm is done. Simply speak to your colleague and suggest they be careful when posting videos of source code so as not to leak anything important.
If one can see in the video a fragment of something critical to your company, such as an implementation of a proprietary algorithm, or encryption, or user authentication, you need to act to make sure the video is removed ASAP. Where I work this would be a major security incident that must be immediately reported to the security response team and to management.
add a comment |
I think the answer depends on what code is visible in the video. If it's a "Hello, world!" type fragment, some loop that's meaningless without larger context, or an implementation of a simple standard algorithm like linked list etc., I would not consider it to be a big deal; StackOverflow is full of such code and no harm is done. Simply speak to your colleague and suggest they be careful when posting videos of source code so as not to leak anything important.
If one can see in the video a fragment of something critical to your company, such as an implementation of a proprietary algorithm, or encryption, or user authentication, you need to act to make sure the video is removed ASAP. Where I work this would be a major security incident that must be immediately reported to the security response team and to management.
add a comment |
I think the answer depends on what code is visible in the video. If it's a "Hello, world!" type fragment, some loop that's meaningless without larger context, or an implementation of a simple standard algorithm like linked list etc., I would not consider it to be a big deal; StackOverflow is full of such code and no harm is done. Simply speak to your colleague and suggest they be careful when posting videos of source code so as not to leak anything important.
If one can see in the video a fragment of something critical to your company, such as an implementation of a proprietary algorithm, or encryption, or user authentication, you need to act to make sure the video is removed ASAP. Where I work this would be a major security incident that must be immediately reported to the security response team and to management.
I think the answer depends on what code is visible in the video. If it's a "Hello, world!" type fragment, some loop that's meaningless without larger context, or an implementation of a simple standard algorithm like linked list etc., I would not consider it to be a big deal; StackOverflow is full of such code and no harm is done. Simply speak to your colleague and suggest they be careful when posting videos of source code so as not to leak anything important.
If one can see in the video a fragment of something critical to your company, such as an implementation of a proprietary algorithm, or encryption, or user authentication, you need to act to make sure the video is removed ASAP. Where I work this would be a major security incident that must be immediately reported to the security response team and to management.
answered 16 hours ago
mustacciomustaccio
759313
759313
add a comment |
add a comment |
How did he post the code? Screen shot? Video with his monitor in the background? Are machine readable text that I could copy, paste and compile? You say "it's blurry and hard but not impossible to read", so I assume it is a video with a monitor visible?
If that is the case, then let's be serious here: Nobody will be interested in that piece of code. The source code that I'm working on is highly valuable, but if one page of it is shown in a video, it's not of any use to anybody. One page, randomly picked, without any context, is completely useless to anybody. Nobody will even try to copy it.
Unless there are comments in the code that you wouldn't want to share like "this function contains the code where we siphon off the user's address book and send it to our server, and the losers will never find out", then very little harm is done.
I had the same thought. A screenshot of code does not contain any real information, it's just a prop.
– Džuris
9 hours ago
add a comment |
How did he post the code? Screen shot? Video with his monitor in the background? Are machine readable text that I could copy, paste and compile? You say "it's blurry and hard but not impossible to read", so I assume it is a video with a monitor visible?
If that is the case, then let's be serious here: Nobody will be interested in that piece of code. The source code that I'm working on is highly valuable, but if one page of it is shown in a video, it's not of any use to anybody. One page, randomly picked, without any context, is completely useless to anybody. Nobody will even try to copy it.
Unless there are comments in the code that you wouldn't want to share like "this function contains the code where we siphon off the user's address book and send it to our server, and the losers will never find out", then very little harm is done.
I had the same thought. A screenshot of code does not contain any real information, it's just a prop.
– Džuris
9 hours ago
add a comment |
How did he post the code? Screen shot? Video with his monitor in the background? Are machine readable text that I could copy, paste and compile? You say "it's blurry and hard but not impossible to read", so I assume it is a video with a monitor visible?
If that is the case, then let's be serious here: Nobody will be interested in that piece of code. The source code that I'm working on is highly valuable, but if one page of it is shown in a video, it's not of any use to anybody. One page, randomly picked, without any context, is completely useless to anybody. Nobody will even try to copy it.
Unless there are comments in the code that you wouldn't want to share like "this function contains the code where we siphon off the user's address book and send it to our server, and the losers will never find out", then very little harm is done.
How did he post the code? Screen shot? Video with his monitor in the background? Are machine readable text that I could copy, paste and compile? You say "it's blurry and hard but not impossible to read", so I assume it is a video with a monitor visible?
If that is the case, then let's be serious here: Nobody will be interested in that piece of code. The source code that I'm working on is highly valuable, but if one page of it is shown in a video, it's not of any use to anybody. One page, randomly picked, without any context, is completely useless to anybody. Nobody will even try to copy it.
Unless there are comments in the code that you wouldn't want to share like "this function contains the code where we siphon off the user's address book and send it to our server, and the losers will never find out", then very little harm is done.
answered 10 hours ago
gnasher729gnasher729
84.8k39150268
84.8k39150268
I had the same thought. A screenshot of code does not contain any real information, it's just a prop.
– Džuris
9 hours ago
add a comment |
I had the same thought. A screenshot of code does not contain any real information, it's just a prop.
– Džuris
9 hours ago
I had the same thought. A screenshot of code does not contain any real information, it's just a prop.
– Džuris
9 hours ago
I had the same thought. A screenshot of code does not contain any real information, it's just a prop.
– Džuris
9 hours ago
add a comment |
my boss finds out I knew about it, I think I would be in legal danger
If that code is important and has any security risk - Most definitely. You may only receive a warning if it is just generic code.
However I feel this line almost answers your question. You already said that it's your first time working with this person, you have no loyalties. It may be that the colleague in question doesn't know any better and needs educating.
You should tell your colleague to remove it and then tell your manager of what has happened and go from there for the off chance that the manager does see it you want to make sure he's informed so that your own job and financial safety is held.
add a comment |
my boss finds out I knew about it, I think I would be in legal danger
If that code is important and has any security risk - Most definitely. You may only receive a warning if it is just generic code.
However I feel this line almost answers your question. You already said that it's your first time working with this person, you have no loyalties. It may be that the colleague in question doesn't know any better and needs educating.
You should tell your colleague to remove it and then tell your manager of what has happened and go from there for the off chance that the manager does see it you want to make sure he's informed so that your own job and financial safety is held.
add a comment |
my boss finds out I knew about it, I think I would be in legal danger
If that code is important and has any security risk - Most definitely. You may only receive a warning if it is just generic code.
However I feel this line almost answers your question. You already said that it's your first time working with this person, you have no loyalties. It may be that the colleague in question doesn't know any better and needs educating.
You should tell your colleague to remove it and then tell your manager of what has happened and go from there for the off chance that the manager does see it you want to make sure he's informed so that your own job and financial safety is held.
my boss finds out I knew about it, I think I would be in legal danger
If that code is important and has any security risk - Most definitely. You may only receive a warning if it is just generic code.
However I feel this line almost answers your question. You already said that it's your first time working with this person, you have no loyalties. It may be that the colleague in question doesn't know any better and needs educating.
You should tell your colleague to remove it and then tell your manager of what has happened and go from there for the off chance that the manager does see it you want to make sure he's informed so that your own job and financial safety is held.
answered 18 hours ago
TwyxzTwyxz
8,24162960
8,24162960
add a comment |
add a comment |
You don't really have a choice: Your employer would probably tell you that you should go directly to your supervisor and report the incident. I don't think this would be ilegal, but it is probably against information security codes or regulations inside your company.
Now, as a human being, you could also talk to the guy first, tell him to delete that, and not post anything of the sort again. But you must understand the risk of this if HR of a supervisor were to find out.
New contributor
add a comment |
You don't really have a choice: Your employer would probably tell you that you should go directly to your supervisor and report the incident. I don't think this would be ilegal, but it is probably against information security codes or regulations inside your company.
Now, as a human being, you could also talk to the guy first, tell him to delete that, and not post anything of the sort again. But you must understand the risk of this if HR of a supervisor were to find out.
New contributor
add a comment |
You don't really have a choice: Your employer would probably tell you that you should go directly to your supervisor and report the incident. I don't think this would be ilegal, but it is probably against information security codes or regulations inside your company.
Now, as a human being, you could also talk to the guy first, tell him to delete that, and not post anything of the sort again. But you must understand the risk of this if HR of a supervisor were to find out.
New contributor
You don't really have a choice: Your employer would probably tell you that you should go directly to your supervisor and report the incident. I don't think this would be ilegal, but it is probably against information security codes or regulations inside your company.
Now, as a human being, you could also talk to the guy first, tell him to delete that, and not post anything of the sort again. But you must understand the risk of this if HR of a supervisor were to find out.
New contributor
New contributor
answered 16 hours ago
Juan Carlos Eduardo Romaina AcJuan Carlos Eduardo Romaina Ac
1213
1213
New contributor
New contributor
add a comment |
add a comment |
If possible present the video (in it's context) to your Information Security team without mentioning who the employee is, something along the lines of "I came across this video from one of our employees and it looks like they may have accidentally caught some of our code in the video". If you are asked who the employee is, it is better for you and the company to tell the information security team and let them handle it.
Even if we were to remove the video content, there may be policies against the use of recording devices within the workplace (phones with video/audio recording capabilities are generally included for the purposes of these policies).
Best case scenario: all employees are reminded of their responsibilities and the employee responsible receives a soft strike on their record.
Worst case scenario: the employee loses their job and faces a civil-case.
Handling the situation yourself could carry more risk than ignoring it or reporting it to the information security team. While I don't advocate ignoring it, it does provide you the option of deniability "I don't interact with x on the platform so I couldn't have seen it" (admittedly the posting of this question could reduce your ability to rely on that). Handling the situation yourself though, opens you up to the employee continuing this behaviour and you handling it, eventually you get fed up, report it and the employee throws you under the bus in desperation/retaliation.
As a bonus for one of your comments on your bosses not liking social media, this is a good example of why. People tend to forget that social media is not like hanging with a group of friends at your home, it's more like hanging with a group of friends in a crowded pub and you never know who is watching or listening.
add a comment |
If possible present the video (in it's context) to your Information Security team without mentioning who the employee is, something along the lines of "I came across this video from one of our employees and it looks like they may have accidentally caught some of our code in the video". If you are asked who the employee is, it is better for you and the company to tell the information security team and let them handle it.
Even if we were to remove the video content, there may be policies against the use of recording devices within the workplace (phones with video/audio recording capabilities are generally included for the purposes of these policies).
Best case scenario: all employees are reminded of their responsibilities and the employee responsible receives a soft strike on their record.
Worst case scenario: the employee loses their job and faces a civil-case.
Handling the situation yourself could carry more risk than ignoring it or reporting it to the information security team. While I don't advocate ignoring it, it does provide you the option of deniability "I don't interact with x on the platform so I couldn't have seen it" (admittedly the posting of this question could reduce your ability to rely on that). Handling the situation yourself though, opens you up to the employee continuing this behaviour and you handling it, eventually you get fed up, report it and the employee throws you under the bus in desperation/retaliation.
As a bonus for one of your comments on your bosses not liking social media, this is a good example of why. People tend to forget that social media is not like hanging with a group of friends at your home, it's more like hanging with a group of friends in a crowded pub and you never know who is watching or listening.
add a comment |
If possible present the video (in it's context) to your Information Security team without mentioning who the employee is, something along the lines of "I came across this video from one of our employees and it looks like they may have accidentally caught some of our code in the video". If you are asked who the employee is, it is better for you and the company to tell the information security team and let them handle it.
Even if we were to remove the video content, there may be policies against the use of recording devices within the workplace (phones with video/audio recording capabilities are generally included for the purposes of these policies).
Best case scenario: all employees are reminded of their responsibilities and the employee responsible receives a soft strike on their record.
Worst case scenario: the employee loses their job and faces a civil-case.
Handling the situation yourself could carry more risk than ignoring it or reporting it to the information security team. While I don't advocate ignoring it, it does provide you the option of deniability "I don't interact with x on the platform so I couldn't have seen it" (admittedly the posting of this question could reduce your ability to rely on that). Handling the situation yourself though, opens you up to the employee continuing this behaviour and you handling it, eventually you get fed up, report it and the employee throws you under the bus in desperation/retaliation.
As a bonus for one of your comments on your bosses not liking social media, this is a good example of why. People tend to forget that social media is not like hanging with a group of friends at your home, it's more like hanging with a group of friends in a crowded pub and you never know who is watching or listening.
If possible present the video (in it's context) to your Information Security team without mentioning who the employee is, something along the lines of "I came across this video from one of our employees and it looks like they may have accidentally caught some of our code in the video". If you are asked who the employee is, it is better for you and the company to tell the information security team and let them handle it.
Even if we were to remove the video content, there may be policies against the use of recording devices within the workplace (phones with video/audio recording capabilities are generally included for the purposes of these policies).
Best case scenario: all employees are reminded of their responsibilities and the employee responsible receives a soft strike on their record.
Worst case scenario: the employee loses their job and faces a civil-case.
Handling the situation yourself could carry more risk than ignoring it or reporting it to the information security team. While I don't advocate ignoring it, it does provide you the option of deniability "I don't interact with x on the platform so I couldn't have seen it" (admittedly the posting of this question could reduce your ability to rely on that). Handling the situation yourself though, opens you up to the employee continuing this behaviour and you handling it, eventually you get fed up, report it and the employee throws you under the bus in desperation/retaliation.
As a bonus for one of your comments on your bosses not liking social media, this is a good example of why. People tend to forget that social media is not like hanging with a group of friends at your home, it's more like hanging with a group of friends in a crowded pub and you never know who is watching or listening.
answered 10 hours ago
AaronAaron
692
692
add a comment |
add a comment |
I don't fully agree with all the answers so far because they leave too much wiggle room.
- I am assuming that posting anything on social media that includes software or any information about your employer is against policy.
- If all your code contains a boilerplate copyright blow, your co-worker has violated that copyright and could be in legal trouble depending on copyright law in Italy.
- You now know about this violation, and it is your duty to your employer to report it. Do NOT tip off your co-worker, when he gets in trouble he is going to be looking for someone to blame and he might use you
Most employers take this kind of thing very seriously, often too seriously.
Now, not every company is like that, but the way you phrased the question your employer is not one of those places that encourages people to participate in social sharing.
Some employers have anonymous tip lines. You may consider using this and providing them with any information you have including the employees name and the site/link he posted to.
At a minimum inform you boss. Keep it factual and just express your concern and that you felt it your duty to pass it along and let them handle it how they see fit.
add a comment |
I don't fully agree with all the answers so far because they leave too much wiggle room.
- I am assuming that posting anything on social media that includes software or any information about your employer is against policy.
- If all your code contains a boilerplate copyright blow, your co-worker has violated that copyright and could be in legal trouble depending on copyright law in Italy.
- You now know about this violation, and it is your duty to your employer to report it. Do NOT tip off your co-worker, when he gets in trouble he is going to be looking for someone to blame and he might use you
Most employers take this kind of thing very seriously, often too seriously.
Now, not every company is like that, but the way you phrased the question your employer is not one of those places that encourages people to participate in social sharing.
Some employers have anonymous tip lines. You may consider using this and providing them with any information you have including the employees name and the site/link he posted to.
At a minimum inform you boss. Keep it factual and just express your concern and that you felt it your duty to pass it along and let them handle it how they see fit.
add a comment |
I don't fully agree with all the answers so far because they leave too much wiggle room.
- I am assuming that posting anything on social media that includes software or any information about your employer is against policy.
- If all your code contains a boilerplate copyright blow, your co-worker has violated that copyright and could be in legal trouble depending on copyright law in Italy.
- You now know about this violation, and it is your duty to your employer to report it. Do NOT tip off your co-worker, when he gets in trouble he is going to be looking for someone to blame and he might use you
Most employers take this kind of thing very seriously, often too seriously.
Now, not every company is like that, but the way you phrased the question your employer is not one of those places that encourages people to participate in social sharing.
Some employers have anonymous tip lines. You may consider using this and providing them with any information you have including the employees name and the site/link he posted to.
At a minimum inform you boss. Keep it factual and just express your concern and that you felt it your duty to pass it along and let them handle it how they see fit.
I don't fully agree with all the answers so far because they leave too much wiggle room.
- I am assuming that posting anything on social media that includes software or any information about your employer is against policy.
- If all your code contains a boilerplate copyright blow, your co-worker has violated that copyright and could be in legal trouble depending on copyright law in Italy.
- You now know about this violation, and it is your duty to your employer to report it. Do NOT tip off your co-worker, when he gets in trouble he is going to be looking for someone to blame and he might use you
Most employers take this kind of thing very seriously, often too seriously.
Now, not every company is like that, but the way you phrased the question your employer is not one of those places that encourages people to participate in social sharing.
Some employers have anonymous tip lines. You may consider using this and providing them with any information you have including the employees name and the site/link he posted to.
At a minimum inform you boss. Keep it factual and just express your concern and that you felt it your duty to pass it along and let them handle it how they see fit.
answered 14 hours ago
Bill LeeperBill Leeper
12.1k3038
12.1k3038
add a comment |
add a comment |
The person is new to the workplace, suggesting they are quite young. I would recommend letting the manager know about it. You can tell the manager (assuming they won't consider it themselves), that a firm talking to by them now would make it clear what a person's responsibilities are in the professional environment and what is not acceptable despite the ease with which people post all sorts of personal information online.
New contributor
add a comment |
The person is new to the workplace, suggesting they are quite young. I would recommend letting the manager know about it. You can tell the manager (assuming they won't consider it themselves), that a firm talking to by them now would make it clear what a person's responsibilities are in the professional environment and what is not acceptable despite the ease with which people post all sorts of personal information online.
New contributor
add a comment |
The person is new to the workplace, suggesting they are quite young. I would recommend letting the manager know about it. You can tell the manager (assuming they won't consider it themselves), that a firm talking to by them now would make it clear what a person's responsibilities are in the professional environment and what is not acceptable despite the ease with which people post all sorts of personal information online.
New contributor
The person is new to the workplace, suggesting they are quite young. I would recommend letting the manager know about it. You can tell the manager (assuming they won't consider it themselves), that a firm talking to by them now would make it clear what a person's responsibilities are in the professional environment and what is not acceptable despite the ease with which people post all sorts of personal information online.
New contributor
New contributor
answered 4 hours ago
starfishmommastarfishmomma
1
1
New contributor
New contributor
add a comment |
add a comment |
It is professional to call out security violations.
Whenever you see something dangerous happening, or a non-dangerous mistake for that matter, it would be professional to bring that to the attention of those who did it and those who can fix it. In the best case, those who did it and those who can fix it are the same person, and there is no need to deliver a "reprimand" in public.
To give you a trivial example, I've told juniors, peers, and seniors that they have forgotten to lock their screen while they were away from their desk. By and large, they said oops, sorry, I'll be more careful next time and I've left it at that.
See something, say something, but I'm not the security manager.
I've also seen things which were more of a pattern rather than individual mistakes. In those cases I went to the management and told them we have a systematic problem, it needs a systematic answer, without naming any specific names. (I'm fortunate that I trust them not to press me on individual names.)
add a comment |
It is professional to call out security violations.
Whenever you see something dangerous happening, or a non-dangerous mistake for that matter, it would be professional to bring that to the attention of those who did it and those who can fix it. In the best case, those who did it and those who can fix it are the same person, and there is no need to deliver a "reprimand" in public.
To give you a trivial example, I've told juniors, peers, and seniors that they have forgotten to lock their screen while they were away from their desk. By and large, they said oops, sorry, I'll be more careful next time and I've left it at that.
See something, say something, but I'm not the security manager.
I've also seen things which were more of a pattern rather than individual mistakes. In those cases I went to the management and told them we have a systematic problem, it needs a systematic answer, without naming any specific names. (I'm fortunate that I trust them not to press me on individual names.)
add a comment |
It is professional to call out security violations.
Whenever you see something dangerous happening, or a non-dangerous mistake for that matter, it would be professional to bring that to the attention of those who did it and those who can fix it. In the best case, those who did it and those who can fix it are the same person, and there is no need to deliver a "reprimand" in public.
To give you a trivial example, I've told juniors, peers, and seniors that they have forgotten to lock their screen while they were away from their desk. By and large, they said oops, sorry, I'll be more careful next time and I've left it at that.
See something, say something, but I'm not the security manager.
I've also seen things which were more of a pattern rather than individual mistakes. In those cases I went to the management and told them we have a systematic problem, it needs a systematic answer, without naming any specific names. (I'm fortunate that I trust them not to press me on individual names.)
It is professional to call out security violations.
Whenever you see something dangerous happening, or a non-dangerous mistake for that matter, it would be professional to bring that to the attention of those who did it and those who can fix it. In the best case, those who did it and those who can fix it are the same person, and there is no need to deliver a "reprimand" in public.
To give you a trivial example, I've told juniors, peers, and seniors that they have forgotten to lock their screen while they were away from their desk. By and large, they said oops, sorry, I'll be more careful next time and I've left it at that.
See something, say something, but I'm not the security manager.
I've also seen things which were more of a pattern rather than individual mistakes. In those cases I went to the management and told them we have a systematic problem, it needs a systematic answer, without naming any specific names. (I'm fortunate that I trust them not to press me on individual names.)
answered 40 mins ago
o.m.o.m.
1,251158
1,251158
add a comment |
add a comment |
Other options:
- Mention the topic of "social networks"in a casual way at lunch and clearly state that you don't think that anything related to work should be visible in a video posted there.
add a comment |
Other options:
- Mention the topic of "social networks"in a casual way at lunch and clearly state that you don't think that anything related to work should be visible in a video posted there.
add a comment |
Other options:
- Mention the topic of "social networks"in a casual way at lunch and clearly state that you don't think that anything related to work should be visible in a video posted there.
Other options:
- Mention the topic of "social networks"in a casual way at lunch and clearly state that you don't think that anything related to work should be visible in a video posted there.
answered 17 hours ago
SaschaSascha
7,77221636
7,77221636
add a comment |
add a comment |
Thanks for contributing an answer to The Workplace Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f126782%2fcoworker-posted-a-piece-of-source-code-on-social-network-what-do-i-do%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
28
I'm pretty sure that this is illegal
You sure about that? Not familiar with Italian law but this sounds like a private contract violation, not something illegal.– rath
18 hours ago
7
BTW "I assumed it since averyone else in my company is way older than me" That's ageism right there.
– Peter M
17 hours ago
7
Was this an intentional posting of code? Or was he posting about something else, and this just happened to be in the shot? Was this a serious fragment coding some business logic which is regarded a trade secret, or some simple code? I wouldn't bother bringing it up with a manager if it's some code copying from Stackexchange doing a trivial thing. But I would if the code could reveal valuable information.
– Abigail
17 hours ago
8
@PeterM Or just an incorrect assumption. Let's not jump to conclusions about intent.
– only_pro
16 hours ago
14
@PeterM No, because there's no stereotype of black or Jewish people not using social media. There is a stereotype of older people not using social media, and that's based on the fact that social media users tend to be younger. That's not ageism. Just an assumption based on facts. It may be an incorrect assumption, but calling it ageism is ridiculous. Outrage culture has gone way too far. Stereotypes are based in facts. They can be useful, and they're not necessarily bad.
– only_pro
15 hours ago