Is an ex-employer allowed to hijack your Linkedin Account?
June 24th, 2009 by peter.bassill
An interesting occurrence this morning. A person whom I am aware off was recently made redundant so making the best of Gardening leave as she could, she started looking for new employment. She managed to find employment very quickly much to the distaste of her previous employer who made threatening noises of contacting her new employer. As annoying as this is and being a side topic, I wonder how well this would stack up in an employment court? Anyone out here any ideas?
So, the crux of the problem. The previous employer used the cached credentials on her PC to access her Linkedin account and change the password, claiming to her that they did it to protect their business. The way I see it a criminal offense has occured and here is why:
In accessing the Linkedin account without consent and changing the password without consent, the following occurs
A person is guilty of an offence if –
a) He causes a computer to perform any function with intent to secure access to any program or data held in any computer or to enable any such access to be secure;
b) The access he intends to secure or to enable to be secured, is unathorised; and
c) He knows at the time when he causes the computer to perform the function that that is the case.
So, it would be viable to say that an offense of illegal access has occurred under the Computer Misuse Act 1990.
An offense of Obtaining or Enabling Access:
Access will be secured to a program or data when the user, by causing the computer to operate in any manner:
a) Alters or erases the program or data;
b) Copies or moves it to any storage medium other that that in which it is held or to a difference location in the storage medium in which it is held;
c) Uses it; or
d) Has it output from the computer in which is it held (whether by having it displayed or in any other manner)*
*(Section 17(1) of the Computer Misuse Act 1990)
So is it safe to say that an offense occurred here too?
So let us talk about unauthorized access.
Access is held to be unauthorised when the user:
a) Is not him or herself entitled to control access of the kind in question to the program or data; and
b) He or she does not have the consent to access of the kind in question to program or data from any person who is so entitled.
*(Section 17(5) of the Computer Misuse Act 1990)
So what to do? According to the law, a criminal act has occured but what are the chances of the Police acting on this? Time will tell
All credit goes to for information goes to - <information technology law> Fifth Edition – Ian J. Lloyd. A brilliant book, a must have for any ISO and well worth the investment.
- 1 Comment »
- Posted in Law

