My HR person behaved inappropriately – do I have any recourse?
June 23, 2015 9:04 AM   Subscribe

I have good reason to believe that our HR manager snooped around on my work computer during off hours, viewing files she had no legit reason to; I have evidence of it, and when I confronted her about it she denied it.

I’m a program manager for a small non-profit (12 people). About a year ago a wildly incompetent executive director was hired, and into the vacuum of competence our finance manager “B” has stepped - power hungry, passive aggressive, bullying, verbally abusing and sabotaging everyone she feels threatened by. She has also refashioned herself as our HR manager and operations manager, and has inserted herself into a great deal of decisions that do not concern her and that she is not by any means qualified for, including manipulating hiring decisions and backseat-managing other personnel. It has been a living nightmare. Three key scientific staff, all close colleagues, have quit over the last few months, and if I had any other employment options in my town in this economy, I would too. I have specialist professional training and this is my life’s work, not just a job, and so I keep on keeping on, until I figure something else out. I provide this as a backdrop because I’m trying to get perspective on something particular B did and whether it rises to the level of bringing the issue to higher-ups: I have good reason to believe that B snooped around on my work computer on the weekend when no one was in the office; I have evidence of it, and when I confronted her about it she denied it.

The details: when I got to work this Monday morning, my desk felt a little off, like someone had been there, but I brushed it off. But within a few minutes of getting to work on my computer, something seemed not-right about the list of documents shown in my “open recent” menu (this is in Excel, on a Mac). I looked at it again and thought, huh that’s weird, one of these I definitely don’t recognize. Then I opened Word to work on something else, and again in the pull-down menu I noticed “recently opened” documents from my desktop that I know well enough to remember not using them in a while. At that point I was feeling a bit creeped out, so I opened up the Information window on both the Word documents, for which the time stamp for “last opened” said Saturday at 1:29pm. (In case I need to say it, I was not in the office on Saturday.) Now, it is rare but not unheard of for another staff member to a) be in the office on a weekend or b) to have printer issues and maybe try someone else’s computer to print from, and most people leave their computers on – so I asked a few other coworkers about it, and none of them had been on my computer. We use an internal server, so any documents of mine someone would legitimately need access to would be there, not on my computer desktop. I looked at the mystery Excel file again and realized by the title it was a finance document typically prepared for the board of directors by B, and B only. (I couldn’t open it, it didn’t exist anywhere on my machine.) The Word documents were specifically my personal ToDo List, and a current job description/bio/cv I'd been working on to submit to a conference. Also opened at the same time were a couple of jpgs - these are personal notes to myself, little stuff on keeping a positive attitude, staying focused, etc. (Also relevant: B is constantly pointing out to the ED any perceived mistake made by others and unabashedly trying to get people fired, and on Friday she and I had had a little tiff over her accusing me of not doing Whatever Task properly – in fact, I had, but she is not literate enough in what I do to know the difference, besides which she is not my boss. But sure enough, first thing Monday, she tattled to the ED who then came to me to check on Whatever Task.)

In spite of all this I was trying to keep my cool and give her the benefit of the doubt. So I walked into her office and asked her:
“Hey, did you happen to use my computer this weekend?”
“No, I did not.”
“Hm. Were you in the office on Saturday?”
“Yes I was, from 1:30 to about 5 o'clock.”
“I'm asking because it looks like some documents were opened on my computer on Saturday, and I’m trying to figure out how that would be, when I wasn't here. It’s alright if you needed to use it, say to print something, I just wanted to know.”
“I don’t know what to tell you. I was working on finance stuff for the board, but I was only in here [her office] and definitely was not in your office or on your computer” (her exact words, her emphasis).
“Was anyone else here?”
“No it was just me, but I like I just told you I got here at about 1:30 so I don’t wouldn't know anything about before that.” (Her tone through all this was her habitual, “you’re stupid and you’re imagining things, why are you bothering me.”)
“Interesting then. Well. Ok.”

So, I have screenshots of the timestamps for Saturday at 1:29pm. And of the finance document which only she has access to. And I have her own description of when she was in the office. I am aware that as an employee my computer is company property and that I should have no expectation of privacy. But she clearly had no valid business purpose to be on my computer after hours - if she did, why would she lie about it? I plan to bring this up to my ED tomorrow with a demand that she be confronted about it and that it goes in her personnel record or… hell I don’t know something serious needs to happen I just don’t know what. But. ED is not tech savvy and may not understand the screenshots and what they mean (he still has yet to figure out how to use our google mail or calendar). B has also done a wonderful job of masking his incompetence and relieving him of responsibility for anything he doesn’t understand, so they are pretty much best buds and I don’t expect a proactive response from him. Yes, things are deeply dysfunctional here – no one has had a performance review in years, and B has been “revising” the employee manual for going on 18 months and no one has seen it in that time. I am 38 years old, am highly respected in my field and by other staff and members of our board, and am normally a pretty assertive person. But I have more than once been punished by the ED for disagreeing with him in front of others and I realistically feel I could be fired, or that the threat of any action on my part would be meaningless, or at minimum he would just roll his eyes at me and go sit with B in her office, within obvious earshot, and talk about how they need to get rid of me (which has literally happened before several times). FWIW I’m in Arizona.

Is there anything I can do?
posted by anonymous to Work & Money (33 answers total)
 
Lawyer up. Call an employment lawyer right now. Polish up your resume (on your own computer at home on your own time, of course). You are in the crosshairs, and frankly, it sounds like this is a shitty place to work.
posted by Etrigan at 9:24 AM on June 23, 2015 [9 favorites]


(On preview, not necessarily disagreeing with Etrigan.)

Is there someone who handles your IT? Even an unofficial computer "guru" would do. That person could validate and support your point that someone used your computer when no one should have been.

Once you've done that, you can present it to whoever you want as a simple security issue, and let someone else figure out who it was. The finance document itself should be enough of a confidential document to get people's attention.

If nothing else you should use this to pursue a policy of folks locking their computers when they aren't using them.
posted by He Is Only The Imposter at 9:31 AM on June 23, 2015 [9 favorites]


If I'm understanding this correctly, it sounds like your office has a general policy of leaving computers unlocked and that there is no effective access control mechanism to individual computers. An office with such loose IT practices has many issues, one of which is that it is quite hard to prove or disprove any particular case of misuse of company resources (as you have alluded to). Therefore, I'm not sure what a lawyer can do - regardless of the correctness of your description, I have no idea how you can prove what happened. Further, and more importantly, an office that has nearly non-existent IT practices likely doesn't actually have a use policy that specifically prevents the usage you're posting about. So, I have a feeling that the person in question did not actually violate any policy in an actionable way. Even if she "clearly had no valid business purpose", that doesn't mean she violated any policy.

To be honest, I think if you want your computer access to be private, you should work for an organization that has an Acceptable Use Policy and has password-protected access to computers. This is not a particularly high bar, and should not be much of a barrier to finding a new job. This isn't an unreasonable thing to expect (AUPs/passwords protect both the organization and the users), and I wish you luck in finding a new opportunity.
posted by saeculorum at 9:34 AM on June 23, 2015 [17 favorites]


saeculorum addresses the point that's most striking to me -- but for clarification, why the heck isn't there a password on your computer? Are you required not to have one?
posted by mister pointy at 9:38 AM on June 23, 2015 [3 favorites]


It sounds like you don't have an employee manual, but if you did, I'm pretty sure it would tell you that your office computer is for office work and not personal matters, and that administrators have the right to access the computer, which belongs to the company, at any time. Every company I've ever worked for since the advent of computers has said something like this.

This is not to say you shouldn't consult a lawyer or the Labor Board, but keep expectations low.

And yeah, find a new job.
posted by janey47 at 9:39 AM on June 23, 2015 [15 favorites]


Good luck finding a new job. You're in a toxic work environment, working with people who are either incompetent or gaslighting you or both.

You know the HR director is actively undercutting you and trying to get you fired. You know you have no leverage with the ED (who is incompetent and manipulated by the HR director). You presumably have no leverage with the board, who hired the HR director and have not taken action to address her behavior.

Yes, it sucks that all the effort you have put into this organization is being trampled by petty manipulative bullshit.

But it's not going to get better. There are no controls you can implement to force the organization to treat you fairly. You will continue to be marginalized and feel anxious, upset, and increasingly paranoid. Until they fire you, or you quit in a rage.

You have skills that will translate to another organization or even another field. Shake the dust off your feet.
posted by suelac at 9:41 AM on June 23, 2015 [2 favorites]


From an it perspective, you have a security breach. You weren't on your PC on Saturday, but it was used to access privileged files. Notify whoever is in charge of such things. Go above both of them (c-level?) and say that you asked B about it and she denied using your PC and that it looks like some kind of data exfiltration/ corporate espionage is going on. Be extra clear that you pinged B and she said it wasn't her .
posted by boo_radley at 9:48 AM on June 23, 2015 [38 favorites]


The thing is that what the HR person did is legal-- nothing you have on your work computer is considered private. And nothing the HR person did is against company policy-- your HR person is in charge of setting what those policies are, and the Executive Director seems to support her.

Since you work at a non profit, losing you probably doesn't affect the bottom line enough that the jobs of the ED or HR person would be in jeopardy if you left, just as the organization seems to have persisted with the loss of key scientific personnel. It strikes me that for whatever reason, they want to run the organization with an eye towards their own happiness, not yours, and the ED and HR person are happier working with each other than with you.

Forget about your relationship with the board: the job of the board is to hire the ED, and sometimes those choices are wrong. They will realize the choices are wrong when key employees leave and non profit funding implodes. You're just collateral damage and your only real recourse is to go in search of another organization whose board made a better hiring decision about the ED.
posted by deanc at 9:49 AM on June 23, 2015 [6 favorites]


I'm not totally sure what the question is here. Even if you could prove that this person was on your computer, it sounds like the behavior is not expressly forbidden either as company policy (since you said people frequently use one another's computers) or legally (since I'm assuming this computer is company property). If you worked for a functional company, obviously you could talk to your boss about the situation, but it sounds like the director of your firm isn't likely to take effective action. I feel like there is not some magical solution in these types of situations other than either finding another job or sucking it up and trying to minimize damage from the toxic person (which tattling to a supervisor who clearly sides with the toxic person isn't going to accomplish). Unfortunately shitty management isn't illegal and there's not much you can do to force a shitty manager to improve.
posted by rainbowbrite at 9:52 AM on June 23, 2015 [4 favorites]


Nthing that I don't think you have much of a serious position to take here. I think if B wants to do this, she will find reasons to do it, and it doesn't sound like there are many serious ways you could challenge them given her form.

You do need to leave though. Don't let the sunk-cost fallacy convince you that this is your "life's work" that you can't leave. We all have several lifetimes - start a new one and wave goodbye to this horrid time you've had at this job.
posted by greenish at 9:53 AM on June 23, 2015 [5 favorites]


Bottom line: You cannot complain about this because you do not have proof. And your ED won't even understand what you're talking about, so you cannot come out of this looking good in any way, shape, or form.

Put a password on your pc, update your resume, and start looking for another job. Take any other defensive actions you can think of, but you need MUCH more than this to make a complaint.
posted by raisingsand at 10:03 AM on June 23, 2015 [3 favorites]


This sounds like a terrible situation to be in. :/

The only other suggestion I would add to those above is to figure out if any documents that you had been working on were edited over the weekend without your knowledge. I would want to make damn sure that my BIG REPORT (or whatever) reads as I intended.
posted by Halo in reverse at 10:08 AM on June 23, 2015 [5 favorites]


>you can present it to whoever you want as a simple security issue

I agree that if you do decide to speak up this is the only acceptable angle.

I wouldn't be surprised if your superiors were aware of the ongoing issues between you and B, and in the event you accuse B of anything they could possibly dismiss it as a political machination on your part.
posted by Dragonness at 10:20 AM on June 23, 2015 [1 favorite]


You are not wrong to be surprised and angry, but you should let this go. There is nothing illegal in what she did, and it's very unlikely there's company policy prohibiting it. She's a boss, she's senior to you, she handles HR. She is not going to be disciplined or yelled at.

What she did actually isn't technically wrong: it's only bad because she had no legitimate reason for it, and because she lied about it. But as a boss in your organization, "legitimate" is really her call. If she has shitty judgement well then, so does your org :(

And it will be too hard to explain to your boss what happened, plus non-technical people get defensive and angry when they are asked to understand technical things. There is no way you're going to win this fight: you'll just end up looking petty and like you have something to hide.

Just get another job, and try to be zen until you do. And put a password on your computer.
posted by Susan PG at 10:29 AM on June 23, 2015 [1 favorite]


Dishonesty delegitimizes this action; she may wanted it to be clandestine, but once it's recognized, hr need to own it.

Of course, I should have also echoed the resume polishing and gtfo direction. Poisoned hr is the worst.
posted by boo_radley at 10:36 AM on June 23, 2015 [1 favorite]


You are in a really bad spot. You have almost no leverage here, and little recourse. You feel violated, and have most likely been lied to. I doubt that you can get satisfaction from anyone on this issue, nor is there much hope things will change. A hope for change is the only reason to hang on, in my view.

Three key scientific staff, all close colleagues, have quit over the last few months, and if I had any other employment options in my town in this economy, I would too.

You know what you need to do. I suggest you make it your top priority. A lawyer might be necessary if the separation gets messy, but if you're quick and quiet about it, possibly not.
posted by bonehead at 11:05 AM on June 23, 2015


Start using a screensaver password. Change it every day.
posted by jgirl at 11:06 AM on June 23, 2015


It is the company's computer and you should not have personal work on it unless specifically allowed. If that is the case then no one, not even HR had any business looking at those files. Lacking any policy, you are using company property and should expect to have no ownership or privacy.
posted by Gungho at 11:41 AM on June 23, 2015


There is no expectation of privacy on a corporate computer. You don't even password protect your login. Prepare to leave at anytime.
posted by LoveHam at 11:49 AM on June 23, 2015 [1 favorite]


There are ways you can catch a snooper, such as hidden software that records activity and shoots pics with your webcam in the off-hours, etc. I don't know specifics for a Mac, but those options exist. The problem is that this person is HR, not to mention senior management, and your ED is incompetent, as you said. Even if you had proof that B was on your machine, you'd have nobody to go to and ED and B would say something along the lines of "so what?" You aren't entitled to privacy, and the best you can do is undo any active sabotage (if any).

I don't like your choices, and no matter how much you love your life's work, you're not really getting it done at this job with all this executive bullshittery going on, are you?

Clean all personal stuff off the computer, even if allowed.

And then decide if you want to put up with this shit, and end up on the defensive, or else be sneaky and do your work in some secret, maybe encrypted, place they can't snoop in, or you quit.

Not on the list of your choices is that your work, your integrity, your professional privacy get respected, because apparently they don't care about respecting your stuff (if it's B). If that's important to you, and I kinda think it is, you can walk out the door.

P.S.: If you give 2 weeks (or whatever) notice, be prepared (emotionally and financially) to be shown the door immediately. If you're not getting respect in the day-to-day, your resignation may get even less.
posted by Sunburnt at 12:18 PM on June 23, 2015


Yeah, put a password lock* on it, and then remember that by pretty much all state and federal laws, and probably by your employment agreement, employee handbook, or equipment usage policy they own everything on your work equipment and may choose to view whatever they want whenever they want.

*This is meaningless if you have any sort of IT staff (or savvy users with admin rights), who have other ways of getting to your stuff, but it will slow your operations manager down if she has to get someone to help her look at it.
posted by Lyn Never at 12:39 PM on June 23, 2015


There is no expectation of privacy on a corporate computer.

Just a note, in case the poster is not in the US: This is not true in Canada, according to our Supreme Court.
The court said an individual’s Internet browsing history alone is capable of exposing his or her most intimate likes, dislikes, activities and thoughts.

'Canadians may therefore reasonably expect privacy in the information contained on these computers, at least where personal use is permitted or reasonably expected,' Mr. Justice Morris Fish said, writing for the majority.

....

But what if the employer has a workplace policy or established practice that warns against personal use? The Court acknowledged that such policies create a 'diminished' expectation of privacy, but argued that they do not completely remove the expectation as the 'nature of the information at stake exposes the likes, interests, thoughts, activities, ideas, and searches for information of the individual user.' In fact, the court noted 'whatever the policies state, one must consider the totality of the circumstances in order to determine whether privacy is a reasonable expectation in the particular situation.'
posted by clawsoon at 12:44 PM on June 23, 2015 [2 favorites]


From an it perspective, you have a security breach....you asked B about it...some kind of data exfiltration/ corporate espionage is going on."

This approach is genius. First, it sets off alarm bells in the ED even if he is not techy, because OMG HACKERS. It allows you to look super concerned without being petty -- after all, the reason you are so concerned is because you DO believe B. If she didn't open up this secret financial document on your computer, then who did? The topic of whether you have any expectation of privacy is irrelevant -- after all, you said yourself, you don't care if B used your computer, you just wanted to know. And she said no. So, OMG HACKERS.

Is there anyone higher up than the ED you can go to? In this case his lack of techiness is an advantage. It gives you a reason to go over his head after he blows you off and sides with his buddy B. You can frame it as concern that he doesn't understand this seriousness of the corporate espionage. Who has access to our financial data? Shouldn't the Board of Directors know that this "confidential" financial data that they are going to be given has not, in fact, been kept secret?
posted by selfmedicating at 1:07 PM on June 23, 2015 [11 favorites]


I'm going to disagree with most people here and say: this isn't that big of a deal. So, B used your computer to open a file that she was working on... so what? It doesn't sound like she was snooping. Who knows what she was doing? Continue to do a good job, and look for a new job in the meantime. Don't get emotionally invested in things that really aren't a big deal.
posted by Automocar at 3:12 PM on June 23, 2015 [2 favorites]


I came to say what Automocar has. I get that your annoyed at the situation, but you need to pick your fights, and this isn't it.
posted by chrispy108 at 4:02 PM on June 23, 2015


I agree with others that this isn't a fight you should pick, though it's concerning that the snooper looked at your CV and your private "chin up!" messages, possibly to gauge how close you are to quitting or to look for dirt to spread. You might consider quietly going into total freeze-out mode:

- Password protect the Mac. If for some reason this isn't allowed, casually stop by the IT person's desk and say, "Hey, someone was looking at files on my computer over the weekend, so I'd like to protect it with a password. OK?" I wouldn't mention who might have been poking around.

- Remove all personal files (CV, inspirational messages) from the computer. If you want to access them at work, put them on a thumb drive that you carry with you. There should be nothing remotely interesting on your work computer. If you send personal emails from your work computer, do it through a different email address using a different provider that only you know how to log into.

- Consider removing all other personal information from the troublemaker's reach, including from your physical desk and any online profiles. When I was in a similar situation, I left nothing remotely interesting on my desk -- no personal photos, nothing that a gossip could use to spin tales. I shared no personal information with the coworkers who were associated with the troublemaker. If Facebook existed then, I would have made sure that the troublemaker and her allies would see only the most bland public posts, so they'd feel like they were actually seeing my timeline when they weren't. (Blocking them would just create drama.)

- Outclass them: Do your work while B and her allies gossip and snark. Be so coolly professional that they have absolutely nothing to hang any complaints on and no fodder for their drama. And look for another job.
posted by ceiba at 4:47 PM on June 23, 2015


I concur with the advice to consider it a security breach. Keep your suspicions about N to yourself in the future. The downside of being wrong greatly outweighs the upside of being right.

Microsoft Office products can share across a network. Weird stuff can happen.
posted by SemiSalt at 5:37 PM on June 23, 2015


I agree that her poking around on your computer is not a battle worth fighting.

I'm curious if she might have accessed your files over the network? If so, technically she could say she wasn't in your office, and be telling the truth. Not that it really matters a lot in these circumstances.

The real answer to your question is: you need to get a new job and get out of there.
posted by doctor tough love at 6:01 PM on June 23, 2015


Had to come in to nth what was said above - not much you can do, this is a shitty situation, just keep doing the bext job you can, no personal stuff on your computer, password protect it, etc.

But I have to add this: I know you said a new job is not in the cards right now. But if it was, and it were me, assuming I was actively searching and prepared to be let go in a worst-case scenario, this is what I would do*:

I would create a .jpg in the same location of a baby orangutan or some other silly, goofy looking animal. On the image I would add text to the effect of you knowing you are being snooped on, without specifically naming anyone. "So, you ARE snooping around on my computer, after all! Mind your own business!" Name it something innocuous but irresistible if B came across it. Check it regularly for access, if only to look for signs of behavior change if you find more evidence.

Awful hard for her to use it against you without admitting to the fact that yes, she was in fact on your PC and lied about it.

* I do not condone doing this, I'm only saying this is what I would do to this horrible person because I find it hilarious. Legal / permissible or not, poking around your personal files and lying about it is still a shitty thing to do.
posted by SquidLips at 8:03 PM on June 23, 2015


Part of HR's job is, in some cases, to snoop on your computer... monitor it for misuse, evidence of non-work related activity, etc. You do not have an expectation of privacy on your work computer. This gal in your office sounds stupid and unprofessional, but I don't see where there's anything going on here in what you've detailed that would give you a case to "lawyer up" about.

That said, ugh, get a new job if you can. This sort of thing is not worth the stress. Your ED sits and gossips with her about you in your earshot? Really???
posted by fingersandtoes at 8:40 PM on June 23, 2015


> Part of HR's job is, in some cases, to snoop on your computer...

What makes you say that? That's a strange reduction in my mind. I, for instance, have the ability and routine job of resetting people's network passwords. That doesn't mean I just get to reset passwords arbitrarily. There's a case that documents the work and it gets audited. So too with HR investigations; there should be a specific complaint that HR is investigating that requires this action. Employee computers aren't just junk drawers for goons to rummage through. This is an ethical objection that is, well, routine, and it's odd for me to see so many people jump to this line of thinking.
posted by boo_radley at 9:09 PM on June 23, 2015


I'm not saying this HR person was right or ethical. I'm saying that it is routine for HR to have the mandate to snoop on computers to check on how they are being used. Office productivity and rule enforcement is generally part of their job (it is not part of the job of, say, the IT department, who could also snoop, but can't argue that they need to do it to do their job.) This isn't criminal law, HR doesn't need a warrant, and employees don't have a default right of privacy in their work computers. This HR person, if cornered, will not be found to have done anything wrong.

OP, again, this place sounds like a nightmare, and I hope you find something better.
posted by fingersandtoes at 11:35 PM on June 23, 2015 [1 favorite]


As an actual HR person can we stop referring to this person as an HR person? You even say yourself that she is actually the Finance person who has also taken over duties of operations including HR, this is extremely common in small companies.

That said, let it go, there is literally nothing you can or should do in this situation. Work computer, unlocked = no expectation of privacy, anything done on a work computer could be looked at by your company and you should always expect that to happen and act accordingly.
posted by magnetsphere at 7:53 AM on June 24, 2015 [2 favorites]


« Older Help me find a half-remembered movie scene   |   Toxic ex broke up with me and wants to get back... Newer »
This thread is closed to new comments.