Avoiding Liability While Fixing Employee PCs?

ellem asks: "The upper management team of my company has made a decision that the IT department will work with employee's home computers and laptops. Despite every possible explanation of liability and the loss of proprietary information, the decision was made in order to satisfy a 'need' that the employees have expressed. Many of our employees are, in fact, independent contractors and could go elsewhere with little impact to themselves. Upper management feels offering this service to our employees will separate us from our competitors, and is so committed to this that they have allocated a special budget for tools, software and new hires to handle this particular segment of IT. However, I am still rather worried about general liabilities. While I can keep the network relatively safe and guard against certain types of file transfers, the fear I have is a tech wrecking an employee's home machine/laptop - whether they actually do or the employee perceives that they did. Are any of your shops offering this type of extra service? Do you have any policies in place to protect your company from liabilities that could spring up?"

A couple of points.

[plover]

First, you should be asking your corporate lawyer the answers to some of these questions. SINSFARL (Slashdot Is No Substitue For A Real Lawyer.) He'll probably recommend things like insurance, etc.

That said, you may want to have the aforementioned lawyer draft up a legal-looking piece of paper that says "In the event my computer or data is hozared by incompetent employees, I agree not to sue The Company..." bla bla bla.

I think you probably should look at the technical aspects, too. Establish rules for the fixit shop, such as "Never plug an employee's home machine directly into the company network." Your service shop should have a firewalled safe zone that can get to the internet, but not to your internal network.

Bring in an experienced repair shop manager. Get someone who knows how to set up and run a safe workbench, and who knows how schedules, policies, etc. work. Have them run as an independent agency inside your company. He doesn't have to turn a profit (duh) but should be responsible for maintaining service levels, providing estimates and setting prices (you're not GIVING away brand new replacement 512MB nVidia cards, are you?) and have purchase authority.

Re:A couple of points.

[plover]

Well, I orginally was going to write IANAL, but then a case of 'duh!' set in. What kind of person asks legal advice on Slashdot? We need something like SINSFARL; or maybe one of those form letters for Ask Slashdot:

You posted a(n)

• [ ] inane
• [ ] insane
• [ ] incomprehensible
• [ ] off-topic
• [ ] pointless
• [ ] frequently-asked

question on Ask Slashdot.

Your question deserves one or more of the following replies:

• [ ] Don't ask Slashbots for legal advice. They are not lawyers.
• [ ] Slashbots will get it wrong as often as they get it right.
• [ ] Your topic is controversial and will only start a flame war.
• [ ] Your topic has only one correct answer and that is: _______, and you should have been smart enough to recognize that.
• [ ] Your question has been asked on a weekly basis, please follow this link: ________ for the most recent answer.

In addition, you are:

• [ ] foolish
• [ ] a troll
• [ ] pedantic

Special liability of these PCs?

[mcarthur]

So what if these are employee's home computers and laptops.

What liability is there that is greater than an retail Computer fixit shop?

This is easy...

[__aaclcg7560]

1. Maintain a fast server with plenty of storage space.
2. Get a good disk imaging program to make a full backup before any work is done.
3. ???
4. Have updated resume listed on all major job search websites.

Re:This is easy...

[auspiv]

3.5. Profit!!!

Done all the time!

[_Sharp'r_]

Special Liabilities? Yes, go to your local computer repair shop. Pick up one of their service forms with all the legalese and take it in to your corporate counsel and have them copy it. Hand it to the contractor/employee to sign at some point prior to the first time you go to work on their computer.

You do realize that there are lots of people who actually do what you are describing for a living, right? One upon a time about 10 years ago I managed such a shop. Your resistance to the feasibility of the idea seems to argue against you considering that all you are doing is basic PC work, just like lots of other people in your town do every day. There's nothing special legally in this case about the fact that you have an additional contractual relationship with the people you are doing the PC work for.

Re:Done all the time!

You do realize that there are lots of people who actually do what you are describing for a living, right?

You do realize that if you work on a machine and the customer has more political clout than you do within your company, no matter what you say is going to save your ass, right? I can assure you if even a mid-level exec takes his freshly loaded PC home and little Johnny Turnipseed loads CoolWebSearch v113.8 and the machine crashes, if that exec says its your fault, it's your fault. You can do forensics all day long to prove your point and it won't matter.

One upon a time about 10 years ago I managed such a shop. Your resistance to the feasibility of the idea seems to argue against you considering that all you are doing is basic PC work, just like lots of other people in your town do every day. There's nothing special legally in this case about the fact that you have an additional contractual relationship with the people you are doing the PC work for.

With a proper contract your personal liability is likely (IANAL) not at stake, I'll grant you that. Your job is. Piss off a politically connected computer illiterate in your company by working on his home machine and having him/her fuck it up in rapid succession and you'll be pounding the pavement for a new job.

We've been doing this sort of support where I work and it generates nothing but bad karma with the computer illiterates (yeah, we've tried training them). In many companies it will not be the same as running a standalone shop. You get to look at these people every day in the office and the cafeteria after they've dumped their Quicken data and somehow now it's your fault. Don't give them that out.

Punt!

[Zadaz]

If your company is big enough to provide this "Service", they have a legal department. Have them whip up something. Of course that will only protect your company, not the poorschmoes who are fixing (non)employee equipment, but any layer would rather go after the entity with more money. At any rate they'll have to write something up to keep people from taking advantage of the system. (How easy would it be to abuse the system to get free components?)

And this doesn't answer your question, but, seriously: WTF?
How sadly misguided is this? If they want to give employees and contractors perks, how about something with a little more common sense. Like healthbenefits (for contractors) or gas/travel vouchers. Both are something people would be glad to have and have tax benefits to the company. Or how about spa gift certs or something where there's little liability.

Alternately, they should subcontract the work out (Clearly they have no problem doing that). Get GeekSquad or something out there to do it for you. Sure, the liability is a headache for you, but I can't believe that any marginally responsible company would take on the infrastructure to do something like this. Maid service for all employees would be cheaper and have less overhead. And I'm sure would be a nice perk.

Liability

[Detritus]

If one of your techs does wreck an employee's computer, I hope that your response is something better than pointing to a sheet of paper that the employee signed. Even the best technician will do something stupid on occasion, that's how people learn. It's much cheaper to just fix the problem and eat the cost. To do otherwise risks generating a lot of ill will and you may end up paying for it anyway, plus legal and court costs.

Run far far away

[edremy]

The small college I work at used to do this before I arrived. They don't anymore for many of the reasons listed below. It's unmanageable long-term, basically due to scope creep. Sure, you'll fix their laptop when it gets infected with a virus. You'll help them with (obscure program) that has conflict with (driver of obscure program). In fact, you'll spend hour after hour at it, and they'll bring it back the next day after they visited "Spyware 'R Us" for the 37th time. Remember that you'll have *no* control over this hardware and software. If they turn off their firewall because it blocks some site they must must must get to there's *nothing* you can do about it, except pick up the pieces. Remember- wipe and reimage won't work here, since you won't have an image and all their files aren't backed up anywhere else.

Then they'll wonder why they can't get connected to their cable modem. Guess who will be driving out to their house since you can't troubleshoot that at the office? Yes, this actually became the expectation where I work. IT makes house calls. I wondered if they asked Buildings and Grounds to mow their lawns for them.

Next, what kind of liability are you going to run when the employee blames you for deleting (really really super important file)? Yes, I know you had nothing to do with the hard disk crash, but tell the CEO's son that when he just lost the first draft of his novel.

In all seriousness, here are a few suggestions

• Get a *written* contract for them to sign every single time they bring in the machine along with a detailed description of the problem. Make sure this contract spells out that they are responsible for backups of all important files on the machine, not you.
• No personal machine can connect to your intranet, ever, for any reason. Block all the ports to anything without a known MAC address and dump them into a space where the only two machines that exist for them are windowsupdate and a site to download antivirus and antispyware tools- everything else resolves to 127.0.0.1 (Check NetReg for a free solution here)
• Develop a detailed written policy about privacy. Make sure they understand that you aren't snooping, but sometimes finding out information simply can't be helped. Make it clear that stumbling across stuff like kiddie porn will be reported to the cops. Run this past your law folks
• Keep stats on abusers. 5% of your folks will take 95% of the time. Make sure the powers that be know how much money these 5% are costing them.
• No house calls, ever. Verizon DSL has tech support- they can bug them.

Good luck. You'll need it.

Re:Run far far away

[scoove]

No house calls, ever. Verizon DSL has tech support- they can bug them.

Thanks. As the senior net tech for an ISP, I really appreciate you dumping these people my way. As if I didn't have enough "Your damn Internet service caused my Microsoft Word to have weird font problems" issues.

Actually, you had a pretty good post and the feature creep issue is very serious. Best of all, your mention of the 5% troublemakers is dead on.

We're a smaller non-incumbant broadband provider with 2500 subscribers in a portion of our state. We struggled with growth at first but discovered that by isolating the loser customers from the winners (and encouraging the losers to go to the DSL competition), it totally freed us up to take care of good customers.

I still get the occasional nasty emails from customers who threaten to leave us because we won't go solve their complicated VPN issue for free or rid their Windows 98 that never saw an antivirus package in its life of great malware nastiness for free. The great thing about my job is that I have the liberty to make the judgment call. I'll actually give the losers the phone number of Qwest or Direcway and tell them I'll even waive the early termination penalty and help them go to the other provider. The shock I get from them being shown the door is incredible. Some quiet down and become more realistic in their expectations, but the majority of that dead-weight 5% storms off and becomes someone elses liability. If you troll the business shelves in Barnes and Noble, you'll find quite a few firms (like Nordstroms) known for exceptional customer service that quickly separate the winners from the deadbeats, and show the latter the door.

My recommendation to every slashdotter: Ask yourself in every situation you are in as a customer if you are a good customer or a liability to that firm. They have to make at least 12% to 15% on you to pay their creditors, shareholders, the tax man and stay in business. I've left extra money on the table many times to make sure my vendor stayed around and didn't think of me as nothing but a drain. Don't ever be a parasite! If your vendor doesn't do know how to separate good from bad, they're destined for failure.

*scoove*

Beware of Software Licensing Issues

[gEvil+(beta)]

Make sure you have a policy that very clearly establishes (in absolutely no uncertain terms) that you do not install unlicensed software on the machines, no matter who tells you to. Invariably, you will get some guy from accounting coming in demanding that you install Photoshop on his home computer "because he needs it for work." When you mention that you can't install unlicensed software, he'll go tell his boss, who will then tell you "to just do it." Nobody out there seems to give a damn about licensing issues except for the guy responsible for it. Everyone else takes the view of "well, we have a CD, so it's okay to put it anywhere." The one plus to all of this is that if you ever decide to take off, you can always put in a friendly call to the BSA... : p

Bad idea

[Sloppy]

It's a bad idea, but only because getting into "computer support" is generally a bad idea. So many people these days have problems that basically just can't be fixed by any technician, and thus are guaranteed to end in unhappiness for everyone involved:

• They run MS Windows and these boxes just tend to "magically" degrade unless periodically re-installed. Except you can't do that because the user will lose something, because they don't have backups, original distribution media with which to reinstall applications (or even the OS itself), registration keys, etc.
• They run applications (MSIE, MS Outlook, MS Word, MS Excel) which in turn are vectors by which other malware comes into the system. You can't tell a user "Ok, I made it so that your machine is secure now," when the user has the habit of running MSIE to look at websites on the Internet(!) or is in the habit of loading untrusted data+macrocode into MS Word. (And of course they do these things while logged in as an administrator.) When things go wrong again, these people always complain later that you didn't really fix their problem. It's not like you can tell users to stop shooting themselves in the foot.

Legal department can care of the liabilities. The real thing to think about is: does anyone who does generic PC support, really want more customers? And these people you're talking about, aren't even paying customers. Holy crap, what a great way to lose money and make everyone hate you at the same time.