Welcome to the club, it's such a strange position and one that gives us much more de facto power than one would think at first glance. As the systems grew over time from fancy calculators to automating all business processes this issue creeped in and many organizations haven't addressed it directly.
Yes you should attempt to be as impartial as possible. However you should consider a serious discussion with your direct supervisor about the reality of having access to all company data. I would go into that meeting with some options you find palatable like: I won't involve myself or notify you unless it's a violation of the organization's fair use policy (which I hope you have). That policy should eliminate any possible crime or directly harmful behavior from a grey area.
It is a delicate area but everyone in the organization should be made aware that the systems don't belong to them (likely in the non-profit sector they belong the public with the board as decision makers) and may be actively monitored at any time. This has nothing to do with you directly it's a reality of all modern networks and email. The policy should be clear enough to communicate to all employees so they are aware of your duty. All of this is especially difficult in dysfunctional political environments but I've never had a problem letting them establish the rules and applying them fairly. These matters should be communicated with all the top management and board President if applicable. What they choose to do with their careers isn't our affair unless they misuse the systems or break rules we are responsible for monitoring.
I've been primary IT for several non-profits and served many small and medium sized organizations in a similar capacity since 1994.
Slashdot Mirror
Welcome to the club, it's such a strange position and one that gives us much more de facto power than one would think at first glance. As the systems grew over time from fancy calculators to automating all business processes this issue creeped in and many organizations haven't addressed it directly. Yes you should attempt to be as impartial as possible. However you should consider a serious discussion with your direct supervisor about the reality of having access to all company data. I would go into that meeting with some options you find palatable like: I won't involve myself or notify you unless it's a violation of the organization's fair use policy (which I hope you have). That policy should eliminate any possible crime or directly harmful behavior from a grey area. It is a delicate area but everyone in the organization should be made aware that the systems don't belong to them (likely in the non-profit sector they belong the public with the board as decision makers) and may be actively monitored at any time. This has nothing to do with you directly it's a reality of all modern networks and email. The policy should be clear enough to communicate to all employees so they are aware of your duty. All of this is especially difficult in dysfunctional political environments but I've never had a problem letting them establish the rules and applying them fairly. These matters should be communicated with all the top management and board President if applicable. What they choose to do with their careers isn't our affair unless they misuse the systems or break rules we are responsible for monitoring. I've been primary IT for several non-profits and served many small and medium sized organizations in a similar capacity since 1994.