Clerks' Offices Privacy re: IT Work

[robinvice]

I've recently been called to serve as Stake Technology Specialist.
I've been asked by my area's Facilities Coordinator to inventory all computers in the stake and confirm if there's any software on them that needs to be licensed. I have access to all the buildings involved as well as the clerks' offices where computers reside.
My question is concerning protocol or etiquette regarding entering those offices as well as libraries or any other rooms in buildings.
I've been in IT for years (decades), and it's common for me to go in after hours and visit computers alone, wherever they may be; Pres. offices, accounting offices, HR offices, etc. and never felt I shouldn't be there. Should I feel the same in these sacred buildings and offices where confidential information is stored?
I'm happy to contact individual clerks and make arrangements for them to be there, but I'd rather not make it that complicated if it's not necessary.
Is there a written policy concerning this?
Any advice is greatly appreciated.

Thanks,
Br. Vice

[davesudweeks]

My personal opinion only:
If other's experience is like mine (many years as ward clerk, plus experience as a bishop and branch president), most wards are used to the FM group coming in and doing things in the building without notification (they are responsible for the building - the wards are merely tenants). Sometimes that has caused frustration and hard feelings.

As a matter of courtesy, I would reach out to each bishop and let them know what my assignment was, what I plan to do, and give them an option to have someone present if they desire. I would also ask them to share that information to the ward council members who could be affected by my activities. You aren't asking their permission, just letting them know so no one feels it is being done behind their back.

[BrianEdwards]

IMHO, you're correct that while it's polite to coordinate, there's no requirement. That said, perhaps this would also be a good opportunity for some training/coordination between the stake and ward clerks? You might want to make sure local clerks all understand the purpose of the ward computers, what the software policies are, and the corresponding reason you're being asked to do this inventory. Like @davesudweeks, we've all seen cases where local clerks feel frustrated by either stake or FM group efforts -- sometimes it's just because local clerks feel they are unnecessarily kept in the dark, other times it's because local clerks don't correctly understand Church policies. If you can help local leaders feel like you're actually supporting them in their callings and not just being a busy-body or a roadblock, that's at least half the battle.

[Mikerowaved]

As an STS, you are tasked with not only the inventory of said computers, but the security of the information on them. Are there any confidential files accessible on the PC? MANY auxiliary leaders have keys to the offices and login credentials to the PC. For many years the church has asked that all confidential files be removed from the clerk PC and be stored on a flash drive or other external means that can be locked in a desk or cabinet, or be on the bishop's or clerk's keychain. IMO, if confidential files are encrypted on the PC, they pass my sniff test. The only gray area I've run into is like an encrypted file with a filename, "BrotherJonesCourt - 1May2020.odt". Yes, it passes the test as an encrypted document, but it spills far too much info just in the title.

You are welcome to invite a member of the bishopric to be present during your informal audit, but I find I can work more efficiently by myself. It's your choice. My preference is a weekday with a near empty building. Even then, I always rap on the door to see if it's occupied before entering.

So how do you go about seeing if the various documents and spreadsheets are encrypted or not? You have to get intrusive. There's no other way I've found to fulfil the responsibilities of the STS calling, which includes ensuring that personal and confidential information intended to be private, is indeed stored privately. This entails finding documents, spreadsheets, PDF's, etc., that have filenames that raise a flag that says this needs to be confidential and make sure there's at least a password challenge given when trying to access it. Yes, that may mean clicking on quite a few files. Make a log of any that are personal, financial, or otherwise should be encrypted and are NOT, and share that log with the ward clerk and/or bishop. The vast majority I've spoken with appreciate the spot audit and go about fixing those issues.

While you're there, take a look at the clerk's office in general, as if you were a nosey visitor. Are there any papers lying around that might have personal or financial data on them? What about the trash bin(s)? Are the cabinets with confidential info locked? Add anything you find to your informal audit report.

I treat the stake clerk's office like the rest, although it has far fewer people using it. Still, I shouldn't be able to see confidential info just by being there or logging in to the PC. I go though the same process and present any findings to the stake clerk.

Of course, this is in addition (as others have pointed out) to finding software that may need a license or is being used contrary to its term of use. Some software that's allowed for personal use, might not be free for corporations.