back to article French firms: You want us to compile DATABASES... of our SECRET information?

Businesses in France are being asked to compile a database of commercially sensitive information that will potentially attract increased interest from cyber criminals. Changes to employment laws in the country will require businesses with more than 50 employees to create a database for worker representatives to be able to …

COMMENTS

This topic is closed for new posts.
  1. Blofeld's Cat
    Facepalm

    Hmm...

    Judging by past experience one of two things will happen:

    1) This information will be duly compiled, categorised and checked by a newly created department within the firms concerned. The state will then create a corresponding bureaucracy to oversee and ensure firms are complying with the regulations.

    Following this process the information will be made available to employees - in the bottom of a filing cabinet, stuck in a disused lavatory, with a sign on the door saying "Beware of the leopard".

    OR

    2) The requirement will be universally ignored.

  2. Vociferous

    Politicians do not "get" IT.

    This makes them easy prey for lobbyists like MPAA or RIAA, but also results in idiotic laws like this.

    Creating a shopping list for corporate spies? What a brilliant idea.

    1. Anonymous Coward
      Anonymous Coward

      Re: Politicians do not "get" IT.

      "Creating a shopping list for corporate spies?"

      All of this information already exists in only two or three locations on the company's systems, so putting it into a single place doesn't really increase your exposure to electronic snooping by any worthwhile amount. If you were snooping a corporate network your key targets would be electronic access rights of the PA's to the CEO, finance director, head of strategy, head of legal, head of operations, head of sales (or their team's shared directories). That's five or six people who's email traffic will tell you everything important that is happening in a company. And that assumes you want all of that - a competitor might be happy with just two or three of those.

      And of the information that the French want the employees to have, does that actually matter? Most big companies are routinely passing most of this info around anyway to third parties - so salary info is routinely shared with "remuneration consultants" or with recruiters, summary but often significant personnel analysis is often available in the group's public personnel report. The company's strategy and performance will be shared in the UK with the employee pension scheme representatives and external fund managers because they enjoy a preferential creditor status (I spent a month last year working on an update for our employee reps on the company pension scheme, so arguably the French are just moving into line with what we already do, albeit for different reasons). If you're a company looking for money in the bond markets then the banks (always leaky as hell) will want to look down the company's trousers in some detail.

      And the actual information (eg on strategy) is something you have to share with a lot of people in the business anyway, with only relatively minor redaction. If you are selling a company the deal room open to potentially hundreds of people will contain all the salary strategy detail, customer lists, key contracts, terms etc. If you take the time to look there's a huge amount of information already publicly available to investors on strategy and performance. Admittedly they don't see anything other than director's salaries and group salary averages.

      So I don't think this actually matters. To be compliant the company just cross out the title "investor presentation", and write "employee co-determination presentation", and append a list of carefully redacted salary detail that can't be traced to individuals. What's the value of telling the employees what the average salary of a middle manager is, or of the senior manager group? You can guess that from job adverts and industry norms.

  3. smudge
    Paris Hilton

    Interesting

    In my many years in information security, I've often thought that a lot of the information that is kept secret does not need to be kept secret, and that it would make bugger all difference if it was published.

    The problem is, of course, that you'd have to get everyone to do it, otherwise those who do could be at a disadvantage to those who don't.

    Will be interesting to see how this unfolds.

    Paris - because that's where a lot of the info will be.

  4. Pen-y-gors

    What's the problem?

    An A4 file containing all the relevant information is technically a database. It's harder to hack than magnetic media and it's more durable. Make it accessible in a locked room, with secure access to authorised people et voila, Robert est votre oncle.

    1. Nick Ryan Silver badge

      Re: What's the problem?

      Precisely my thoughts. Most people see the word "database" and makes the assumption that this implies a networked or online data repository on a computer system. A set of documents in a filing cabinet is a database and this is made quite clear in the (EU) Data Protection Act.

  5. All names Taken
    Joke

    Tsk Silly!

    Can't they just ask NSA and save everyone the time, trouble, bother and expense?

    1. Anonymous Coward
      Anonymous Coward

      Re: Tsk Silly!

      I think this whole excercise is to make it easier for their american buddy's...

      1. Destroy All Monsters Silver badge
        Paris Hilton

        Re: Tsk Silly!

        Anonymous FTP to NSA servers so that french unions can get their contra-capitalistic material too?

  6. d3rrial

    Maybe they'll use an outdated version of MySQL on a server with open MySQL ports...

    Who knows, not every company size 50+ has an IT dept. or IT-people who know what they're doing.

  7. ISYS
    Big Brother

    As the OP said - It will become French law and the French will ignore it.

  8. Anonymous Coward
    Anonymous Coward

    Mr Bellmont should read the law

    Because article R. 2323-1-7 explicitly says that it can be "computerized or on paper".

    Paper, Mr Bellmont? You know, that flat, white thing without even bluetooth? Generally considered difficult to hack remotely? A rather not unimportant detail to omit in your government-bashing activity, isn't it?

    1. Sil

      Re: Mr Bellmont should read the law

      - The distribution can be on paper but the database will be IT; Because it will be even more nightmarish to guarantee confidentiality with printed documents, most companies will almost surely use a computerized solution.

      - The law will prove costly. It won't be enough to assemble the documentation from all divisions; DAF (« Fonds propres et endettement »), Sponsoring (« Activités sociales et culturelles »), RH (« investissement social ») Comité de Direction («Rémunérations des dirigeants mandataires sociaux », « Rémunération des actionnaires »).

      - Information has to be compiled, it has to be up to date and numbers are not enough. Explanations must be included.

      - In short the law is a dream for consultants, lawyers and public servants; It'll probably be yeat another costly nuisance for most companies, with very little upside for employees.

      1. praf
        Happy

        Re: Mr Bellmont should read the law

        "It'll probably be yeat another costly nuisance for most companies, with very little upside for employees."

        Not yeat, but yeast for employee representatives.

        Most of this information was already available for reps, except the strategy part. Hence, no additional cost.

        Information must be up to date: a benefit for the companies, where top managers often have to ask where the latest information is.

        Explanations must be included: another benefit for companies, where middle managers are not always aware of the why and how.

        Employees who wonder about their future should receive an answer about the strategy of their company for the near future. Of course, for "sil", this is "very little upside" for them.

        But perhaps "sil" has never been an employee.

        (A happy face because I am an employee representative)

      2. Destroy All Monsters Silver badge
        Holmes

        Re: Mr Bellmont should read the law

        The law will prove costly

        This. I foresee a few percent of the productive rest-activity of France to go up in smoke (i.e. a few tens of percent of GDP) and quite a few small businesses getting fucked over by zealous civil servants and union members while other put their keys under the doormat in disgust.

  9. Roger Mew

    Oh not again!

    This is yet another nail in French businesses. As it is businesses are as are young workeres haemorrhaging from France. There was a silly politician the other week that said the young French that are going to work abroad are doing so for experience and then coming back. Well we live here, my daughter and her friends are seriously considering leaving, and believe me the ones that have gone are not looking at coming back!

    There are now so many stupid rules, employment laws etc that slowly big companies are finding that doing work in France is not competitive.

    For example, a metal company finds it is cheaper to get someone from the UK to be in France to maintain the machines and repair them than employing locally. He is employed in the UK and on permanent contract!

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh not again!

      I agree with what you say, but I would like to point out that your last example is, probably, technically illegal. The UK chap would be what nowadays is called a displaced worker or some such and EU-wide rules are in place that essentially stipulate that, while he's in another country, he should receive all the benefits available to local employees as if he himself were locally employed.

      It was, amusingly, the French that lobbied for those rules while they were having a spat with Ryanair (who else!) because of them employing people in France on Irish contracts. When the new rules were put in place, Ryanair closed all their French bases and fucked off, as they said they would. The net result was that a number of people went from having a shitty job to having no job at all, and the politicians and union types patted themselves on the back. :-)

      1. Destroy All Monsters Silver badge

        Re: Oh not again!

        "Working is now illegal and not-working is being taxed". What to do?

      2. Anonymous Coward
        Anonymous Coward

        Re: Oh not again!

        help ... someone protect me from saying something truly evil ....

        "Well done Ryanair!"

        aarrggh, i feel dirty ..

  10. Anonymous Coward
    Anonymous Coward

    Confidentiality

    "Under the reforms, work councils are allowed to appoint, within their company-allocated budgets, to appoint external auditors to review the information provided on the database and analyse it."

    If confidential / commercially sensitive information is released, either by such auditors or by people on the work councils (or any organisation to which those people belong), where is the liability? Who gets sued? The people who brought in the rules that facilitate it?

    Next question: if a non-French EU company has a French subsidiary with 70+ employees, this rule comes in and the company decides to make some French workers redundant to get below 50 (to avoid the completely unnecessary headaches this rule has the potential to create), moving the work elsewhere in the EU, how do the affected workers recover financial losses from the people who are responsible for them - the politicians who brought this in?

    Next next question: if a non-French EU company has operations in, say, half a dozen EU countries but it's accounting function or marketing department in France and thus some EU-wide strategic info stored in a database in France, then decides for commercial reasons to expand in another country but the France-based works council (having access to strategy info) decides for itself that the expansion should be in France and starts causing difficulties, what sanctions does that company have against such activities? How does it prevent publicity, recover any costs or losses incurred - including compensation for time wasted or for any opportunity cost - and so on?

  11. MachDiamond Silver badge

    Car break in

    Why am I getting a feeling that a year after all of this goes into effect there is going to be a news report about a laptop being stolen from a car with all of these databases on it.

This topic is closed for new posts.

Other stories you might like