But this applies to any sort of crime: there are limits to what is reasonable surveillance. Of course the legal system is different than what a private company does with its employees, but I think it’s useful to note that there are limits to how far we can go to catch these things.
I've worked at places where data theft meant a spy was violating arms control treaties. You get access to the data you need, and every access and egress is logged. A keylogger is a frankly ridiculous solution to this problem.
Simply audit the events where data is accessed (they also suggest this in the article). What advantage does monitoring keystrokes give? This smells more like an attempt to detect unproductive workers to me.
> Simply audit the events where data is accessed....
That would be a sane approach. Indeed, if there's "data" to guard, then one just properly secures it and allocates access to it. If "theft" happens, then there's access log.
If data is ubiquitous that everyone should be able to access it, then it's hardly data to "guard". In any case, it makes more sense to monitor access to data, not just a sea of keystrokes... unless the concern lies with something other than the data.
