in the case of industrial espionage or actions on the competitors' side) or inadvertent. Anyway, uncontrolled distribution of private information (especially about customers, e.g. card numbers, addresses, orders, business transactions, etc.) will result in withdrawal of customers and business partners, numerous lawsuits, and reducing revenues and profits. Therefore, often companies try to protect own information systems at the expense of employees privacy. This is a part of computer crime prevention measures with usage of specialized encrypting and authentication hardware and software, anti-malware programs such as Internet filters, firewalls, antiviruses, intrusion detection systems, etc.
In some cases company's prevention measures contain monitoring for employee's communications from office workstations including e-mail control. Here, it is necessary to note that federal laws permit employers to monitor e-mail sent and received by employees. However, most companies maintain own privacy policies, trying to balance between privacy rights and security of business information. Sometimes corporate privacy policies allow employees and customers to access data about them and let them decide how that data can be used. This helps to avoid possible misunderstandings between company, employees, and customers.
2. It is obvious that working conditions in IT Company must be designed to prevent computer crimes and simultaneously to avoid negative ethical consequences of prevention procedures. In fact, there is need to balance between some restrictions of Company's information flows and some rights to privacy, and also some rights to know; see Freeman & Graham Peace (2005), and also Tynan (2005). There are two main strategies to achieve such balance which often combined in practice.
First strategy is "the way of prohibitions", namely not to distribute business information and information about technical processes, innovations, features of source codes, information from Company's internal databases, not to delete or corrupt information without clear instructions, etc. These restrictions can be easy formulated, described and then realized by technical means. Also, there are certain possibilities to reveal and investigate almost all cases of violation such Company's rules. These violations can be classified as computer crimes and often related to industrial espionage and information "wars" between competing companies. It is necessary to note that employee must have access to certain parts of Company's data to perform work tasks; therefore, information cannot be concealed at all.
Alternative strategy is "the way of responsibility and obligations" or using corporate ethic rules. These rules determine generally accepted and discouraged activities within IT Company and between organizations. Employees define acceptable practices more strictly than just refraining from committing computer crimes; they also consider the effects of their activities on other people and organizations. Therefore, it is necessary to promote ethically responsible use of information systems on the base of developed codes of ethics, e.g. AITP code of ethics. This code of ethics is a set of obligations to management, fellows, society, employer, and country. For each area of obligation, standards of conduct describe the specific duties and