I have a slightly uncomfortable situation at work. We have a new MD who is an IT enthusiast and loves to want to know about solutions to issues. But his enthusiasm has grown to a point whereby he has demanded for admin passwords and administrator level privileges on all systems on the Network. I know this is not right as this gives him too much visibility into other people's dtat/communications. He has recently obtained the another system administrators login details into the E-mail Content Control System (thereby having the ability to all the e-mails that were sent from our Network and all that were sent to our network, including the subjects of such e-mails. The System Admin knows it was wrong of him to demand for this, but since he is the Boss, he found it difficult to say 'No'.
I have discussed the matter with the person who would be able to advise the MD against this practice, but even this mediator has said unless i can find something in the law which forbids this (rather that just something that says it is best practice), then he will find it difficult to explain to him why it is not acceptable.
Is there any statute in the law or something remotely resembling a legal position on this that i can pass to this mediator to help put a stop to this practice?
Do CEOs and MDs of other companies also demand administrator access privileges as well as admin accounts though their day to day tasks do not require them to have knowledge of the administrator accounts.