Software

Who owns corporate e-mail? Is there a right to privacy?

Does a user have a right to privacy when it comes to corporate e-mail? Or is e-mail corporate property, subject to the whims of the company? Here's one story, what's yours? And take the poll.

Does a user have a right to privacy when it comes to corporate e-mail? Or is e-mail corporate property, subject to the whims of the company? Here's one story. What's yours? And take the poll.

-------------------------------------------------------------------------------------------------------------------

I recently wrote a blog piece about using caution before hitting that e-mail Send button, and I shared an experience I had in that regard. Well, I was taken to task by a TR member because I didn't, I suppose, respect the privacy of the e-mail recipients. It was even compared to taking another person's mail from the post office -- which, in my opinion, can't even be called a stretch to compare. I don't mind being taken to task for anything I might say, mind you, since not everyone agrees on everything with everyone, and I have pretty thick skin, capable of taking a bit of criticism (it comes with the territory). But I thought it might be an interesting subject to throw out there for comment and discussion.

In short, the company accountant accidentally sent some sensitive information to everyone in the office instead of just the corporate officers because the Reply to All button was selected instead of simply Reply. An honest mistake, to say the least, but one with potentially serious consequences. I was asked if it could be unsent, and I simply helped intercept the e-mails before they were downloaded by the users' Outlook.

In this particular case, the company in question clearly makes it known in written office policy documentation that when it comes to e-mail generated on and received by company computers, on company time, and using company resources, there should be no expectation of privacy, and any e-mail is subject to review.

The reason for this policy is two-fold. First, it's not to snoop and pry, per se, but rather to ensure anyone's project could be addressed by another person should the need arise. Nobody is in the office 100 percent of the time, and cases will come up when a person's e-mail will have to be accessed for some reason or another. The second reason, of course, is to make it perfectly clear that these are company resources, that personal activity should be kept to a minimum, and that the company reserves the right to access that e-mail account.

Some companies may not have such a written policy, but I might guess that in the absence of such, it might be an unspoken policy. Nonetheless, since I was questioned on this, I thought I'd create a poll and see what other TR members have experienced.

Take the poll and share your comments in the following discussion.

206 comments
obrian
obrian

I see it all, but don't much care. My primary concern is that you be able to send and receive messages. My exposure to content is by way of the constant need to jump into user mailboxes and empty their deleted items, as it is too much work for them.

Joe_R
Joe_R

I wish I could answer each and every one, but there's just too many. Thanks to all who replied and shared.

Joe_R
Joe_R

With 1,271 votes: 93 percent call corporate e-mail company property, subject to review. 5 percent call it personal and private. While 3 percent had mixed opinions, depending on circumstances. If you're in the 5 percent who thinks it's personal and private, I might suggest that you err on the side of caution.

larimer
larimer

It is company property period. But private mail in most states on a company machine may be private. Look at it like snail mail, if you receive mail at work addressed to the company (joe@company.com) it is there?s. If you receive personal mail (joe@hotmail.com)at work they can not open it (snail mail). If you read your company hand book there is most likely a statement that there is no expectation to privacy on any company equipment. This gives them the right to look at ALL data on there computers.

Geekstuff1
Geekstuff1

It is not your personal mail. It is the company's mail. We have a clear policy that state this. If employees can use the company email for personal use it is allowing them to spend work time chatting it up with friends and doing their own business. If you house it one your own server it belongs to the employer. Now if you use a third party, the law may se it differently as in the case of the naughty little officer using his cell phone to send naught text messages.

Forum Surfer
Forum Surfer

I just received a page. Yeah, on call for the holiday weekend sucks. Turns out an errant user with permissions to our ftp was uploading last night's bachelorette party pics for her sister in another state. Probably would have been fine and no one would have noticed....except that a manager of another area was downloading an RFP this morning and noticed them. She'll be getting a stern warning Tuesday, but no disciplinary action I hear. I removed the pics and it was decided not to keep copies as evidence (dang it). Lol, on a side note it appears the maid of honor is single and very outgoing...I'll have to ask her out Tuesday upon my return, too.

eurojames
eurojames

i would appreciate a personal note of thanks if it's not too much to ask Joe. just don't email it or post it to my work address!

eurojames
eurojames

well thats it then. a website has had a poll, that's had over a 1,000 responses, so no need to argue the subject in courts - its final and binding - glabally! woohooo. thanks team.

Deadly Ernest
Deadly Ernest

having it addressed "Personal and confidential" - in most jurisdictions, the mail can not legally open such mail at all due to laws on handling of mail. The corporate answer in most organisations I've been in has been to have the letter returned to sender with the following stamp on it: "RETURN TO SENDER - Private mail not permitted or processed through company mail room. All mail opened in mail room or returned. Please send to home address if personal." ....... On a related issue, I worked in an organisation where all the emails were automatically duplicated into a file for the case concerned. All emails, in and out, had to have the case number in the subject heading. Any mail without the case number or had an invalid case number went to an admin person for correction. That was done to cover legal concerns as they handled peoples' lives in each case.

Deadly Ernest
Deadly Ernest

address is legally seen as corporate property by most legal jurisdictions - if it's not meant for the company, it shouldn't be sent to the company address. The same with email. Want it to be private, don't have it sent to the company mail server and don't access it through the company system. Yes, it's better to have something like a hotmail or gmail email address for private mail, but many organisations have such websites on their blacklist just to stop people checking private email on company time - and that is their right.

eurojames
eurojames

I guess the other question to consider is what is private? There's plenty of times id actually prefer private emails to sit on my organisations email servers. 1) I know there's a degree of privace attached to that 2) you have some control over the data. Check out where gmail for example has some of their data warehousing. Countries that have little or no data protection laws. Here's the real killer : Google won't supply or acknowledge exactly where your email is held in the world. Possibly because it's too difficult to trace - or more likely they don't actually know.

eurojames
eurojames

how that HELL is that worth a page on a holiday weekend?! does your ftp server spontenously implode if it has to deal with picture files or something? I woulda told said manager to self felatiate!

Deadly Ernest
Deadly Ernest

of you at a party is to have them all posted at a public site with the URL widely distributed through TR - especially a bachelorette party

Joe_R
Joe_R

Keep an eye-out for it.

Joe_R
Joe_R

Take it for what you think it's worth. If that's nothing, then so be it.

eurojames
eurojames

i get mail/parcels delivered to work all the time by having my name and work address on it. i must be magic.. what kind of legal concerns is your co emailing about? if its that sensitive i presume its encrypted to all heaven.

eurojames
eurojames

surely you work somewhere that is not the 'norm' when dealing with email or postal mail! as such i'd put your opinions and experiences way out of the standard deviation range of variances

Joe_R
Joe_R

Company resources = company property

Forum Surfer
Forum Surfer

I should spend more of the taxpayers (read: my) money to buy more storage space just so my users have secure personal email? We all know webmail isn't safe for private data, but that is no excuse to let users waste server space with personal stuff. I don't see the logic in that. To me it is absolutely no different than using company storage to store your home back ups since we do disaster recovery and your data is backed up to the nth degree. Either way you are using company/government/whatever owned resources for your personal; benefit. Meanwhile we in IT are forced to upgrade to more storage space. Your "private personal" emails waste my backup space with trivial non business related items. I just don't see any room to argue. Email, storing personal files or anything similar is simply misusing company equipment for your own personal gain or convenience unnecessarily.

NickNielsen
NickNielsen

Pay an ISP for an email account. There's a larger degree of privacy attached to that (requires a search warrant in the US) and you have total control over the data once you download it to your PC. Your employer may need reasonable cause to go searching in your emails, but it's not you determining what is "reasonable" now, is it? Is that determination subject to legal restraints or can the mail admin decide that 2% of emails from non-business addresses is excessive and start checking things out? Any expectation of privacy from free mail accounts or at work is unrealistic at best. edit: clarify

Forum Surfer
Forum Surfer

The site isn't public, but there are vendors and outside people that use it so I can see the manager in question's concerns. Not exactly the professional image you would want portrayed...yet I can hardly see any guy that happened to see these pics in questions being offended. If he did, he should promptly turn in his man-card. :)

eurojames
eurojames

painted self as what i wonder..? actually don't answer that. it may get personal! anyway. the privacy discussion seems to have wound down..

Joe_R
Joe_R

....but somewhere along the line, you blew it. You've painted yourself. You know that, don't you?

jdclyde
jdclyde

does that mean you would have joined sooner? :D

eurojames
eurojames

this isn't some sort of gay pick-up site is it? Not that i have a problem with being gay or this being a pick-up site for said sexuality - just it should advertise itself as one more thoroughly.

NickNielsen
NickNielsen

I'd have added "Hold your breath till you get it."

eurojames
eurojames

you must know a lot about back door action..

eurojames
eurojames

maybe if we start a mexican wave he'll join in? (no offense to mexicans)

santeewelding
santeewelding

They are your equals. They know where your back doors are as well or better than you do.

Joe_R
Joe_R

.....why do you care what they think?

Deadly Ernest
Deadly Ernest

depending upon your point of view at the time the question's asked.

NickNielsen
NickNielsen

Your wife switched the "h" and "n" keys again, didn't she!

eurojames
eurojames

that's surely subjective ;-) i hear ya. lets not get snarky.

eurojames
eurojames

so in summary - hardly a usual setup then!

Deadly Ernest
Deadly Ernest

operated like that received bags of mail each day and had a real fear of bombs, they did receive their share as they were government organisations or closely related. A courier delivering a parcel to my physical work address could deliver it to the security desk downstairs where it got scanned and I got called to collect it. If they wouldn't let it be scanned, I got called and if I was expecting it, I had to take it outside to open it and bring the contents in with it open. But nothing personal could come through the mail room, and all postal article came through the mail room as we collected instead of having the mail man deliver it. Email, all classified emails were encrypted and went through a special gateway. All unclassified stuff went unencrypted through another gateway after being scanned by a couple of systems. unclassified internal stuff just went around the LAN. The real bugbear was the super encrypted stuff where you sent the email after it was encrypted using a codewords from the a book with the codewords in it. I was lucky and able to avoid those.

eurojames
eurojames

/** < head shaking > ...are these 'divisions' you talk of road sweepers and gardeners by any chance. No. Finance departments related to social services. */ sounds pretty much the same ..

NickNielsen
NickNielsen

[i]...are these 'divisions' you talk of road sweepers and gardeners by any chance.[/i] No. Finance departments related to social services.

Deadly Ernest
Deadly Ernest

the big government organisations have their Internet access through a high security, high redundancy gateway which checks and filters everything five ways from Sunday. Multiple AV scanners, web proxy with everything scanned at the front end of the gateway. the more Internet usage the more time taken to open each page on the system and scan it before sending it off to the actual user inside the system. So number of users has a direct impact on access speed as the choke is NOT the connection but the scanning systems. In one Department they tried an everyone can hit the net system and found access speeds for those using the net for work dropped to one hundredth of the restricted access. the cost of tripling the appliances used to check the web pages was prohibitive, so they cut back to need for use access only. Very few government employees need to access the general Internet for their daily work. The corporate web site served internally, yes, the corporate data systems served internally yes, general Internet, no. So why have the added operating costs involved in allowing it. All government organisations track everything going through the gateway. Especially high profile organisations like Foreign Affairs, Defence, Immigration, etc. As an example - in Immigration some investigators need web access, but the accounts clerks don't, nor do those processing visas etc.

eurojames
eurojames

yeh there sure is a difference - i've worked on both sides and pretty much did nothing but look at the internet as a contractor. all about using up budgets..

eurojames
eurojames

fair enough on saving cash. however, sounds like a ridiculous costing out system to bill departments for intenet connection though. \its not like traffic is generated just because you potentially can access the internet is it now. are these 'divisions' you talk of road sweepers and gardeners by any chance..

NickNielsen
NickNielsen

I worked for government for almost 30 years before moving into private industry. What Ernest describes is closer to the norm than what you appear to expect. As for who doesn't have internet, at the last agency I worked for, only two (out of seven) divisions required web access on a daily basis. Those were the only two divisions in which a significant number of workers had web access. In the other divisions, web access was granted on a case-by-case basis; one division has [u]zero[/u] users with web access; that includes the division director. I've stayed in touch with a few people there and the situation has not changed significantly since I left. Why? The state general services charges each agency for internet access on a per-connection basis; limiting the number of connections saves the agency money. I don't know about you, but I like the idea of government spending less money!

Deadly Ernest
Deadly Ernest

worked in both private enterprise and public sector. The big companies I've worked for operated the same as the government organisations. The few time when I worked for small to medium business was it any different. Another thing, a contractor is NOT always working in the same conditions as an employee. It's only in recent years I've been a contractor as against an employee.

eurojames
eurojames

jeez Ernest, I've heard of places that scan mail - but i just assumed that you would work on the international side of the airport! still maintain that where ever you have been working is not the 'norm' mate. i have it in my contract that personal emailing is OK (within reason), and get stuff delivered to work all the time. I'd maintain thats the norm as most places i've been stationed that would be regular. p.s. who doesn't have internet connections?! kids on the cashier i'd wager

Deadly Ernest
Deadly Ernest

common in the various government organisations I've worked for at local, state, and federal. The snail mail goes to a mail room where they open EVERYTHING after it's been through the scanner. Staff are told at time of employment the office mail is for the office mail - end of story. Most never even read the envelope beyond confirming the address for the agency PO box. If they see by the address it's not for the agency, then it goes back to the PO unopened. Staff time is NOT wasted handling it. For emails and data storage, it's all for work and work only. Heck, some agencies the general staff don't even have web access as it's not needed for their work.

eurojames
eurojames

of course i am the admin so we get different rules to follow..

eurojames
eurojames

I dump a ton of home stuff on the network storage sans to backup. much easier than burning disks or backing up to some cloud or external hard disks (which you need a minimum of 2 of to actually have some peace of mind). stupid LAN/storage admins they'll never know.

eurojames
eurojames

i would try and prove my age - but then mum said never to get into that kinda of discussion with strangers online!

NickNielsen
NickNielsen

You provide information to negate the suspicion that you're 15 and sitting in your parents' basement.

eurojames
eurojames

i find it best to keep my bio like my rap sheet, and my CV - clean and empty. less questions that way. on another note - is by completing ones bio ensure the 'class divide' is kept well and strong i wonder.

NickNielsen
NickNielsen

I leave the room, building, city, and state. And I should take you seriously because? According to your bio, you've never done anything. :)

eurojames
eurojames

hahaa classic stuff. you mean you can leave your chair as well? i once had a guy wanting to webex me from a different building. The building was across the road (literally)

NickNielsen
NickNielsen

I'm a tech. Since I can walk, chew gum, and turn a screwdriver, they said I was overqualified to be an admin.

eurojames
eurojames

/.. Is that determination subject to legal restraints or can the mail admin decide that 2% of emails from non-business addresses is excessive and start checking things out? ../ since when can email admins go through peoples mail? I'd say never without approval /authority unless they don't like their job. Additionally - what email admins has time to monitor personal versus work email - sheesh you must have plenty of time on your hands.

Editor's Picks