Question

Locked

Legality of H.R. mailbox monitoring?

By nogov ·
Have a question for all the IT veterans on here:
The Owner of the company I work for recently asked via my manager if he could be given a way to view the entire inbox of the employee in charge of Human Resources, without her knowing. I told him yes and setup through our domain/exchange the permissions so he could add her mailbox to his outlook. Recently, very "out of the blue" this HR employee asked if I had done anything to her email, to which I replied "no", as I was sworn to secrecy by my manager and the guy signing the checks.... so the questions:

1. Is anything I did illegal since she is in charge of H.R.? I assume not since a corporate mailbox should be treated as if it is being monitored anyway, especially if it is H.R. related email.
2. Is there any way for the H.R. employee to somehow figure out her mailbox had been modified? I figure no, unless for some reason the company Owner somehow sent an email using her mailbox or somehow let on that he could read her email in conversation, etc.

Thanks guys!

Edit - Thanks everyone for your replies so far. I've read them all and am going to gingerly approach the topic with my manager soon, hopefully I'll be able to just remove the outlook permissions and find a better tool through google for monitoring. Although I won't do a thing without written authorization :) Thanks again!

This conversation is currently closed to new comments.

22 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +
Collapse -

Reponse To Answer

by Charles Bundy In reply to Too late, you are already ...

We don't know why the owner would require secrecy thus calling them a weasel is unwarranted. Unfortunately this is a damned if you do/don't situation. Don't you think a bulls-eye would have been painted as soon as you ask for written orders? Which may mean it's time to start looking for another company if the reason for monitoring is petty, but not due to being culpable...

Collapse -

Reponse To Answer

by nogov In reply to Too late, you are already ...

Fortunately/unfortunately I specifically said, "I don't want to know why the owner wants this but I will give him access." I've tried to limit my knowledge of the whole thing as much as possible.

Collapse -

Not so fast...

by mperata In reply to Legality of H.R. mailbox ...

...the H.R. Manager is privy to sensitive confidential employee information that even the ownership of the organization has to have a legitimate reason to know.

Employee information can be covered by employment agreements, collective bargaining agreements, state and federal labor, HIPAA and ERISA laws and regulations.

I think you have exposed yourself, and your boss, to some tricky stuff that needs to be sorted out now!

Collapse -

Reponse To Answer

by Charles Bundy In reply to Not so fast...

Refer to my previous post. The owner of the company has as much right as the H.R. Manager to review any and all of the above. It is when they take action on info gleaned from said e-mail audit that the proverbial excrement can hit the fan w/o a clearly delineated policy in place.

So long as the OP isn't the one reviewing and taking action on said info they wouldn't be culpable for actions the owner of the company might take.

Collapse -

Reponse To Answer

by nogov In reply to Not so fast...

Let's hope you are right, Charles. No action taken that I know of so far.

Collapse -

Do you work in the EU?

by jsargent In reply to Legality of H.R. mailbox ...

If you work in the EU then it is illegal to read other people's email without them knowing and without them knowing the purpose to which you have access. If you are in the US then it is perfectly legal. In all other countries you have to take each country on a case by case basis.

Collapse -

Reponse To Answer

by nogov In reply to Do you work in the EU?

We're in the U.S. Thanks.

Collapse -

IT department not a police force

by mjd420nova In reply to Legality of H.R. mailbox ...

If any person wishes to view any others E-mail, that takes a court order. Many IT departments monitor network usage and know who surfs instead of working and most companies have very strict policies covering what is not allowed and termination is usually the result of violation. A manager has no right to look at anyones e-mail but could ask HR to look into any abnormalities.

Collapse -

Reponse To Answer

by Charles Bundy In reply to IT department not a polic ...

I agree with your title and often told users the same. However the law is not on your side wrt review of company e-mail by company officers.

Collapse -

Reponse To Answer

by LCH-IT In reply to IT department not a polic ...

True, IT is not a police force, but if you look closely at the HIPAA Security Rule it says the HIPAA Security Officer is a Law Enforcement Officer. The HIPAA Security Office is often an IT person. Our policies clearly state that employees have no expectation of privacy and that ALL electronic communications can and will be monitored.

Back to Software Forum
22 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next

Related Discussions

Related Forums