Questions

Legality of H.R. mailbox monitoring?

Tags:
+
0 Votes

Legality of H.R. mailbox monitoring?

nogov
Have a question for all the IT veterans on here:
The Owner of the company I work for recently asked via my manager if he could be given a way to view the entire inbox of the employee in charge of Human Resources, without her knowing. I told him yes and setup through our domain/exchange the permissions so he could add her mailbox to his outlook. Recently, very "out of the blue" this HR employee asked if I had done anything to her email, to which I replied "no", as I was sworn to secrecy by my manager and the guy signing the checks.... so the questions:

1. Is anything I did illegal since she is in charge of H.R.? I assume not since a corporate mailbox should be treated as if it is being monitored anyway, especially if it is H.R. related email.
2. Is there any way for the H.R. employee to somehow figure out her mailbox had been modified? I figure no, unless for some reason the company Owner somehow sent an email using her mailbox or somehow let on that he could read her email in conversation, etc.

Thanks guys!

Edit - Thanks everyone for your replies so far. I've read them all and am going to gingerly approach the topic with my manager soon, hopefully I'll be able to just remove the outlook permissions and find a better tool through google for monitoring. Although I won't do a thing without written authorization :) Thanks again!

Member Answers

    • +
      4 Votes
      wizard57m-cnet Moderator

      that gave you permission to monitor the employee in question? If not, then you should do so NOW! Without that, then you could end up being the scapegoat for possible retributions.
      edit to add:
      Of course, IF (a big if) it is a written company policy that employee communications can be monitored, you may be on safe ground. Still, I would ask for written authorization.

      +
      0 Votes
      nogov

      No, I went back to my IT manager and expressed my concerns and he insisted that I have done nothing wrong, but nothing in writing from him or the company owner. We do expressly say in our employee handbook and in the login messages that all communications may be monitored without notice for any reason. The typical boiler-plate stuff.

      +
      2 Votes
      PurpleSkys Moderator

      ethical and moral...companies may consider the HR inbox company property hence, any and/or all email may be company property. If the HR manager is using company property for personal use, it can be an issue.

      Can an employee tell? If something were possibly deleted or removed from their inbox, quite likely. Sometimes it's just a matter of something being opened when it hadn't been before or the contents of something not being the same as before.

      I would still do as Wiz suggested; it covers your butt should someone start asking questions.

      +
      0 Votes
      nogov

      You have a very good point about read/unread messages in the inbox I stupidly had not thought of that.

      +
      0 Votes
      Charles Bundy

      under certain circumstances. But as wizard said if there is no policy informing employees that the company can (but is not obliged) to monitor e-mails actions taken may open up the owner (and yourself) to civil privacy suits.

      +
      1 Votes
      robo_dev

      The main thing is to never open an unopened email, or you flip the read-bit, and the person notices that. I have been 'found out' once and it was not pretty.

      In Outlook, for example, if you just click on an email, it shows that it has been read, and if it's Monday morning and random marketing messages sent on Sunday have already been read, something is up.

      Or worse, if the sender has receipt confirmation turned on, then there is an email sent from the suspect to whoever sent the original email if it's opened. Outlook prompts you for this, but I think Notes does not.

      There is nothing illegal about this...if you work for a company, anything that happens on the company computers is fair game.

      Read your employment policy very carefully; most of them say you have no right to privacy.

      The most important thing is to CYA and maintain evidence that you were acting in your official capacity and doing what the boss asked you to do.

      If, by chance, the HR lady got fired or prosecuted for something, you want her suing the company, not you.

      +
      0 Votes
      OH Smeg

      And in the event of any Legal Action buy allowing others to have direct access to the Mail Box you have broken the Chain of Evidence and have what the courts will rule as Effectively destroying or at best making any Evidence that you want to rely upon as Unusable as you can not guarantee that the person who was supposed to get/send the E Mail actually did it and not the person who you gave access to.

      Col

      +
      1 Votes
      richardreynoldsus

      I would Never use outlook to do the spying, using other software( google is your friend ) you can download without marking it read, you can have a downloaded copy for later, return receipts are ignored, and more importantly, if its not outlook the bossman wont unintentionally send from the wrong account. KISS, is not just for IT!!!

      +
      0 Votes
      nogov

      Googling :)

      +
      1 Votes
      fredden

      You can try and ask the boss for written authorisation after the fact, but the moment you do, he will realise there is an ***-covering issue and will hedge instead. Timing is everything, should have got the audit trail beforehand! And if he is the kind of weasel who needs to go to this level rather than dealing with the issue directly, then its odds-on he will be happy to stitch you up.

      +
      0 Votes
      Charles Bundy

      We don't know why the owner would require secrecy thus calling them a weasel is unwarranted. Unfortunately this is a damned if you do/don't situation. Don't you think a bulls-eye would have been painted as soon as you ask for written orders? Which may mean it's time to start looking for another company if the reason for monitoring is petty, but not due to being culpable...

      +
      0 Votes
      nogov

      Fortunately/unfortunately I specifically said, "I don't want to know why the owner wants this but I will give him access." I've tried to limit my knowledge of the whole thing as much as possible.

      +
      0 Votes
      mperata

      ...the H.R. Manager is privy to sensitive confidential employee information that even the ownership of the organization has to have a legitimate reason to know.

      Employee information can be covered by employment agreements, collective bargaining agreements, state and federal labor, HIPAA and ERISA laws and regulations.

      I think you have exposed yourself, and your boss, to some tricky stuff that needs to be sorted out now!

      +
      0 Votes
      Charles Bundy

      Refer to my previous post. The owner of the company has as much right as the H.R. Manager to review any and all of the above. It is when they take action on info gleaned from said e-mail audit that the proverbial excrement can hit the fan w/o a clearly delineated policy in place.

      So long as the OP isn't the one reviewing and taking action on said info they wouldn't be culpable for actions the owner of the company might take.

      +
      0 Votes
      nogov

      Let's hope you are right, Charles. No action taken that I know of so far.

      +
      1 Votes
      jsargent

      If you work in the EU then it is illegal to read other people's email without them knowing and without them knowing the purpose to which you have access. If you are in the US then it is perfectly legal. In all other countries you have to take each country on a case by case basis.

      +
      0 Votes
      nogov

      We're in the U.S. Thanks.

      +
      0 Votes
      mjd420nova

      If any person wishes to view any others E-mail, that takes a court order. Many IT departments monitor network usage and know who surfs instead of working and most companies have very strict policies covering what is not allowed and termination is usually the result of violation. A manager has no right to look at anyones e-mail but could ask HR to look into any abnormalities.

      +
      0 Votes
      Charles Bundy

      I agree with your title and often told users the same. However the law is not on your side wrt review of company e-mail by company officers.

      +
      0 Votes
      LCH-IT

      True, IT is not a police force, but if you look closely at the HIPAA Security Rule it says the HIPAA Security Officer is a Law Enforcement Officer. The HIPAA Security Office is often an IT person. Our policies clearly state that employees have no expectation of privacy and that ALL electronic communications can and will be monitored.

      +
      0 Votes
      RB1955

      Whatever the motivations of your company's management, the person now being monitored now knows or suspects they are being monitored. I used to work at a facility where every email was monitored by my former manager, and he was NOT a nice person (I am glad to be out of there too!!). I found out because he would put a physical privacy screen on his monitor so unless you were directly looking over his shoulder, you would not see anything. When he was finished with his *review*, he would take off the privacy filter/screen. I know he read emails I'd sent because he would gauge the length, tone, and content-brevity of the messages to determine when he could unload more of his work onto my co-workers and me. I know this because he slipped up one day and said my predecessor had never done the day-to-day things that the manager kept piling onto me. It got to the point that I was needing over 60 hours/week just to keep up with the work load (all of mine, and a large portion of his), while he suddenly had time for leaving work early (and often!), taking a large number of work breaks, taking 2 lunch breaks 3 or 4 days per week, etc. He was basically retiring on-the-job. And he covered most of his activities by deflection & misdirection, i.e., he would deflect performance criticism of the department by pointing at his overloaded-by-him employees as being under-performers; which is also his misdirection method. The question no one seemed to figure out was that he was the person who was perpetually hiring the so-called under-performers.
      Somehow he had the IT dept automatically bcc all incoming and outgoing messages to a special folder in his email client. That way he could read the emails without my co-workers or me being the wiser. I figured it out by planting certain ideas in a few outgoing emails, and then he would take the idea and claim it as his own. I verified this three times until I was convinced he was snooping. A few unsuspecting co-workers had also told me that an idea (s) they were thinking of were suddenly being implemented by the manager... so he looked like he was a genius, but in reality he was just a thief.
      This might be the mistake your company made... they read and acted on the monitored employee's email. My advice is to _always_ get the request in writing strictly for CYA purposes. Otherwise, if a legal action occurs, you won't be left twisting in the wind.

      +
      2 Votes
      PurpleSkys Moderator

      ethical and moral...companies may consider the HR inbox company property hence, any and/or all email may be company property. If the HR manager is using company property for personal use, it can be an issue.

      Can an employee tell? If something were possibly deleted or removed from their inbox, quite likely. Sometimes it's just a matter of something being opened when it hadn't been before or the contents of something not being the same as before.

      I would still do as Wiz suggested; it covers your butt should someone start asking questions.

      +
      0 Votes
      Charles Bundy

      under certain circumstances. But as wizard said if there is no policy informing employees that the company can (but is not obliged) to monitor e-mails actions taken may open up the owner (and yourself) to civil privacy suits.

      +
      1 Votes
      robo_dev

      The main thing is to never open an unopened email, or you flip the read-bit, and the person notices that. I have been 'found out' once and it was not pretty.

      In Outlook, for example, if you just click on an email, it shows that it has been read, and if it's Monday morning and random marketing messages sent on Sunday have already been read, something is up.

      Or worse, if the sender has receipt confirmation turned on, then there is an email sent from the suspect to whoever sent the original email if it's opened. Outlook prompts you for this, but I think Notes does not.

      There is nothing illegal about this...if you work for a company, anything that happens on the company computers is fair game.

      Read your employment policy very carefully; most of them say you have no right to privacy.

      The most important thing is to CYA and maintain evidence that you were acting in your official capacity and doing what the boss asked you to do.

      If, by chance, the HR lady got fired or prosecuted for something, you want her suing the company, not you.

      +
      1 Votes
      richardreynoldsus

      I would Never use outlook to do the spying, using other software( google is your friend ) you can download without marking it read, you can have a downloaded copy for later, return receipts are ignored, and more importantly, if its not outlook the bossman wont unintentionally send from the wrong account. KISS, is not just for IT!!!

      +
      1 Votes
      fredden

      You can try and ask the boss for written authorisation after the fact, but the moment you do, he will realise there is an ***-covering issue and will hedge instead. Timing is everything, should have got the audit trail beforehand! And if he is the kind of weasel who needs to go to this level rather than dealing with the issue directly, then its odds-on he will be happy to stitch you up.

      +
      0 Votes
      mperata

      ...the H.R. Manager is privy to sensitive confidential employee information that even the ownership of the organization has to have a legitimate reason to know.

      Employee information can be covered by employment agreements, collective bargaining agreements, state and federal labor, HIPAA and ERISA laws and regulations.

      I think you have exposed yourself, and your boss, to some tricky stuff that needs to be sorted out now!

      +
      1 Votes
      jsargent

      If you work in the EU then it is illegal to read other people's email without them knowing and without them knowing the purpose to which you have access. If you are in the US then it is perfectly legal. In all other countries you have to take each country on a case by case basis.

      +
      0 Votes
      mjd420nova

      If any person wishes to view any others E-mail, that takes a court order. Many IT departments monitor network usage and know who surfs instead of working and most companies have very strict policies covering what is not allowed and termination is usually the result of violation. A manager has no right to look at anyones e-mail but could ask HR to look into any abnormalities.

      +
      0 Votes
      RB1955

      Whatever the motivations of your company's management, the person now being monitored now knows or suspects they are being monitored. I used to work at a facility where every email was monitored by my former manager, and he was NOT a nice person (I am glad to be out of there too!!). I found out because he would put a physical privacy screen on his monitor so unless you were directly looking over his shoulder, you would not see anything. When he was finished with his *review*, he would take off the privacy filter/screen. I know he read emails I'd sent because he would gauge the length, tone, and content-brevity of the messages to determine when he could unload more of his work onto my co-workers and me. I know this because he slipped up one day and said my predecessor had never done the day-to-day things that the manager kept piling onto me. It got to the point that I was needing over 60 hours/week just to keep up with the work load (all of mine, and a large portion of his), while he suddenly had time for leaving work early (and often!), taking a large number of work breaks, taking 2 lunch breaks 3 or 4 days per week, etc. He was basically retiring on-the-job. And he covered most of his activities by deflection & misdirection, i.e., he would deflect performance criticism of the department by pointing at his overloaded-by-him employees as being under-performers; which is also his misdirection method. The question no one seemed to figure out was that he was the person who was perpetually hiring the so-called under-performers.
      Somehow he had the IT dept automatically bcc all incoming and outgoing messages to a special folder in his email client. That way he could read the emails without my co-workers or me being the wiser. I figured it out by planting certain ideas in a few outgoing emails, and then he would take the idea and claim it as his own. I verified this three times until I was convinced he was snooping. A few unsuspecting co-workers had also told me that an idea (s) they were thinking of were suddenly being implemented by the manager... so he looked like he was a genius, but in reality he was just a thief.
      This might be the mistake your company made... they read and acted on the monitored employee's email. My advice is to _always_ get the request in writing strictly for CYA purposes. Otherwise, if a legal action occurs, you won't be left twisting in the wind.

    • +
      4 Votes
      wizard57m-cnet Moderator

      that gave you permission to monitor the employee in question? If not, then you should do so NOW! Without that, then you could end up being the scapegoat for possible retributions.
      edit to add:
      Of course, IF (a big if) it is a written company policy that employee communications can be monitored, you may be on safe ground. Still, I would ask for written authorization.

      +
      0 Votes
      nogov

      No, I went back to my IT manager and expressed my concerns and he insisted that I have done nothing wrong, but nothing in writing from him or the company owner. We do expressly say in our employee handbook and in the login messages that all communications may be monitored without notice for any reason. The typical boiler-plate stuff.

      +
      2 Votes
      PurpleSkys Moderator

      ethical and moral...companies may consider the HR inbox company property hence, any and/or all email may be company property. If the HR manager is using company property for personal use, it can be an issue.

      Can an employee tell? If something were possibly deleted or removed from their inbox, quite likely. Sometimes it's just a matter of something being opened when it hadn't been before or the contents of something not being the same as before.

      I would still do as Wiz suggested; it covers your butt should someone start asking questions.

      +
      0 Votes
      nogov

      You have a very good point about read/unread messages in the inbox I stupidly had not thought of that.

      +
      0 Votes
      Charles Bundy

      under certain circumstances. But as wizard said if there is no policy informing employees that the company can (but is not obliged) to monitor e-mails actions taken may open up the owner (and yourself) to civil privacy suits.

      +
      1 Votes
      robo_dev

      The main thing is to never open an unopened email, or you flip the read-bit, and the person notices that. I have been 'found out' once and it was not pretty.

      In Outlook, for example, if you just click on an email, it shows that it has been read, and if it's Monday morning and random marketing messages sent on Sunday have already been read, something is up.

      Or worse, if the sender has receipt confirmation turned on, then there is an email sent from the suspect to whoever sent the original email if it's opened. Outlook prompts you for this, but I think Notes does not.

      There is nothing illegal about this...if you work for a company, anything that happens on the company computers is fair game.

      Read your employment policy very carefully; most of them say you have no right to privacy.

      The most important thing is to CYA and maintain evidence that you were acting in your official capacity and doing what the boss asked you to do.

      If, by chance, the HR lady got fired or prosecuted for something, you want her suing the company, not you.

      +
      0 Votes
      OH Smeg

      And in the event of any Legal Action buy allowing others to have direct access to the Mail Box you have broken the Chain of Evidence and have what the courts will rule as Effectively destroying or at best making any Evidence that you want to rely upon as Unusable as you can not guarantee that the person who was supposed to get/send the E Mail actually did it and not the person who you gave access to.

      Col

      +
      1 Votes
      richardreynoldsus

      I would Never use outlook to do the spying, using other software( google is your friend ) you can download without marking it read, you can have a downloaded copy for later, return receipts are ignored, and more importantly, if its not outlook the bossman wont unintentionally send from the wrong account. KISS, is not just for IT!!!

      +
      0 Votes
      nogov

      Googling :)

      +
      1 Votes
      fredden

      You can try and ask the boss for written authorisation after the fact, but the moment you do, he will realise there is an ***-covering issue and will hedge instead. Timing is everything, should have got the audit trail beforehand! And if he is the kind of weasel who needs to go to this level rather than dealing with the issue directly, then its odds-on he will be happy to stitch you up.

      +
      0 Votes
      Charles Bundy

      We don't know why the owner would require secrecy thus calling them a weasel is unwarranted. Unfortunately this is a damned if you do/don't situation. Don't you think a bulls-eye would have been painted as soon as you ask for written orders? Which may mean it's time to start looking for another company if the reason for monitoring is petty, but not due to being culpable...

      +
      0 Votes
      nogov

      Fortunately/unfortunately I specifically said, "I don't want to know why the owner wants this but I will give him access." I've tried to limit my knowledge of the whole thing as much as possible.

      +
      0 Votes
      mperata

      ...the H.R. Manager is privy to sensitive confidential employee information that even the ownership of the organization has to have a legitimate reason to know.

      Employee information can be covered by employment agreements, collective bargaining agreements, state and federal labor, HIPAA and ERISA laws and regulations.

      I think you have exposed yourself, and your boss, to some tricky stuff that needs to be sorted out now!

      +
      0 Votes
      Charles Bundy

      Refer to my previous post. The owner of the company has as much right as the H.R. Manager to review any and all of the above. It is when they take action on info gleaned from said e-mail audit that the proverbial excrement can hit the fan w/o a clearly delineated policy in place.

      So long as the OP isn't the one reviewing and taking action on said info they wouldn't be culpable for actions the owner of the company might take.

      +
      0 Votes
      nogov

      Let's hope you are right, Charles. No action taken that I know of so far.

      +
      1 Votes
      jsargent

      If you work in the EU then it is illegal to read other people's email without them knowing and without them knowing the purpose to which you have access. If you are in the US then it is perfectly legal. In all other countries you have to take each country on a case by case basis.

      +
      0 Votes
      nogov

      We're in the U.S. Thanks.

      +
      0 Votes
      mjd420nova

      If any person wishes to view any others E-mail, that takes a court order. Many IT departments monitor network usage and know who surfs instead of working and most companies have very strict policies covering what is not allowed and termination is usually the result of violation. A manager has no right to look at anyones e-mail but could ask HR to look into any abnormalities.

      +
      0 Votes
      Charles Bundy

      I agree with your title and often told users the same. However the law is not on your side wrt review of company e-mail by company officers.

      +
      0 Votes
      LCH-IT

      True, IT is not a police force, but if you look closely at the HIPAA Security Rule it says the HIPAA Security Officer is a Law Enforcement Officer. The HIPAA Security Office is often an IT person. Our policies clearly state that employees have no expectation of privacy and that ALL electronic communications can and will be monitored.

      +
      0 Votes
      RB1955

      Whatever the motivations of your company's management, the person now being monitored now knows or suspects they are being monitored. I used to work at a facility where every email was monitored by my former manager, and he was NOT a nice person (I am glad to be out of there too!!). I found out because he would put a physical privacy screen on his monitor so unless you were directly looking over his shoulder, you would not see anything. When he was finished with his *review*, he would take off the privacy filter/screen. I know he read emails I'd sent because he would gauge the length, tone, and content-brevity of the messages to determine when he could unload more of his work onto my co-workers and me. I know this because he slipped up one day and said my predecessor had never done the day-to-day things that the manager kept piling onto me. It got to the point that I was needing over 60 hours/week just to keep up with the work load (all of mine, and a large portion of his), while he suddenly had time for leaving work early (and often!), taking a large number of work breaks, taking 2 lunch breaks 3 or 4 days per week, etc. He was basically retiring on-the-job. And he covered most of his activities by deflection & misdirection, i.e., he would deflect performance criticism of the department by pointing at his overloaded-by-him employees as being under-performers; which is also his misdirection method. The question no one seemed to figure out was that he was the person who was perpetually hiring the so-called under-performers.
      Somehow he had the IT dept automatically bcc all incoming and outgoing messages to a special folder in his email client. That way he could read the emails without my co-workers or me being the wiser. I figured it out by planting certain ideas in a few outgoing emails, and then he would take the idea and claim it as his own. I verified this three times until I was convinced he was snooping. A few unsuspecting co-workers had also told me that an idea (s) they were thinking of were suddenly being implemented by the manager... so he looked like he was a genius, but in reality he was just a thief.
      This might be the mistake your company made... they read and acted on the monitored employee's email. My advice is to _always_ get the request in writing strictly for CYA purposes. Otherwise, if a legal action occurs, you won't be left twisting in the wind.

      +
      2 Votes
      PurpleSkys Moderator

      ethical and moral...companies may consider the HR inbox company property hence, any and/or all email may be company property. If the HR manager is using company property for personal use, it can be an issue.

      Can an employee tell? If something were possibly deleted or removed from their inbox, quite likely. Sometimes it's just a matter of something being opened when it hadn't been before or the contents of something not being the same as before.

      I would still do as Wiz suggested; it covers your butt should someone start asking questions.

      +
      0 Votes
      Charles Bundy

      under certain circumstances. But as wizard said if there is no policy informing employees that the company can (but is not obliged) to monitor e-mails actions taken may open up the owner (and yourself) to civil privacy suits.

      +
      1 Votes
      robo_dev

      The main thing is to never open an unopened email, or you flip the read-bit, and the person notices that. I have been 'found out' once and it was not pretty.

      In Outlook, for example, if you just click on an email, it shows that it has been read, and if it's Monday morning and random marketing messages sent on Sunday have already been read, something is up.

      Or worse, if the sender has receipt confirmation turned on, then there is an email sent from the suspect to whoever sent the original email if it's opened. Outlook prompts you for this, but I think Notes does not.

      There is nothing illegal about this...if you work for a company, anything that happens on the company computers is fair game.

      Read your employment policy very carefully; most of them say you have no right to privacy.

      The most important thing is to CYA and maintain evidence that you were acting in your official capacity and doing what the boss asked you to do.

      If, by chance, the HR lady got fired or prosecuted for something, you want her suing the company, not you.

      +
      1 Votes
      richardreynoldsus

      I would Never use outlook to do the spying, using other software( google is your friend ) you can download without marking it read, you can have a downloaded copy for later, return receipts are ignored, and more importantly, if its not outlook the bossman wont unintentionally send from the wrong account. KISS, is not just for IT!!!

      +
      1 Votes
      fredden

      You can try and ask the boss for written authorisation after the fact, but the moment you do, he will realise there is an ***-covering issue and will hedge instead. Timing is everything, should have got the audit trail beforehand! And if he is the kind of weasel who needs to go to this level rather than dealing with the issue directly, then its odds-on he will be happy to stitch you up.

      +
      0 Votes
      mperata

      ...the H.R. Manager is privy to sensitive confidential employee information that even the ownership of the organization has to have a legitimate reason to know.

      Employee information can be covered by employment agreements, collective bargaining agreements, state and federal labor, HIPAA and ERISA laws and regulations.

      I think you have exposed yourself, and your boss, to some tricky stuff that needs to be sorted out now!

      +
      1 Votes
      jsargent

      If you work in the EU then it is illegal to read other people's email without them knowing and without them knowing the purpose to which you have access. If you are in the US then it is perfectly legal. In all other countries you have to take each country on a case by case basis.

      +
      0 Votes
      mjd420nova

      If any person wishes to view any others E-mail, that takes a court order. Many IT departments monitor network usage and know who surfs instead of working and most companies have very strict policies covering what is not allowed and termination is usually the result of violation. A manager has no right to look at anyones e-mail but could ask HR to look into any abnormalities.

      +
      0 Votes
      RB1955

      Whatever the motivations of your company's management, the person now being monitored now knows or suspects they are being monitored. I used to work at a facility where every email was monitored by my former manager, and he was NOT a nice person (I am glad to be out of there too!!). I found out because he would put a physical privacy screen on his monitor so unless you were directly looking over his shoulder, you would not see anything. When he was finished with his *review*, he would take off the privacy filter/screen. I know he read emails I'd sent because he would gauge the length, tone, and content-brevity of the messages to determine when he could unload more of his work onto my co-workers and me. I know this because he slipped up one day and said my predecessor had never done the day-to-day things that the manager kept piling onto me. It got to the point that I was needing over 60 hours/week just to keep up with the work load (all of mine, and a large portion of his), while he suddenly had time for leaving work early (and often!), taking a large number of work breaks, taking 2 lunch breaks 3 or 4 days per week, etc. He was basically retiring on-the-job. And he covered most of his activities by deflection & misdirection, i.e., he would deflect performance criticism of the department by pointing at his overloaded-by-him employees as being under-performers; which is also his misdirection method. The question no one seemed to figure out was that he was the person who was perpetually hiring the so-called under-performers.
      Somehow he had the IT dept automatically bcc all incoming and outgoing messages to a special folder in his email client. That way he could read the emails without my co-workers or me being the wiser. I figured it out by planting certain ideas in a few outgoing emails, and then he would take the idea and claim it as his own. I verified this three times until I was convinced he was snooping. A few unsuspecting co-workers had also told me that an idea (s) they were thinking of were suddenly being implemented by the manager... so he looked like he was a genius, but in reality he was just a thief.
      This might be the mistake your company made... they read and acted on the monitored employee's email. My advice is to _always_ get the request in writing strictly for CYA purposes. Otherwise, if a legal action occurs, you won't be left twisting in the wind.