Questions

Legality of H.R. mailbox monitoring?

+
0 Votes
Locked

Legality of H.R. mailbox monitoring?

nogov
Have a question for all the IT veterans on here:
The Owner of the company I work for recently asked via my manager if he could be given a way to view the entire inbox of the employee in charge of Human Resources, without her knowing. I told him yes and setup through our domain/exchange the permissions so he could add her mailbox to his outlook. Recently, very "out of the blue" this HR employee asked if I had done anything to her email, to which I replied "no", as I was sworn to secrecy by my manager and the guy signing the checks.... so the questions:

1. Is anything I did illegal since she is in charge of H.R.? I assume not since a corporate mailbox should be treated as if it is being monitored anyway, especially if it is H.R. related email.
2. Is there any way for the H.R. employee to somehow figure out her mailbox had been modified? I figure no, unless for some reason the company Owner somehow sent an email using her mailbox or somehow let on that he could read her email in conversation, etc.

Thanks guys!

Edit - Thanks everyone for your replies so far. I've read them all and am going to gingerly approach the topic with my manager soon, hopefully I'll be able to just remove the outlook permissions and find a better tool through google for monitoring. Although I won't do a thing without written authorization :) Thanks again!
Clarifications Clarifications
+
0 Votes
Charles Bundy
Collapse -

We don't know why the owner would require secrecy thus calling them a weasel is unwarranted. Unfortunately this is a damned if you do/don't situation. Don't you think a bulls-eye would have been painted as soon as you ask for written orders? Which may mean it's time to start looking for another company if the reason for monitoring is petty, but not due to being culpable...

+
0 Votes
nogov
Collapse -

Fortunately/unfortunately I specifically said, "I don't want to know why the owner wants this but I will give him access." I've tried to limit my knowledge of the whole thing as much as possible.

+
0 Votes
mperata
Collapse -

...the H.R. Manager is privy to sensitive confidential employee information that even the ownership of the organization has to have a legitimate reason to know.

Employee information can be covered by employment agreements, collective bargaining agreements, state and federal labor, HIPAA and ERISA laws and regulations.

I think you have exposed yourself, and your boss, to some tricky stuff that needs to be sorted out now!

+
0 Votes
Charles Bundy
Collapse -

Refer to my previous post. The owner of the company has as much right as the H.R. Manager to review any and all of the above. It is when they take action on info gleaned from said e-mail audit that the proverbial excrement can hit the fan w/o a clearly delineated policy in place.

So long as the OP isn't the one reviewing and taking action on said info they wouldn't be culpable for actions the owner of the company might take.

+
0 Votes
nogov
Collapse -

Let's hope you are right, Charles. No action taken that I know of so far.

+
1 Votes
jsargent
Collapse -

If you work in the EU then it is illegal to read other people's email without them knowing and without them knowing the purpose to which you have access. If you are in the US then it is perfectly legal. In all other countries you have to take each country on a case by case basis.

+
0 Votes
nogov
Collapse -

We're in the U.S. Thanks.

+
0 Votes
mjd420nova
Collapse -

If any person wishes to view any others E-mail, that takes a court order. Many IT departments monitor network usage and know who surfs instead of working and most companies have very strict policies covering what is not allowed and termination is usually the result of violation. A manager has no right to look at anyones e-mail but could ask HR to look into any abnormalities.

+
0 Votes
Charles Bundy
Collapse -

I agree with your title and often told users the same. However the law is not on your side wrt review of company e-mail by company officers.

+
0 Votes
LCH-IT
Collapse -

True, IT is not a police force, but if you look closely at the HIPAA Security Rule it says the HIPAA Security Officer is a Law Enforcement Officer. The HIPAA Security Office is often an IT person. Our policies clearly state that employees have no expectation of privacy and that ALL electronic communications can and will be monitored.