A European court recently ruled that companies must tell employees if their work email accounts are monitored. Eight out of 12 tech leaders have a monitoring policy in place.
In September, the European Court of Human Rights ruled that companies must inform employees in advance if their work email accounts are going to be monitored. Further, such monitoring must not infringe upon workers' privacy, the court ruled.
The US has no such law, according to Privacy Rights Clearinghouse. "If an email system is used at a company, the employer owns it and is allowed to review its contents," the group's website states. "Messages sent within the company as well as those that are sent from your terminal to another company or from another company to you can be subject to monitoring by your employer. This may include Internet-based email accounts such as Gmail and Yahoo as well as instant messages."
Employees should assume that their work email is being monitored and is not private, according to Privacy Rights Clearinghouse.
We surveyed the TechRepublic CIO Jury panel about email monitoring at their companies. When asked, "Does your company have a policy allowing it to monitor employee emails?" eight tech leaders said yes, while four said no.
"Our IT Policy and Procedure for system access clearly states that email belongs to the organization and may be monitored if authorized by our CEO," said Lance Taylor-Warren, CIO of Community Health Alliance.
SEE: Internet and Email usage policy (Tech Pro Research)
VectorCSP also has a policy on the books. "Corporate data belongs to the company, and any data that could be used in legal action has to be available," said director of IT services David Wilson.
Jeff Kopp, technology coordinator of Christ the King Catholic School, also has an email monitoring policy in place. "Since we are a school, users have no expectation of privacy on any system or application," Kopp said. "All users sign our user agreement that discloses this. We also alert every user at logon, via a popup box, about our monitoring policy and no expectation of privacy."
However, interestingly, Chuck Elliott, vice president of IT and CIO of Concord University, said the school has no monitoring policy for the same reason. "We are a state-supported institution, and as state employees, we are told there is no expectation of privacy on state-owned systems," Elliott said.
That said, the Concord University IT department also does not have the human resource necessary to conduct any kind of monitoring, Elliott added. "We do respond to legal requests for discovery communicated via warrants and court-orders, and these tend to be rare," he said. "I can't speak for higher education, but my experience is that most public colleges and universities operate similarly. If we were to begin an e-mail monitoring initiative it is my opinion we would be ethically bound to notify every individual that would be monitored."
This month's CIO Jury included:
- Chuck Elliott, vice president of IT and CIO, Concord University
- Mike McGavock, CIO, NeoHealth
- Lance Taylor-Warren, CIO, Community Health Alliance
- Mike S. Ferris, global IT director of infrastructure, Lincoln Electric
- Jeff Kopp, technology coordinator, Christ the King Catholic School
- Mark Johns, former director of application systems design and development, Health Partners Plan
- Simon Johns, IT director, Sheppard Robson Architects LLC
- Shane Milam, executive director of technology infrastructure services, Mercer University
- Inder Davalur, group CIO, KIMS Hospitals Private Limited
- Corey Peissig, vice president of technical operations, Optimal Blue
- Gene Richardson, COO, Experts Exchange
- David Wilson, director of IT services, VectorCSP
Want to be part of TechRepublic's CIO Jury and have your say on the top issues for IT decision makers? If you are a CIO, CTO, IT director, or equivalent at a large or small company, working in the private sector or in government, and you want to join TechRepublic's CIO Jury pool, click the Contact link below or email alison dot denisco at cbsinteractive dot com, and send your name, title, company, location, and email address.
- Why your company needs clear security policies: A cautionary tale (TechRepublic)
- Visibrain launches monitoring platform for brand reputation management (ZDNet)
- 10 time-saving tips for speeding your work in Outlook (TechRepublic)
- Information Security Management Fundamentals (TechRepublic Academy)
- Electronic Communications Policy (Tech Pro Research)