General discussion

Locked

It is ethical to look at the users email?

By jgtez ·
Hi, If I'm the manager of the mail server, it is ethical to look at the users email to detect porno or content that can damage the bussines?

TIA

This conversation is currently closed to new comments.

22 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Because you think you should...

by mlayton In reply to It is ethical to look at ...

...does not make it ok. Furthermore, if you are singling out an employee instead of across-the-board monitoring, other issues may arise. Look to HR and Legal to ensure there is a policy in place. If you are a small shop (no HR and Legal) then use SANS and a couple of other online resources, or books to draft a policy, make a case for it with the boss, and have his legal rep look at it and ok and then communicate it to the employees (in some cases, this may involve employees signing that they understand the policy) before doing anything. Anything not OKd by upper management, or done contrary to policies or the governing laws in your area, can get you in hot water.

Collapse -

Fine line between snoop/monitor

by jpenajr In reply to Because you think you sho ...

Do NOT allow yourself to be placed in a situation of being labeled a snoop.

I agree with all that COMPANY Email systems belong to the company and are/is provided for official COMPANY business. ALL contents of the system are COMPANY property. Just as it is proper for the COMPANY to inspect/monitor the use of other COMPANY property, it is reasonable for the COMPANY to inspect/monitor THIS company property just like ALL the other COMPANY property.

But a COMPANY can only DO what is detailed in written policy and, in the absence of specific policy, can only DO what is considered standard practice in the industry (use SANS for instance). If your situation is ambiguous for lack of specific written company policy, write one that meets generally accepted industry standards and get it APPROVED by the Board of Directors or someone else with authority to approve policy.

Then....have all your users understand what is in the policy and sign a document that they DO understand. You will have the opposing view that private Email is private Email. Do NOT agree to this...

My policy states that a reasonable amount of non-company related Email is allowed but that, in spite of this, all content is STILL the property of the company. IN my policy I state/inform that there are MANY companies offering free accounts so that anyone desiring to keep some Email private could use THOSE. I specifically state that it should not be difficult to use the COMPANY provided Email accounts for COMPANY related business and OTHER Email accounts for non-COMPANY related business.

I also agree with the writter that suggests defining WHAT will trigger a review of Email accounts, WHOM will do it, and ETC..... I plan to write that into my policy based on that suggestion.....

The basic idea is to clearly define what the COMPANY expects from users in relation to the Email system, make the users aware, support the COMPANY'S position with written approved policy, and enforce the policy...JUST LIKE ANY OTHER RULE/REGULATION/POLICY that the COMPANY has! If the user/s choose/s to VIOLATE COMPANY POLICY, the COMPANY can take action against the user based on OTHER written policy.

I have chosen to capitalize certain words/pharases for emphasis, but one in particular is, in my opinion, very significant. It is "COMPANY". You must approach this problem PURELY considering what is good and what is bad FOR THE COMPANY. Do NOT allow your personality to "get written" into the policy...you are the tech, "the subject matter expert", so DO write your PROFESSIONAL PREFERENCES in and industry standard practices but nothing else. Protect the COMPANY without being a snoop...

Collapse -

Yes it is!

by atsmar In reply to It is ethical to look at ...

As long as your IT policies state that the company PC's/laptops/PDA's are not the "personal" property of the end-user the end-user should be aware that management has the right to monitor and if necessary, check for inappropriate content and or activities on that device.

I had a situation as IT Manager at a former employer a couple of years ago where a new department supervisor was suspected of a possible defalcation. Due to our proactive IT policies, I went ahead and took control of this individuals e-mail, and tracked the internet activity as well. Subsequently, I was able to prove that this person was indeed conducting activities that aimed to embezzle money out of a customers account. The individual had started planning the mode of escape via the internet and never deleted the e-mail correspondence between himself and his accomplices!

I notified my manager of my findings and was able to provide the FBI investigators with concrete proof of the nefarious activities that were taking place.

The authorities arrested and convicted this person for the crimes committed.

Hope this helps!

Collapse -

"ABSOLUTELY NOT"

by Aaron A Baker In reply to It is ethical to look at ...

Would it be Ethical to check letters meant for employees,regardless of content? Would it be Ethical to look for possible "Ad Content" in every Parcel delivered to your building "Before" it get to Employee or CEO Destination? If the e-Mail was for the CEO would the same Ethics apply?
You See what I'm getting at. Mail is Mail,be it E-mail,Parcel Post,Letters or Whatever and it usually addressed to one individual.Only THAT individual should have the right to open the Mail and read the contents. Reading the E-Mail of others should be considered at the same level as reading a letter addressed to someone else. "IllegaL". Not to mention amoral and invasive. No matter how well intended, it would be and should be considered and invasion of privacy and the reciprocations should be the same. If on the other hand the Employee or Employer comes TO YOU and asks for your help in dealing with unwanted ads, AH!, then it becaomes another matter entirely. Howver the choice must always be with the receipient. Pre-Checking E-Mails should deffinitely be illegal and charges should be pending if such a thing is proven. "What Google is doing RIGHT Now is "DEAD WRONG" and it too should be illegal and they should most defenitely be charged for invasion of Privacy.
Thank You for your attention
AaB

Collapse -

Absolutely dead wrong

by JamesRL In reply to "ABSOLUTELY NOT"

Email sent to your office is conducted over a network cpnnection paid for by your employer. Its is stored on a server paid for by your employer. It is provided so you can do your job. It is not provided for your personal use.

Furthermore, the employer has an obligation to ensure a non-hostile, non-threatening workplace. This includes making sure that offensive material does not enter.

Yes as I have said in the other postings, there have to be rules. Its not carte blanche - everyone is not entitled to see everything. But for those who have in their job description duties around ensuring the smooth operation of the email system, there needs to be some ability to look at email when needed.

What it comes down to is that there is no "right to privacy" from your employer, unless provided in your contract. I do believe that companies should make employees aware that they have no privacy. And this goes for everyone from the CEO to the janitor.

James

Collapse -

I back James on this one, I think you are off.

by TomSal In reply to Absolutely dead wrong

This is really a simple issue. I fail to see why some folks make this out to be complicated..its clear as daylight to me.

If its work related communications -- could be snail mail, email, an IM message, a phone call...that you receive on company time, via company resources (money spent for the Internet bill, postage, printed with company resources, etc. etc.) you forfeit your right to privacy with regards to that communication...UNLESS, as James pointed out...there is some kind of written contract you have pre-arranged with the executive management staff that outlines your rights to privacy on company time, using company equipment/resources, etc.

I've posted this opinion a dozen times in other discussions, but I repeat it only because its factually correct --- in this state for example its LEGAL to read/go through, listen in on any communication an employee has using company resources/equipment on company time...and the employer doesn't even have to warn you about it.

However the catch for the employer is if I use my personal cell phone, for say I need to make an emergency related call to a family member -- the employer's rights get blurred there, and then I technically could file suit if the employer tried to "tap" that phone conversation (because in that case the federal wire tap rules/laws would apply and over-ride the previous rights of the employer).

Keep in mind though, don't get cocky with this info and start making tons of personal calls on your own cell phone...employers aren't that dumb...and while they can't listen in they still have the right to fire you without justification.

(which btw, I think is a crock..I think an employer should be required to state an exact justification when terminating someone, but that's another topic)

As far as ethically, why should you feel unethical -- as long as its part of YOUR JOB POSITION (that's the key), after all someone has to have the job of keeping the interests of the company's communication integrity intact.

If its not your job position, then its not ethical for you to look at the email.

Collapse -

Absolutely incorrect

by HAL 9000 Moderator In reply to "ABSOLUTELY NOT"

As e-mail is now considered Legal tender it is improper for an employee to use company facilities for anything other than their allocated job.

While some people seem to think that they have a right to privacy they do not when the hardware used is not theirs and the expenses are not paid for by them but by another.

A company any company has a "Duty of Care" which they must maintain and if they did not control what arrived through e-mail they could end up in court with extremely large expenses for one persons actions.

Mr X sends Miss Y porn which she finds offensive and adversely affects her ability to work.

Ms J works for a bank and is using the banks computer network to defraud the entire customer base of that bank.

Mr B works for a Government Department and has a dislike for Mr Z so he gathers Mr Z's personal details and makes them public domain by posting them on the Internet.

Mrs A works selling expensive equipment and finds that she can make far more money by passing potential sales onto a competitor who pays her a spotters fee.

Mr G works as a Rocket Scientist and finds that he can make a killing by selling the plans of an ICBM to Al-QAEDA so he e-mails them the constructional details and complete plans for the newest missile.

Those are just a few examples of how a companies hardware can be misused and leaves the company open to Law Suits. The owners of the hardware not only have the right to monitor all correspondence but a duty to do this to protect their employees and their business and depending on what the business actually is a countries security as well.

Col

Collapse -

Did the glue factory stocks flourish when you left?

by Oz_Media In reply to "ABSOLUTELY NOT"

You seem to have the impression that mail coming into your employers organization can be of a personal nature. Your employer OWNS every single piece of mail or correspondence of ANY sort entering and leaving his/her organization. It is NOT yours, NEVER is and NEVER SHOULD BE.

When YOU provide YOUR equipment, pay YOUR property taxes and monthly lease and operate YOUR organization it will become YOUR property.

While you are operating someone ELSE'S business on THIER time, in THIER premises, on THIER equipment, with THIER legal name behind it, YOU are being rented, you HAVE no personal property other than those effects which you have brought with you.

Collapse -

Hmm....

by dwdino In reply to It is ethical to look at ...

Well, to look at users email ... nope. But (big but), IT IS NOT THE USERS EMAIL!

-------------------------------------------------

All communications originating from or destined for your company is a company asset or liability. The employee has been entrusted to perform a task on behalf of and in the interest of said company.

Therefore any and all communications made by said employee is eminent domain of the employer there of. Employee has no rights, neither expressed nor emplied, upon any communications made during company time and upon company equipment.

With this foundation, any and all communications of afore mentioned employee may be subject to monitor, scrutiny, and recourse for any content or method outside excepted company standards.

Employer: _________________________________

Employee: _________________________________

Date: _____________________________________

:)

Collapse -

In other words

by mlandis In reply to Hmm....

If asked, "Is it ethical to use the employers' time, networks and communication facilities for personal use, including but not limited to sending unauthorized communications (via IM,P2P, email, snail mail, interoffice mail/memoranda) with or without proprietary attachments to competitors, who may harm the financial and physical well being of the employer and/or sending unauthorized communications that violate any in-house policies set forth in the HR Manual etc.?"

No is the only answer.

Back to Software Forum
22 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next

Related Discussions

Related Forums