Posts Tagged ‘email monitoring’
In a decision likely to be quoted in television drama courtrooms and real ones alike, the Third Appellate District Court in Sacramento California upheld in a 3-0 ruling that a lower court’s decision to admit emails between the plaintiff and her attorney were not privileged because the plaintiff used her employer’s (the defendant) systems to send the emails, and a written policy was in place restricting the personal use of company computers and informing users that email communications could be monitored.
Peeking into an employee’s Web mail accessed on a company computer during work hours can be illegal–at least in New Jersey, according to that state’s Supreme Court. In a 7-0 decision, the judicial panel upheld a lower court ruling that sanctioned a company for collecting email messages between an employee and her attorney stored on the employee’s company computer.
“Finding that the policies undergirding the attorney-client privilege substantially outweigh the employer’s interest in enforcement of its unilaterally imposed regulation, we reject the employer’s claimed right to rummage through and retain the employee’s emails to her attorney,” the appellate court ruled in its decision upheld by the state’s high court.
The case involved Marina Stengart, the former executive director of nursing at Loving Care, a home health care provider located in Bergen county. After resigning from Loving Care, she filed a discrimination lawsuit against the company.
Loving Care issued Stengart a notebook computer when she worked for the company. She had a work email account, as well as personal Yahoo! mail account. Prior to resigning, she used the Yahoo! account to communicate with her attorney about her potential lawsuit. The Yahoo! emails were stored on her company computer.
IT managers must account for many demands on their time and resources. Storage is always an issue and having to estimate the growth needs of the company and all the various departments can be a time-consuming and sometimes thankless job.
Estimating email storage needs can be started by making assumptions about the average size in bytes that attachments will require, the hours of day that the email servers will be the busiest and the number of users per email server. Those three variables multiplied together are a good starting point in estimating how much storage to allocate for email servers.
And the same computations can also be used when estimating how much storage to allocate for archiving purposes.
Archiving email messages can save an IT data center in many ways. Some of the reasons for archiving email messages include:
If you haven’t received an email from someone asking you to buy their latest and greatest digital device or some other product that promises to help you lose weight and look younger in twenty-four hours then consider yourself not part of the world population.
We’ve all received these emails either through our email mailboxes or via text messages on our cell phones. And in case you haven’t heard of it, it’s called spamming.
Spamming involves massive distributions of email messages to recipients that number in the thousands to tens of thousands. All the spammers need is for one percent to five percent of the recipient pool to open their spam messages to get their message out there. That one percent to five percent can translate into 20 to 50 persons for a small sampling of 2,000 recipients to upwards of 200 to 1,000 people on the high end sampling of 20,000 recipients. And it doesn’t cost the spammers anything more than the keystrokes needed to send out their burst of emails and the costs associated with the harvesting of email addresses which is another subject altogether.
So how can an administrator protect their enterprise from being the subject of these email spamming campaigns?
The Wall Street Journal carried an article last week on the US court’s shifting position on whether or not it’s okay for a company to read employee email. Most companies tend to take the position that whatever goes on within the corporate walls–or even within its virtual walls–is company property, and the actual keystrokes that take place on company property are fair game for snooping. However, that’s not always the case.
First of all, let’s take a look at why a company would be snooping on employee email. Are they worried about gossip? Or are they just nosy? In fact, the reasons revolve mostly around concerns of security leaks, and information leaks. Security leaks may occur if an employee is using their personal email account from a work computer. Information leaks can occur from anywhere–and this just involves a company employee emailing sensitive information that they ought not be sending to anyone. If you’re using your email account to send the Colonel’s secret recipe, or some such trade secret to the competition, then the company would like to know about it. Some employers take this very seriously, and use software to check all outgoing emails for sensitive information. Some 38 percent of companies analyze the contents of outgoing mail for these purposes.
The question is, are you allowed to do that? Courts, which in the past were more sympathetic to the employer, are now starting to weigh in favor of employees. The legalities of it get a little hairy, but the basics of it are that it is necessary to describe to every employee, in very specific terms, what the expectations are in regards to employee email privacy. The Journal article cites a particular case where an appeals court ruled that an employee had a “reasonable expectation” of privacy when they sent out an email using their personal account. To quote the article, courts are now finding that “unless they (the employers) have explicitly told the employee they will monitor email, they don’t have the legal rigth to do it–even if the email in question was a personal one sent using a work account, rather than a personal address.”
The bottom line is that if your company policy is to read, either by human or software means, employee emails, you need to make sure that every employee had been explicitly informed of that policy. Of course, telling someone you’re going to snoop on them kind of takes the wind out of your sails, but can still be a good preventive measure regardless.
Nobody in the U.S. expects their corporate emails to be private, and it’s generally assumed that if you are using your corporate computers and corporate email accounts, the company has the right to snoop as a means of preventing “data leakage,” which is a polite euphemism for what we used to call industrial espionage.
European companies have been a little more reluctant to get on this bandwagon due to privacy concerns. In principle, the existence of a written or implied contract between employee and employer, the existence of acceptable use policies, and the overwhelming need to protect corporate secrets from walking out the door, more than counter-balance the privacy concerns and make a very compelling argument in favor of this practice.
A recent article on CSO discusses whether employee monitoring is valid, suggesting that such internal surveillance is beneficial not only for the company itself, but also indirectly, for the employees being monitored. The latter case can be made easily since internal espionage and data theft can have a major repercussion for the entire company’s well-being–as well as each employee’s continued employment.
Industrial espionage has gotten a lot easier since the old days, when the spy would have to break into a storeroom with a spy camera and take pictures of documents. Since almost all corporate documents (even secret ones) are now electronic, all it takes is the ability to break into a file server electronically, and then email the documents offsite.