It’s not the place of this blog to engage in national politics, but the news does beg a fair question for any person of good cheer and common sense: Who would administer e-mail with contents of a highly sensitive nature through unapproved e-mail systems and why? I’ll leave the answer(s) to you, but given the outcomes that we see via the daily news, you can also well ask:
What are the workplace policies regarding e-mail at my place of employ?
If you’re a decision-maker, a crafter of Acceptable Use policies, someone in the circle of influence - you may wish to review what it is you’re instructing employees to do, and not do. If you’re the individual employee laboring within various policies and guidance, you might want to refresh your understanding. If you inhabit a smaller organization that is lacking formal policies and guidance, you’d better get something on record quick – I constantly deal with organizations that are remiss in this area, and it is becoming a big liability for them.
Organizations today had better survey and know what their employees are doing with their e-mail accounts: Yes, that’s accounts, plural. Employees are not only conducting the organization’s business during workhours, they are also e-mailing and social networking via gmail, Yahoo! Mail, Facebook, and a myriad of others. What is the subject of related content? Are they making exposures, perhaps discussing trade secrets, or making unflattering remarks about management? Are they making general opinions known to the world that are unflattering to the organization? Do they belong to Groups of questionable reputation and activity that can put the organization’s reputation at risk?
Recognize that various states have differing laws regarding use of organizational assets: In some states, employees who use company resources (computer, internet access, company time), have a reasonable expectation of privacy, according to court rulings, if the company’s policy regarding computer use is that “occasional personal use is permitted.”
Thus, states have differing views of workplace privacy: Most have ruled that company-owned, corporate, e-mail accounts belong to the company – including all data that is contained – business related or otherwise. Many have ruled that any data on a workplace computer belongs to the company, “personal” passwords and allied info included. But in gray areas, companies and individuals alike need to thoroughly understand internal Acceptable Use policies and to grow and amend those policies as necessary based on precedents and local rulings. Some predict that workplace expectations of privacy vis-à-vis differing locales and laws will ultimate settle into a uniform judgment as the issue makes its way to the Supreme Court.
But there’s another consideration here for any employee: Who might be accessing your e-mail and any other personal data in the workplace that you may not know about, and may never know about, until something explodes in your face? It doesn’t matter if it’s permitted or not – you may never know who is making a judgement about you right now, based even on an unauthorized access. Someone could be surveying your workplace computer right now – for entertainment purposes, or for judgment in your suitability for promotion, or even further employment. Can this be done in secret? Of course. Is it? Well… for certain environments and for anyone who understands enough about human nature… the answer comes back again: “…of course.”
This much is certain: If you’re in the policy-making arena (whether IT or Business policy), be sure your Acceptable Use, Content Management, and Security policies are thoroughly up-to-date and that staff is apprised of your organization’s expectations. It’s worth an All-Staff meeting to get the necessary understandings out into the organization’s staff at the highest and broadest levels, as reinforcement to reminders and e-mails from HR with policy attachments. If you are a workplace user of resources (again, whether IT or Business staff), be sure you are thoroughly familiar with all policies affecting use of computer and allied resources – and be certain that any people you may manage are also fully educated and current.
In all regards, it is always wise to carefully consider what you may be saying and storing on workplace computers.