Here is some very helpful advice and guidance contained in a recent article from the Sioux City Journal in the USA. Many times the rights of employers and responsibilities of employees around the issue of use and misuse of a corporate email system are clouded and unclear; this article helps to remove any grey areas and offers the following 5 sensible strategies for email usage:
1. Don’t use work email for personal matters, jokes or other conduct that may be questionable.
2. Don’t say anything in an email that you wouldn’t say in front of your supervisor/boss.
3. Think before you hit send. You are creating a permanent, written record.
4. If you want privacy, don’t do it at work. Get your own laptop and use your own wireless access.
5. Draft email communications carefully. While it is an informal means of communication, when used for business, it should be treated more formally. Remember that it is hard to read certain things like tone and emotion through an email.
The message is clear – When the acceptable use policy is clearly communicated and the technology to enforce the policy is correctly implemented then a safe work environment is created and risk for the employer is mitigated.
If you think you can write about your personal life through your work-related email, then you should take a lesson from one of the highest-placed officials in the country.
After all, if the director of the CIA can’t keep his private matters secret, how does that bode for the rest of us?
The scandal involving Gen. David Petraeus, who resigned as head of the spy agency after the FBI uncovered e-mails revealing he was having an affair with his biographer, might have gone unnoticed for a longer time had he not used his work e-mail to communicate with her.
According to Sioux City attorney Sarah Kleber with the Heidman Law Firm, employers have the right to monitor employees’ emails when sent from a work computer.
“Legally, an employer may monitor its equipment and network, provided the employer advises its employees that they should not expect privacy in their work communications or on the employer’s provided equipment and network,” she said. “If it is on the employer’s equipment or network, employers have a legitimate interest in assuring that what is provided to employees is used for business purposes or at least not for improper purposes.”
Employers have the right to impose certain restrictions on usage and set up actual barriers via server or gateway hardware, Kleber added.
“Employers may review company email accounts, track Internet usage, and information sent or received via the employer’s equipment including personal email accounts,” she said. “Technology advancements allow employer access without password if it is accessed and used on the employer provided shared network.”
Although some employees might believe what they are sending through their work email is innocuous, employers might think otherwise. Kleber pointed out that some emails could be cause for discussion, a warning, a dismissal or even a call to the police.
“Concerns might include improper promises to a client, off-color jokes, inappropriate conduct, harassment, industry specific concerns such as insider trading, and criminal conduct,” she said. “The appropriate response will vary according to the type of concern and the degree of the problem. Minor infractions would be addressed with warnings, discussion, counseling or training. Serious concerns may merit immediate termination or involvement of law enforcement.”
To avoid confusion about what one can and cannot do with their work-related communication, Kleber advised employers to implement an electronic and media usage policy which advises employees that they should not expect privacy.
“Employers would also be well-advised to consult with legal counsel to review issues and particular concerns,” she said. “Employers should implement written policies that give notice to the employee of expectations and monitoring, utilize signed acknowledgments which include consent to monitoring, and provide training.”
Kleber said a different challenge surfaces with incoming emails. “An employee might not be held responsible for incoming emails,” she said. “The employer should consider what was the employee’s response. Employers can block certain addresses, senders, websites or implement other technology protections including a firewall, quarantine system or spam filter.”
Andrew Heiser, executive director of information services at Morningside College, pointed out email is and has always been a public form of communication.
“Even CIA directors can’t get around it,” he said.
Morningside College has a three-page Computer Ethics and Network Acceptable Use Policy” that was implemented in the late 1990s and gets updated every year.
“The policy is mostly about keeping the systems running — both in a technical sense, and in a social sense,” he said. “In the early days, especially, it would have been easy for a user to get into other people’s accounts to either break things or break trust. The other key point is that the systems are an expense to the college, they give power to users, and we want to make sure that they are not squandered. The philosophy is that email is a privilege, not a right.”
Some people might interpret the intrusion into their email is like “1984”: Big Brother is watching you.
“When people think ‘Big Brother watching,’ they are worried about an intent to control,” Heiser said. “I have always hoped, when I remind people of the acceptable use policy, that the user considers the inconvenience, a price for the service. The price we pay for email is a loss of privacy.”
However, as an information technology manager, Heiser stressed that having access to sensitive data does not equal controlling users or breaking their trust.
“Big Brother may be watching, but no one else I know is,” he said. “Emails are like postcards, elegant in their simplicity, but insecure and postal carriers can see hundreds of them in a day.”
However, Heiser clarified Morningside College does not monitor student email.
“Our policy is on the honor system, and as far as I know , he only times we have ever needed to remind anyone have been times when non-IT people complain,” he said. “For example, a Twitter bully came to my attention once by way of a resident adviser.”
The Petraeus story received a good amount of media attention, mostly for its high level of drama as more characters surfaced. However, the government’s rights in checking emails are different than other employers, Kleber noted.
“Government entities are distinguishable from private employers,” she said. “The government is a state ‘actor’ and constitutional protections extend through the Fourth Amendment to government employees. However, various cases have held that reasonable, work-related searches may be permitted.”
In essence, Kleber speculated all online work communication should be considered public.
“Especially when national security interests are implicated, what is reasonable and work-related may be fairly broad,” she said.