Email privacy

Written by Doug Klunder
Two recent P-I articles, here and here, discuss employee privacy, especially when it comes to email. The ACLU believes that employees should have a right of privacy in their personal communications, which employers should only be able to breach in cases of serious misconduct.

The articles do a pretty good job of describing the actual (and unfortunate) legal situation--virtually no employee privacy. Despite that legal background, it's important to recognize the reality that many of us do send and receive some personal email at work. So I thought some practical tips might be in order:

1) Don't use an employer-provided email account for any email you're not comfortable having all of your coworkers and supervisors see. Not only does your employer have an absolute legal right to see the email, there are many instances in which that may occur, even without any kind of investigation going on. Almost certainly when you leave employment, your email will be passed on to another employee. While you're on vacation, or even at lunch if something pressing arises, there's a reasonable chance the employer will need to check your email to handle business needs. And your IT person may easily run across emails when troubleshooting any number of problems that may arise, either with your workstation or with servers. So just don't do it.

2) Web-based semi-anonymous accounts (Hotmail, Yahoo, Gmail, etc.) are likely to be more private, though there are no guarantees. It is technically possible (and not particularly difficult) for an employer to monitor all traffic on the company network, which includes traffic to access your Web-based email. Practically speaking, however, it's less likely unless your employer is either paranoid or investigating some particular misconduct. Routine monitoring is also more likely to happen with a large employer (such as Boeing) with a dedicated security department, but even so, they're less likely to care about most personal email. So it's probably reasonably safe to access such sites from work (if nobody's looking over your shoulder) and send private, even potentially embarrassing, email--if it doesn't relate to illegal activity or work misconduct, and if such email use doesn't cut into your productivity.

Note also that the possibility exists for your employer to capture keystrokes, including passwords, account numbers, and the like. But actual use of that information to access personal accounts is almost certainly illegal.

3) If you're going to discuss work-related issues in a way your boss may not like--especially giving information to a reporter--don't do it on work time, using an employer network, or employer-provided hardware or software. Limit such emails to your home computer, on off hours. And if you're going to blog about work, do that from home as well, and you're best advised to keep it anonymous. Unless there is a violation of law involved, your employer shouldn't have access to your personal computer and personal email accounts (if they're not accessed on the employer's network).

But even so, don't think there's a 100% guarantee--your employer may be able to issue a subpoena if there's an allegation of wrongdoing, such as improper revelation of company secrets, and many ISP's will reveal anything in response to a subpoena, often without letting the customer even know about it. And, of course, if there's a criminal investigation, law enforcement can easily obtain access to records showing not only when you accessed which sites, but also quite possibly the contents of your communications, even if you thought they were deleted.

Quick summary: Don't stop using email, but be aware of when and where to use various types of email. They're not all the same.