Every day, hundreds of millions, if not billions, of people use electronic mail to conduct business and to communicate with friends and family. But if you think your email is private, guess again.
Email is no more private than a postcard and actually offers fewer legal protections. Unlike other forms of communication, such as telephone calls, which are protected in the United States under laws like the Electronic Communications Privacy Act of 1986 and by similar laws in other countries, email has little similar protection. The situation becomes even murkier for messages sent or received at your place of business.
For Your Eyes Only?
An electronic message typically makes numerous stops at computers and servers along the route to its final destination. At each stop, it can be intercepted and read by snoops. Why would someone want to do this? For hackers, there's the challenge of eavesdropping in cyberspace; for business competitors, confidential data may have strategic value. After all, information is power.
In addition, once you send an email, even if it isn’t intercepted along the way, you are placing your trust in the recipient not to divulge any sensitive information contained in the email. While you may feel protected by a standard confidentiality notice included in the footer of your email, the legal enforceability of these notices is highly questionable, and you should not count on it protect against forwarding of sensitive emails.
The takeaway from all of this is that when you send an email you should assume that it could be published publicly on the web. Faced with the risk that an email could be intercepted by a third party, or forwarded by the receiver, you rightly assume that you have no assurance the email you just sent will remain confidential.
Where Has All the Email Gone?
Even after you've received a message and deleted it, the message doesn't vanish. Many Internet service providers and email services archive email for some period of time. These archives can be accessed and even subpoenaed in the event of an investigation or lawsuit. The same holds true for messages received at work. Although you hit the Delete key, the message still exists in the company system. Those inappropriate comments you wrote may come back to haunt you!
Your employer has the right to monitor your professional email account – with or without your permission.
While U.S. law offers limited privacy protection for communication over the Internet, almost none exists for electronic messages sent within the workplace. In fact, many companies take the position that they not only have the right but the responsibility to review employees' email. They argue that email is no different than writing letters and memos on company letterhead. Because electronic communication represents the company and is conducted using company equipment over the company network, businesses contend that they have a right to monitor email. Many employees take the opposite position, claiming their right to privacy unless informed otherwise.
While most companies routinely use email, many don't have an official email policy. In the absence of a policy, employees often feel a false sense of security, particularly because their email accounts are password protected. Passwords do offer some protection, but not from system administrators, who can access almost anyone's email. This comes as news to many employees who mistakenly believe that communication with colleagues is private. In fact in a number of cases, casual email messages that criticized the company have landed on the boss's desk. The result? The employees were fired. In the ensuing lawsuit, U.S. courts have upheld company actions.
To avoid legal skirmishes, businesses, even small ones, should establish an Acceptable Use Policy for email that clearly sets out permissible workplace uses, prohibited uses, and penalties for violation of the policy. To avoid professional or personal pain due to inappropriate use of company resources, employees should treat their work email account as if it were being continuously monitored – since it very well may be!
An Ounce of Prevention
Email is a critical communication method, so dropping out of the email-using class isn’t a viable option. However, you can and should take steps to protect yourself against loss of privacy, and repercussions for inappropriate emailing.
- First, when using an employer-provided computer or smartphone, or sending a work-related email from your personal equipment or email address, consider whether you would send the message if your boss were carbon-copied to it. If the answer is “no”, don’t send the message.
- Second, remember that you don’t own your work email, and assume your employer could use any email you send, in any way they wish, at any point – because they can.
- Third, avoid using your employer-provided smartphone and computer for personal email, especially during the work day.
- Fourth, remember that once you send an email you have lost all control over that content, and only include information you would include on a postcard.
- Fifth, if you absolutely must transmit sensitive information, use encryption software to encode your message and attachments so no one but the recipient can read it.