Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

E-Mail monitoring

Status
Not open for further replies.

ManagerJay

IS-IT--Management
Jul 24, 2000
302
US
I have an employee who has been given the unrewarding task of monitoring corporate e-mail. He was doing fine with the task, reporting what should be reported, etc. until last week when several of the e-mails started containing comments directed toward him.

Comments such as, "Does your mother know your doing this," "Make sure management sees this," etc.

How can I help this individual to deal with this?



Jay
 
The first thing I can say is DO NOT under any circumstance let the employees know who is doing the monitoring. make sure the person monitoring the email knows that he is to remain anonymous. This makes it harder for people to target attacks at him as it could be anyone.

The monitor should have to sign an agreement saying that the contents of the emails are private and that he is only to discuss the emails with a certain person in management.

Also, alert the employees that the person monitoring the email is not doing it for personal amusement/personal gain, and provide them with a list of what is acceptable and what is not. If the employees know that their email is being monitored for certain things, they will probably be more careful what they send out. I'd also include in a memo that there will be a certain punitive action for abusing the email system. give them a few days to adjust then start enforcing the rules! Most companies that I've consulted with have looked towards docking pay, but one put up a scorecard and at the end of the month, the employee who violated the email policy the most times had to buy a round of drinks.

I have found that the people who attack the monitor are the ones who have something to hide.
 
We have followed the steps you outlined. And, as you said, the attacks are only coming from one or two people.

Thanks for your help.



Jay
 
While your situation would not follow protection under a protected class, it is riding the fence of some type of workplace harassment... i.e., they are are intimidating another co-worker simply for doing their job. I'm sure your employee manual addresses that.
 
There are two ways that I can see
1. Develop a weird sense of humour.
2. More seriously. Empower him to overlook minor transgressions. In doing this he can "overlook" the offending material, but give a gentle warning to the offender. Apparently, with power to forgive.
The effect of this is that he is still "one of the lads", but still monitoring for serious transgressions (which they still know about).
A bit like a double agent, but always make it look as if you only overlook it as a favour, and don't push your luck in future.
Hope this helps, I know the feeling well it worked for me.
Cheers
Figgy
 
Is e-mail monitoring legal in your country?? I know it still happens, but as far as I know it is illegal, unless there are strong suspicions that you will find some illegal business in the e-mail themselves (same as for a telephone tap...) [machinegun]
 
In the United States email monitoring is not illegal.
 
And, as part of the policy manual each employee receives, our e-mail policy states e-mail may be monitored at any time. However, this is the first instance we have actually started monitoring e-mail since we have strong suspicions someone is supplying "inside" information to the competition and other organizations using a company e-mail account.


Jay
 
Don,
In the U.S., email monitoring (and phone tapping, for that matter) is illegal for the government to do without a warrant (at least it was pre-Sept 11, but I think the "USA-Patriot Act" may have created loopholes) and it is illegal to do to a third party, but employers may do so to employees if they have notified the employees to that effect beforehand.
-Steve
 
Steve, I believe the poster was talking about a company to which a person is employed, not the government, monitoring their emails.

Email and phone monitoring within a company
IS NOT in the same category as wiretapping. And even the government may monitor its employees. The Government cant monitoring MY emails, as a citizen.

With email and phone monitoring (as in Customer Service), companies are monitoring their property.

It has already been decided that company emails belong specifically to the company to which you are employed.
 
Kjonnn,
The poster was talking about an employer, but I was responding more to DonQuichote. Other than that, we're in complete agreement.
-Steve
 
[thumbsup2]Well, thanks for the responces. I do not live in the USA. I believe (I'm not absolutely sure) that it is only allowed in special circumstances in the Netherlands. I have encountered an employer that tapped the phone as well as the e-mail...
 
Our attorney left me a message stating she believes it is illegal to read an employee e-mail BEFORE they do. She is out of the office today and I have not been able to get a hold of her to get the details on this.

Has anyone else heard of this?

Thanks,



Jay
 
With the obvious disclaimer that I'm not an attorney (but know enough law to make disclaimers, heh) I have never heard of a law regarding that, federal or state. It does sound kind of dorky to me, but there's a lot of goofy laws on the books. Perhaps she's thinking that it's illegal to read an email before an employee sends it out? (Which I still don't believe to be true, but at least sounds more likely.) At any rate, if it were me, I wouldn't take any action on her opinion until I talked to her and clarified things.
-Steve
 

Is email monitoring legal?
According to a recent survey by M2 Communications Ltd, more than 8 out of 10 employers monitor their employees' emails. However, Law firm Allen & Overy found that only two-thirds of the employers who monitor emails actually have a data privacy policy in place. By monitoring emails, employers are arguably infringing on an individual’s privacy. However, as can be concluded from the court cases discussed below, a sound email policy, uniform measures and reasonable and prompt action should protect companies from legal repercussions.

It is important to first make a distinction between email auditing (sometimes called email monitoring), where email is checked after the actual transmission, and email interception (sometimes called email filtering), where email is intercepted and checked during transmission.

Email auditing
Several court cases have upheld that checking email after transmission is legal, since it is viewed as no different than searching through a file in an employee’s drawer. For instance in a criminal case against a CIA employee charged with receiving child pornography (United States v. Mark L. Simmons), the court ruled that the viewing of personal email did not violate federal wiretapping laws, since the email was not viewed while it was being transferred but was obtained from storage.

Email interception
Cases in the United States have proven that most forms of email interception are permitted if this is done in a reasonable manner and is backed up by an email policy, as proven by the Nissan and Pillsbury case: In 1991, Nissan Motor Corporation fired two employees after they had been caught sending sexually explicit emails. The employees took Nissan to court (Bourke v. Nissan) claiming unfair dismissal and violation of privacy. However, since the company had an email policy in place and had explicitly stated that employees’ emails would be monitored, the court ruled in favor of Nissan. In another case (Smyth v. Pillsbury Company) an employee was fired for communicating unprofessional comments over the company's email system. When the employee claimed that the company had violated privacy laws, the court concluded that no reasonable person would consider the interception to be a highly offensive invasion of privacy, and that the company's interest in preventing inappropriate or unprofessional comments or illegal activity outweighed any privacy interest.

However, another case points out that whilst email monitoring itself may be allowed, the resulting actions taken must be reasonable. The City of Scottsdale faced paying out damages of $300,000 after it dismissed an officer for sending out a sexually offensive email to a colleague. The officer had just received a promotion and had sent an email to a female coworker asking if she would sleep with him now that he was promoted. Even though the recipient was a close friend of the officer and found the message amusing instead of offensive, the police department removed the officer from the promotions list and after several disputes ended up firing him. The officer sued the police department and was awarded $300,000 in damages.

Finally, try to apply monitoring as uniformly as possible. It is best not to single out an individual unless there is clear reason to do so. If you single out a person, the company could be found to be discriminating against the individual. Therefore, use monitoring software for all emails on your system.
 
I'm a little late in the game, buy I'll add my two cents anyway. Your company policy should state what the company supplied email address is to be used for. i.e., if the email address is myname@mycompanyname.com then any and all transmissions belong to the company and can be monitored, before, during and after transmission. I work for a child company of one of the largest telecommunications companies in the US and our policy is very flexible, we can use the internet for anything, non-offensive of course. BUT, it does clearly state that abuse can result in termination, this includes abuse of the email system.

I have my personal account set up and use that for personal emails. All email monitoring is done on the Exchange Server and as my personal account is not on that server, it is not monitored. Any employee who is upset about a COMPANY email address being monitored may need to have COMPANY PROPERTY redefined for them. A company supplied email account is for COMPANY business, not personal fun, period.

Cat
 
Our current policy states that any network activity on the can be monitored. The policy also states company e-mail accounts and computers are company property and may be inspected at any time without prior notice.



Jay
 
Jay,

Good policy. Cat may have a personal account that is not using server space and is outside the monitoring system, but they are still using a company computer on a company network. Reserving the right to inspect any hard disk and all network traffic is the way to go.

You can still allow non-abusive personal use like Cat's company (which I applaud by the way) but allowing any traffic to be monitored gives you the out to investigate suspected abuse.
Jeff
No matter how bad it is, it can always get worse ....
 
It can be that it's just me, but for me monitoring email is wrong and I am glad that I work in a company that would never do this.

Our email policy allows the company to read anything in a persons mailbox (like with normal letters send to the company) but we only do this in 2 situations: If a person stops at the company and the department want to find email send to this email account after the person stopped or in a situation where the person is ill for a longer period.

We also log anything that goes in and out of our firewall so we could see almost anything people do on the internet, but the reason we log everything is to be able to trace what happens on our connection (like someone tries to hack the system) not to monitor the people who work at our company.

Access to an mailbox can be ordered from the director of each department (and our CEO)

Access to firewall logs to monitor a single person can only be ordered by our CEO.

We had some talks about what people should be allowed to see on the internet and I said that from a technical point they should be able to see everything. (Downloading programs and files not included)
One manager (who has a lot of temps) didn't want this because he was expecting some of his people would spend a lot of their time on the internet.
My point was that, if people want to spend their time doing things that has nothing to do with their job they will do this anyway. This is a management problem not an IT problem. They could just read a book at work. The loss would be the same to the company.

/johnny
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top