Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Monitoring E-Mail
- Thread starter Dan100
- Start date
- Thread starter
- #3
Dan,<br>
I appreciate that you are probably in a bind and I hope that there is a good reason for this. I, unfortuneately will not help you with this. I have a VERY strong belief of personal privacy and I would never perform this sort of invasion of privacy. I know that everyone in here can argue that its company email and the right of the company to see it since it is their resources... Yea that is probably true, but there is still a line between privacy and "for the company good"...<br>
<br>
I will address the legal issues though, as best that I can, I am no lawyer... I would suggest that you consult a lawyer prior to doing any of this. If you have reason to believe that someone is leaking confidential company information, having legal counsel on you side will help you clsoe the leak and prosecute the leaker. If you are not concerned with legal actions, just firing someone who is doing something along those lines, you'd still be better off getting a laywer to properly document and annotate the string of events leading to the person's firing - so that the person has no way of getting back at you with a lawsuit due to unfair dismissal or whatever.<br>
<br>
If its due to people using the email system for non-work related emails - what is your company policy on using the emails for non-work? I know that every company I have been involved with allowed the person use of the email. Granted this should be used within reason. This is where it gets a little bit grey -- what is the company's right to open and read a letter sent to the person through the Postal System?<br>
<br>
This is a very sticky area that I would proceed into only after consulting with a lawyer if you are indeed serious about reading their emails. Although I have not heard any case involving a person suing their employer for reading their personal emails - I know me personally, if the company I worked for read any of my email, I would definately seek legal action against them, unless they had a lot of legal backing (I still probably would to try and make a point)<br>
<br>
I don't beleive that a company has the right to open any of your Postal mail, so that makes me wonder why it should be legal to open their email without legal counsel and a very good reason.<br>
<br>
If you are trying to plug a leak in your company, get legal counsel (someone specializing in computer and internet law - yes they are out there...) you'll only be protecting your butt (and it might be a good idea to have the lawyer present or have him/her do the actual email reading, that way you are not in the line of fire if this employee decides to sue or take legal action against your company..., if its due to too many resources being used by one individual or group, limit their mailbox sizes, send them an email saying that they are limited to getting 1 MB of email with attachments of less than that - if they need more, they'd better specify a good, business reason - or try using other means of these people getting work related attachments (i.e. FTP Server), have them prove to you that they need more than that to do there jobs...<br>
<br>
Hope this helps, sorry I couldn't help more,<br>
Paul Kincaid
I appreciate that you are probably in a bind and I hope that there is a good reason for this. I, unfortuneately will not help you with this. I have a VERY strong belief of personal privacy and I would never perform this sort of invasion of privacy. I know that everyone in here can argue that its company email and the right of the company to see it since it is their resources... Yea that is probably true, but there is still a line between privacy and "for the company good"...<br>
<br>
I will address the legal issues though, as best that I can, I am no lawyer... I would suggest that you consult a lawyer prior to doing any of this. If you have reason to believe that someone is leaking confidential company information, having legal counsel on you side will help you clsoe the leak and prosecute the leaker. If you are not concerned with legal actions, just firing someone who is doing something along those lines, you'd still be better off getting a laywer to properly document and annotate the string of events leading to the person's firing - so that the person has no way of getting back at you with a lawsuit due to unfair dismissal or whatever.<br>
<br>
If its due to people using the email system for non-work related emails - what is your company policy on using the emails for non-work? I know that every company I have been involved with allowed the person use of the email. Granted this should be used within reason. This is where it gets a little bit grey -- what is the company's right to open and read a letter sent to the person through the Postal System?<br>
<br>
This is a very sticky area that I would proceed into only after consulting with a lawyer if you are indeed serious about reading their emails. Although I have not heard any case involving a person suing their employer for reading their personal emails - I know me personally, if the company I worked for read any of my email, I would definately seek legal action against them, unless they had a lot of legal backing (I still probably would to try and make a point)<br>
<br>
I don't beleive that a company has the right to open any of your Postal mail, so that makes me wonder why it should be legal to open their email without legal counsel and a very good reason.<br>
<br>
If you are trying to plug a leak in your company, get legal counsel (someone specializing in computer and internet law - yes they are out there...) you'll only be protecting your butt (and it might be a good idea to have the lawyer present or have him/her do the actual email reading, that way you are not in the line of fire if this employee decides to sue or take legal action against your company..., if its due to too many resources being used by one individual or group, limit their mailbox sizes, send them an email saying that they are limited to getting 1 MB of email with attachments of less than that - if they need more, they'd better specify a good, business reason - or try using other means of these people getting work related attachments (i.e. FTP Server), have them prove to you that they need more than that to do there jobs...<br>
<br>
Hope this helps, sorry I couldn't help more,<br>
Paul Kincaid
- Thread starter
- #5
Thanks for the brilliant reply. I totally agree with the fact that it should be kept 100% confidential, but my arms are tied and I have to do something.<br>
<br>
The only reason as to why I have been asked to do this is that my boss witnessed some hard-core porn on a users PC, whilst strolling through another part of our site. He believes that our company email is being abused, and is probably not wrong.<br>
<br>
We do allow personal e-mail, but obviously to a certain level. Receiving porn is just taking the p@#s, so why shouldn't they be reprimanded. We trust the user enough to let them use our services for personal use, and if all they can do to return the favour is abuse the system....well.... that's just not on.<br>
<br>
I have already set a limit to everyone's mailbox and never get asked for an expansion from their designated 2mb. The problem we have is that many people receive pictures from digital cameras, that are work related. Every so often, I am guessing, they are receiving JPG's with them, of pictures that are illegal.<br>
<br>
My boss is slightly ignorant when it comes to the legalities. He said "If they sue us for breach of personal confidentiality, I will sue them for using business equipment to access illegal material."<br>
<br>
Not the best of attitudes I know, but its what I have to deal with!!!!<br>
<br>
The only reason as to why I have been asked to do this is that my boss witnessed some hard-core porn on a users PC, whilst strolling through another part of our site. He believes that our company email is being abused, and is probably not wrong.<br>
<br>
We do allow personal e-mail, but obviously to a certain level. Receiving porn is just taking the p@#s, so why shouldn't they be reprimanded. We trust the user enough to let them use our services for personal use, and if all they can do to return the favour is abuse the system....well.... that's just not on.<br>
<br>
I have already set a limit to everyone's mailbox and never get asked for an expansion from their designated 2mb. The problem we have is that many people receive pictures from digital cameras, that are work related. Every so often, I am guessing, they are receiving JPG's with them, of pictures that are illegal.<br>
<br>
My boss is slightly ignorant when it comes to the legalities. He said "If they sue us for breach of personal confidentiality, I will sue them for using business equipment to access illegal material."<br>
<br>
Not the best of attitudes I know, but its what I have to deal with!!!!<br>
The first thing that you have to make sure of is that you have your policy on porn well documented. In other words either in a contract that they have signed or send out an office memo. If you dont do this you may have problems when you go to differentiate this instance from your personal email use. The second thing I would try to do is to catch them more through there browser or internet history file. Email is generally thought to be a more personal item. I dont think you would have any reprecussions from checking someone's browser information and it would be a lot easier. Unless they are experienced computer users they are probably unaware that these sites leave cookies that can not be cleared by just deleting the history. Hopefully that will be of some help to you. I'm not aware of any monitoring software, but I am sure there are plenty out there.
Dan, formulate your policy, along the lines of 'Viewing or downloading sexually explicit or otherwise offensive material is a disciplinary offence, ...', then issue it prominently and frequently. Include in it a statement that the company reserves the right to monitor ... This a) starts to address the corporate culture issue b) provides some legal cover.<br>
I would not be looking to monitor internet & e-mail however, but block access to dubious content.<br>
Take a look at websense for internet ( <A HREF=" TARGET="_new"> ) or mimesweeper ( <A HREF=" TARGET="_new"> ) for both web & e-mail.<br>
The problems are that most of this sort of stuff is text based (i.e. looking for blacklist words phrases or URLs), so it doesn't block everything; it can also usually be circumvented, and if users are technically savvy enough to get around the firewalls & blocking software, they can probably take a reasonable shot at cleaning up the evidence (at least on their own desktops). So if you really want to 'catch' people, rather than prevent or discourage people from looking at stuff in the first place, you're back to going through each hard-disk, folder or mailbox yourself, snooping for dodgy content.<br>
So - put in the blocking software - it won't address the actual problem directly (i.e. jpegs in email), but it will give your boss a righteous feeling, and start to change the company culture.
I would not be looking to monitor internet & e-mail however, but block access to dubious content.<br>
Take a look at websense for internet ( <A HREF=" TARGET="_new"> ) or mimesweeper ( <A HREF=" TARGET="_new"> ) for both web & e-mail.<br>
The problems are that most of this sort of stuff is text based (i.e. looking for blacklist words phrases or URLs), so it doesn't block everything; it can also usually be circumvented, and if users are technically savvy enough to get around the firewalls & blocking software, they can probably take a reasonable shot at cleaning up the evidence (at least on their own desktops). So if you really want to 'catch' people, rather than prevent or discourage people from looking at stuff in the first place, you're back to going through each hard-disk, folder or mailbox yourself, snooping for dodgy content.<br>
So - put in the blocking software - it won't address the actual problem directly (i.e. jpegs in email), but it will give your boss a righteous feeling, and start to change the company culture.
- Status
Similar threads
- Locked
- Question