[BUGS] Assumed Privacy of E-Mails?

Piers Rowan piers.rowan at extrastaff.com.au
Thu Apr 10 08:50:14 EST 2008 

Edward Irvine wrote:
>
>
> Conclusion
> ----------------
>
> In short, there can be no realistic expectation of privacy with email. 
> Pretending 
> there is is not a realistic expectation. Educate users, up front and out 
> loud, that email is like a postcard, that it is *not* private 
> communication, and
> that there is nothing anyone can do about it.
>

"...there can be no realistic expectation of privacy with email...."

I think that this statement hit the nail on the head. It is however 
human nature that many people try to filter / block / legislate that 
which is unable to be completely filtered / blocked / legislated against.

Another idea that I heard somewhere was that email was private in 
transport (like traditional mail). So an employer could not look at it 
until after it was delivered. I think this has something to do with a 
private communique becoming a file on someone's (the employer) property. 
If you have a P&C letter deliver to work (eg: you latest ebay purchase) 
and you choose to leave it on your desk for all to see then you cannot 
expect any privacy, however you could expect a degree of privacy in that 
it should not be opened before you receive it (unless this has been 
communicated to you in policy & employment contract that no personal 
mail is to be delivered to your place of work).

With this transition (an email traversing the net and becoming a file on 
the company's server) is a transfer of responsibility to the employer. 
For example if the email contained a fathers day picture from a man's 
daughters titled do_you_like_your_little_girls.jpg and the sys. admin. 
took the file name to mean something disgusting / offensive / etc and 
that had a negative impact on them then it would be the liability of the 
employer for exposing the employee to the material.

The 3rd issue is how it is handled - for example the Sys Admin reports 
the material to the IT Manager who tells her to "...get over it..." 
because they do not see the issue. Sure this manager may be the best and 
the brightest @ IT but that leaves no real account for their competence 
at HR. This is a typical issue as people can take offence / go on compo 
/ etc for how things are handled (not just the content matter itself). 
[This can be a causative factor or more likely a factor that exacerbates 
existing factors].

One Remedy:

@ induction tell new employees that:

* All business systems are provided solely for the activities of the 
business
* No business system is considered private from a personal POV
* This includes your email account and any activity on the web

And the other one:

"Yes, it says "My Computer" on the screen but it isn't".


Sorry for the long post from a list lurker..!

Cheers

P

More information about the BUGS mailing list