Monday, May 16, 2005

The Gray Area of 'Private' Email

I saved an article on efforts in Australia to prevent employers from covertly monitoring employees 'private' email.

Compare this to the USA and the case of "Smyth v. Pillsbury Co." where the court stated "... the company's interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments".

If enacted in Australia, how does an employer, concerned about proprietary data or trade secret loss (either accidentally or through malicious intent) legally filter email originating from their corporate computers? The Australian law says the employer must "Obtain a court order permitting surveillance" (lawyers get richer?).

Let’s see how that court order and delays it causes could work:

  1. You suspect trade secrets are being illegally transmitted using corporate email.

  2. Oops, the new products specs are sent outside the company via email.

  3. You contact counsel to start the process to obtain email scanning permission

  4. Oops, marketing strategies, more privileged data, slips away via email.

  5. Your counsel contacts a judge to present your case.

  6. Oops, internal memos on your business partners are sent out via email.

  7. You obtain permission to scan an employee’s corporate email.

  8. Oops, new product patent applications are sent illegally via email.

  9. You contact your IT guys to set up the email scan.

  10. Surprise, your business secrets are now out of the bag and floating around the Net.

Looks like a big hole has been created in corporate security.

Besides, how does a content security filter distinguish between a personal letter to my wife and my correspondence with clients? What about email arriving in an employee’s inbox? Can an employer scan personal correspondence that does not pertain to corporate business? This is ‘private’ email too. How does an email filter know?

Big gray area here: The "corporate rights" of a business owner vs. the "privacy rights" of an employee. So what are the corporate options?

  • Ban 'private' email, inbound and outbound. Draconian, unpopular and impossible to enforce (without scanning, but that's illegal under the proposed Austalian law).

  • Create detailed corporate email usage guide-lines. A good solution but enforcable only through scanning (That keeps popping up doesn't it?) or the honor system.

  • Rely on common sense (Yeah, in a perfect world... maybe).

So what will happen?

As we now hear "This call is being monitored..." in our business telephone calls, perhaps we now add "This email is being scanned..." to our correspondence.

AAS


posted by CMS Blog Master @ 10:57 AM  

0 Comments:

Post a Comment

<< Home