Email privacy

[Weylander]

Anyone tell me what the current law is concerning email privacy? The part i most need to know about is.........Are people allowed to open and read my emails without my consent (at work)? We don't have an email policy so i assume that no one is allowed to open and read my email.

Any help is appreciated.

 

[TdC]

never assume anything regarding your privacy tbh.

if you're at work and there is NO policy in place regarding internet and/or "private" email then the powers that be will do as they see fit. be aware that this can be anything: I scan email for virus and spam traits. I can also scan it for keywords. if your email contains words like "boobies" I can safely assume that it has nothing to do with your job, unless you happen to work in the boobies industry that is. I won't have "read" your mail, in the human sense of the word, but I will know you're doing it, if there are attachments, how big they are, what file they are, how often you send them and to who. to name but a few things.

regarding work-related email that is being read by coworkers, that I do not know enough about.

 

[yaruar]

never assume anything regarding your privacy tbh.

if you're at work and there is NO policy in place regarding internet and/or "private" email then the powers that be will do as they see fit.

Actually this is the wrong way round. If there is no policy they they have no right to scan your stuff and monitor you. To do this there needs to be a signed and agreed contractual computer misuse/monitoring policy.

Although if you work in the US they can do whatever they want.

 

[bigbb]

I can also scan it for keywords. if your email contains words like "boobies" I can safely assume that it has nothing to do with your job, unless you happen to work in the boobies industry that is. I won't have "read" your mail, in the human sense of the word, but I will know you're doing it, if there are attachments, how big they are, what file they are, how often you send them and to who. to name but a few things.

TdC Powah. Very interesting this.

I have no doubt you've taken on this responsibility with great integrity. I.e. searched for the school-boy, calculator version; 5318008?

 

[Weylander]

Thanks Yaruar, that is what i thought.

A staff member had her emails read by another staff member while she was off yesterday, many were personal type emails as opposed to work emails. This is the type of scenario I needed look at, we don't mind people getting personal emails at all, I for one know i would be mighty miffed if someone read my emails!!!

 

[TdC]

hehe BB I even search in 0x and stuff, though I have no power at all

Actually this is the wrong way round. If there is no policy they they have no right to scan your stuff and monitor you. To do this there needs to be a signed and agreed contractual computer misuse/monitoring policy.

is that so? I can remember signing such a thing when I came to work for BigCompany, but I wasn't aware that it was to allow them to monitor me as opposed to me agreeing to be a nice boy.

as to the reading of the emails, I'm now under the impression that this occured because the coworker "could" rather than by direct management mandate? is that so, because then obv other rules apply.

 

[yaruar]

is that so? I can remember signing such a thing when I came to work for BigCompany, but I wasn't aware that it was to allow them to monitor me as opposed to me agreeing to be a nice boy.

as to the reading of the emails, I'm now under the impression that this occured because the coworker "could" rather than by direct management mandate? is that so, because then obv other rules apply.

Nah, privacy laws in the uk dictate that monitoring and reading of mails (and monitoring of internet use and phone calls) can only be done with the express consent of the individual

 

[TdC]

yer, so I gather. but there are two different problems to be adressed here: a)management states "we have reason to believe blahblah, and therefore need designated person X to audit subject Y's email. monitor/open up the account now and check for teh nasty word boobies"

b)coworker Z has "ha><ored" subject Y's email password because it's "benson&hedges", the same brand as the ciggies Y smokes and reads the email for Z's own purposes.



I'm thinking case b has occured. Imo that's a people problem. it's possible to prove that your account has been opened while you weren't there, it's also possible to discover who did it. Management will take care of the rest.

in case a the rub is proactively monitoring or not. in the former I can understand that you'll have to give permission for "teh man" to scrutinize your every move. in the latter, well, I've seen strange things happen when companies have probable cause to watch you. we certainly have measures in place to cover this, and I'm not sure that we care if the people mind.

 

[yaruar]

yer, so I gather. but there are two different problems to be adressed here: a)management states "we have reason to believe blahblah, and therefore need designated person X to audit subject Y's email. monitor/open up the account now and check for teh nasty word boobies"

b)coworker Z has "ha><ored" subject Y's email password because it's "benson&hedges", the same brand as the ciggies Y smokes and reads the email for Z's own purposes.



I'm thinking case b has occured. Imo that's a people problem. it's possible to prove that your account has been opened while you weren't there, it's also possible to discover who did it. Management will take care of the rest.

in case a the rub is proactively monitoring or not. in the former I can understand that you'll have to give permission for "teh man" to scrutinize your every move. in the latter, well, I've seen strange things happen when companies have probable cause to watch you. we certainly have measures in place to cover this, and I'm not sure that we care if the people mind.

Yeah two very different cases. Personally if i ever found someone hacking someone elses account on work time i would probably immediately push for their sacking on grounds of gross misconduct.

As for scenario a it's very dangerous ground to be on as any evidence you have procurred illegally isn't admissable in any way. Not that that stops people, but if you, say, fired someone for the mention of boobies which you found through going through their email then they would easily win a case for unfair dismissal from you.

 

[TdC]

Yeah two very different cases. Personally if i ever found someone hacking someone elses account on work time i would probably immediately push for their sacking on grounds of gross misconduct.

As for scenario a it's very dangerous ground to be on as any evidence you have procurred illegally isn't admissable in any way. Not that that stops people, but if you, say, fired someone for the mention of boobies which you found through going through their email then they would easily win a case for unfair dismissal from you.

yeah, I totally agree with your thoughts regarding case b. as for a, I must stress that we don't do that at the drop of a hat, nor do we do anything proactively that the workers have not agreed to (like scanning email on content). but we can do it given probable cause, and the orders are given by very scary people indeed, as you well know having worked in finance there are some severely scary peeps here and there.

tbh if I truely had my way I'd know everything that happened on my servers, but as that's lawfully (and prolly morally) wrong I don't. I do have to know things about, say, email, in a general sense ie volume, attachents, virus scanning in order to run the servers properly but that's beside the point. imo my wanting to know about email, files, browsing et al is because I have to make the network err...work, not because I'm morbidly fascinated with Susy the temp's hot emails to her manager or the fact that Johnny in finance is sending clasified data to his mate who's "writing a book about financial markets". if a scary security auditor steps out of the matrix and tells me to open up Johnny's files I will, but I shan't be going through them just because I can.

getting back to scenario a, I'm not rightly sure what we do. it's happened, but I've never been involved so I'm unsure where da man got his probable cause from.

 

[Tom]

Can't you just use webmail? Is that more secure?

*shrugs*

 

[Embattle]

Guess it depends on whether it is a company email address that may have information regarding work sent to it, not that I would use such an email addy for private information.

 

[yaruar]

yeah, I totally agree with your thoughts regarding case b. as for a, I must stress that we don't do that at the drop of a hat, nor do we do anything proactively that the workers have not agreed to (like scanning email on content). but we can do it given probable cause, and the orders are given by very scary people indeed, as you well know having worked in finance there are some severely scary peeps here and there.

Yeah, some situations do call for it, although when working in finance we covered our arses totally and made sure that everyone who joined sighed their lives away to us before they had access to anything

althouth that said i had massive problems when we got new management in and they insisted that people could use webmail, instant messaging, etc and then got pissed off when information started going astray.

 

[yaruar]

Can't you just use webmail? Is that more secure?

*shrugs*

Webmail isn't particually secure, if you want to be careful just open an SSH terminal session to a friendly box and read mail from there

With any security conscious firm all https sessions should be blocked anyway. In fact all internet use should be restricted to designated sites only for everyone but me and the other sysadmins Although in my first company we had no internet access at all so i just found a redundant analogue line and plugged a modem into the back of my pc

 

[Guest]

If you are sending/receiving from your work account then its their mail not yours so they can do wtf they like as long as they have a written computing security policy, if they dont have one then they cannot read your emails, but they will do anyway and just sack you for doing something else wrong (if they want to), they cannot read your hotmail account or any other web based email account you have because that would entail them getting your password which is yours and not theirs, although if their computing security policy says you cannot use hotmail or other webmail then they can do pretty much wtf they like to get your password and look in your hotmail account.

So its all raelly to do with work email or web mail and what if anything it says in your work IT policy.

Personall i dont send anything from my work account at all.

 

[`mongoose]

Some fella at work here tried telling me I had no right to delete a program he had the other day.........


It was an msn conversation sniffer that could also capture and assemble voip packets and email packets.

I hit him with my 'Do not bring tools like that onto my network' stick ....




alot.


I know most companies make you sign certain things as regards data protection etc, and computer misuse. I think in some cases though they can pretty much hijack your account, particularly in the case of illegal activity. I got a call from the Internet watch foundation the other day - some of the things employers and admins are legally bound to do are pretty damn scary

M