Recently I was drawn into a conversation between two women who happened to be small-business owners. One woman was telling the other how her husband occasionally looks at their employees’ e-mails. Her mention of this almost sounded like a confession — like her spouse and business partner was guilty of something he shouldn’t be doing.
I told both businesswomen the company owner not only has a right to look at the e-mail but also is wise to do so from time to time. Reviews of messages in a company-provided e-mail system can reveal misuse of company resources, theft of intellectual property or other concerns. What’s more, the contents of e-mail messages can be subpoenaed in the event of a lawsuit, so the business owner or executive team should know what’s going through company systems. Consequently, many employers — large and small — screen employees’ messages today.
Just ask Harry Stonecipher, whose reign as CEO of Boeing ended when his grievous misuse of the corporate e-mail system was revealed to the board of directors. It seems Harry unwisely chose to send sexually explicit notes to a secret paramour who also worked at Boeing. Given that Stonecipher was supposed to be leading the charge to a more “morally proper” company, the board had little choice but to fire him as an example for all other employees.
He isn’t the only person to assume e-mail content is private. Many employees make that assumption, but experts on labour issues say employees have no right to privacy when it comes to communications using company systems such as e-mail, instant messaging, telephones and fax machines. However, it’s important to fully inform employees of the company’s policy regarding the use of such resources.
Does your organization have a published policy on the use of your e-mail system, and do you adequately train employees on that policy and what is acceptable use of e-mail? According to a 2004 survey conducted by the American Management Association and The ePolicy Institute, 79 per cent of the 840 responding companies say they have a written policy governing the use of e-mail. However, only 54 per cent of the surveyed companies conduct e-mail policy training.
The survey also revealed most companies monitor the content of incoming and outgoing e-mail. However, only 27 per cent of the companies monitor the content of e-mail flowing within the company.
Companies that don’t conduct policy training or monitor internal messages can be putting themselves at risk. In 2003, oil company Chevron USA paid US$2.2 million to settle a sexual harassment lawsuit over its e-mail content. The allegations were made by a group of women employees who alleged a Chevron subsidiary allowed its internal e-mail system to be used to transmit sexually offensive messages.
A workforce that is educated about and routinely reminded of your e-mail policy is the first line of defense for your company. People who see the policy flashed on the screen during logon are more likely to comply with your rules. What’s more, in the event of a lawsuit or criminal activity, a company that can demonstrate its allegiance to policy and training could be treated favorably by the courts.
An employee of American Family Insurance was found to be receiving child pornography on his company computer. The company was not held liable for the employee’s action because it could prove that it has an active policy against such use of the computer. In order for the employee to gain access to his company network, he had to acknowledge the policy as part of the logon process. Unfortunately for him, he ignored the policy and got caught.
So employers, whether your company is large, small or in between, don’t feel guilty about taking a peek at what’s flowing through your network; it is your right and responsibility.
–Musthaler is vice president of Currid & Company, a Houston technology assessment firm. She can be reached at [email protected].