Feeds

The politics of email in the workplace

Mixing business with pleasure

Build a business case: developing custom apps

A second approach is to permit personal use of corporate or governmental email systems, with restrictions (no abusive or inappropriate use) and possibly a mandatory notation on personal email - "this is not an official government email". This is the general approach taken by the US Government. However, depending upon the judgment of individual employees to determine whether an email is "personal" or "official" is inexact at best. Content filtering software may help here, but it is not perfect.

A third approach is to make it clear that corporate or government email is exclusively for corporate or government work, and to enforce such policies (or try to) with white lists, content filtering, spot checks (supervisory monitoring) and actual enforcement, but couple this policy with permission to make limited and non-offensive use of personal email systems (e.g. POP3 mail) with appropriate safeguards (anti-viral, anti-spam, etc). Now remember, such webmail may effectively bypass some corporate security policies, and may be inappropriate in some regulatory environments - such as broker-dealers who have to monitor all communications to potential investors. And this again relies on the individual user to decide that a particular email is "personal" or "business".

Issues related to 'personal' email on company systems

There are many issues that relate to the use of non-business email through business provided - or reimbursed - IT infrastructures. First, may (or must) the employer monitor the contents of such "personal" email systems? May they "intercept" things like the user's userid and password on a personal system, and if so, what can they do with this information? If an employer reimburses an employee for all or part of their home internet connection (or telephone or cell phone service) does that give them the right to monitor the contents of communications on these systems? The answers here are not clear, and may depend on the intersection between privacy law, federal or state wiretap laws, electronic surveillance laws, and actual and stated policies on monitoring.

Who "owns" such "personal" email? Who makes decisions about retaining it? Deleting it? Producing it? The problem is multiplied when we consider telecommuting, use of personal hardware, access to personal email through personal networks for which the company may reimburse the employee. Further complicating the matter is the fact that companies provide employees with other devices from which they may access their corporate and personal email, and these devices may or may not have the same controls on their use.

Smartphones, BlackBerries and other devices have the ability to access both personal and business communications. Who "owns" these devices, and who has a right to access the communications contained in them or transmitted through them? Will we require our employees to maintain two separate communications networks - a personal cell phone and a business one? Many companies do just that - with the result that staff members' attire begins to resemble the batman utility belt - PDA, BlackBerry, cell phone, etc.

The document production problem

The problem of document retention and destruction is complicated by the use of personal communications on corporate or government networks. As a general rule, in response to a subpoena, document demand, court order, preservation request or other legal process or obligation, a company or agency must preserve or produce any "documents" within their "possession, custody or control". But how does this relate to personal emails - particularly on those sent outside of the company email system?

The merger of personal and company business creates privacy problems for employees and production problems for employers. If a company is required to preserve or produce, for example all documents related to "the Jones matter" would that include a personal email sent by an employee on a personal email system from a home PC? Probably not, as that document is not in the "possession, custody or control" of the company. But if the employee connected to the corporate VPN when he or she sends the personal email, the situation changes. What would the company's responsibility be for, for example, an employee's diary sitting on a company desk? Does this need to be preserved and produced? "Reply hazy, try again later".

Build a business case: developing custom apps

Next page: The Karl Rove issue

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Chips are down at Broadcom: Thousands of workers laid off
Cellphone baseband device biz shuttered
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.