[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Corporate e-mail policy
The company I work for has set up a committee to draft a security
policy involving, among other things, e-mail. Since I'm responsible
for our networking and e-mail, I'm part of this group. Unfortunately,
I'm outnumbered by legal, auditing and HR types who, basically, want
to have access to everything.
I am aware that there's a line of thinking which holds that what you
do or say on company time, using company equipment is the company's
business. I do not subscribe to this line of thinking, and believe
that employees expect a "zone of privacy" in which their telephone
calls will not be listened to and their e-mail will not be read or
monitored. I am also aware that recent court cases have not
supported this "zone of privacy" and have pretty much held that the
employer can do whatever it wants with e-mail.
What I want out of this process is to keep myself and my staff out
of this business. As a practical matter, I'm sure the company could
bring in a hired gun to do whatever they want; since our e-mail
system does not easily support strong crypto, it's all there for the
taking.
In an ideal world, the rest of the group would agree with me and say
"Yup, we have no business reading e-mail." Since that's not likely,
I'm looking for examples of "privacy-friendly" corporate policies
that I can put on the table in our meetings, and end up with a
minority report.
-gk-