[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Corporate e-mail policy




On Fri, 2 Aug 1996 [email protected] wrote:

> George Kuzmowycz wrote:
> >   In an ideal world, the rest of the group would agree with me and say
> > "Yup, we have no business reading e-mail." Since that's not likely,
> > I'm looking for examples of "privacy-friendly" corporate policies
> > that I can put on the table in our meetings, and end up with a
> > minority report.  
> > 
> 
> Maybe it is only me, but I recommend "privacy-fascist" policy. This way
> employees will at least know to keep their own business out of computers
> that will be monitored by the company anyways.
> 

I think you need to take the "fascist" approach, at least officially. I 
would hope that, unofficially, you don't monitor, eavesdrop, etc., unless 
a problem requires you to. (such as receiving email from another site 
that attacks have been detected, originating from your systems, etc.)

If you don't take the "fascist" approach, you are granting employees a
"reasonable expectation of privacy", which you cannot, in truth, provide 
(without spending a lot of additional money). Once you've put your 
company in this position, you've now set them up for an employee to have 
their "privacy" violated, so you've increased the company's risk. The 
benefits of running a "privacy friendly" corporate system just don't 
outweigh the costs and risks.

If somebody wants to read alt.sex.whatever-floats-their-boat, I really
don't care, but I don't want to be in the position of ensuring their
privacy while doing so on corporate equipment; they can get their own 'net
account and play at home. 

I prefer to put out an official "fascist sysadmin's system use policy", 
and then leave users to themselves, as long as I don't get any complaints 
of illegal activity that could land my company in hot water. What you 
publish as a use policy, and what you actively enforce do not have to be 
the same.

Just my $.02.