Boss and E-mail

Jibbs

Hey guys, I have a guestion. My boss "the owner of the company" recently just had a staff meeting, luckily I wasn't able to attend on the day he had it. However, at the staff meeting he told everyone that he wanted the password to their e-mail address for the company. He wants to be able to check our e-mails to make sure we aren't sending inappropriate msgs out to each other or talking to other companies. I know that in the past, or so I have been told that he has fired people because of things he has found in their e-mails. I have yet to give him my password becuase I feel that this is just wrong of him to do, and I was also wondering if it was illegal. I know he owns the company and the e-mail is through the company, however, it is our personal e-mail acount and I feel that it is invasion of privacy to check our e-mail whenever he wants, and especially to fire people because of it. Just wondering if anyone else has ever had this happen to them, or if this is illegal in any way. Thanks.

gorebrush

Pretty sure that it is not illegal if it is company policy.

However, there are other ways to accomplish this without creating a massive hole in the companies security.

"Full Mailbox Access" is a permission that exists on all Active Directory user accounts. If he wished, he could have this granted for every mailbox, and then simply add each mailbox in Outlook.

DefendingNetworks

I think since it is company email, probably using company computers, they can make an polices they want. Now they can't make you give them your "personal" email such as gmail password, etc.

DefendingNetworks

gorebrush wrote:

Pretty sure that it is not illegal if it is company policy.

However, there are other ways to accomplish this without creating a massive hole in the companies security.

"Full Mailbox Access" is a permission that exists on all Active Directory user accounts. If he wished, he could have this granted for every mailbox, and then simply add each mailbox in Outlook.

IF they are running exchange. We aren't and we have around 150 emails. Yea I know, not my choice, but we have two locations and not a big enough pipe between the two locations to allow exchange. Both places have cable internet with different service providers (2 hrs apart)

bjaxx

Jibbs wrote:

Hey guys, I have a guestion. My boss "the owner of the company" recently just had a staff meeting, luckily I wasn't able to attend on the day he had it. However, at the staff meeting he told everyone that he wanted the password to their e-mail address for the company. He wants to be able to check our e-mails to make sure we aren't sending inappropriate msgs out to each other or talking to other companies. I know that in the past, or so I have been told that he has fired people because of things he has found in their e-mails. I have yet to give him my password becuase I feel that this is just wrong of him to do, and I was also wondering if it was illegal. I know he owns the company and the e-mail is through the company, however, it is our personal e-mail acount and I feel that it is invasion of privacy to check our e-mail whenever he wants, and especially to fire people because of it. Just wondering if anyone else has ever had this happen to them, or if this is illegal in any way. Thanks.

what a f-ing joke, doesn't he have anything better to do? Maybe go out and find some new business..

take the best advice you will ever get, find a new job!

gorebrush

DefendingNetworks wrote:

gorebrush wrote:

Pretty sure that it is not illegal if it is company policy.

However, there are other ways to accomplish this without creating a massive hole in the companies security.

"Full Mailbox Access" is a permission that exists on all Active Directory user accounts. If he wished, he could have this granted for every mailbox, and then simply add each mailbox in Outlook.

IF they are running exchange. We aren't and we have around 150 emails. Yea I know, not my choice, but we have two locations and not a big enough pipe between the two locations to allow exchange. Both places have cable internet with different service providers (2 hrs apart)

Ouch

We have Exchange for around 150 users across 3 sites, and also a lot of mobile users.

Personally, I wouldn't use anything else.... but then I am fortunate that I am in control of these things.

I will be pushing for Exchange 2007 shortly.

billyr

As the company owns the equipment etc. It is probably legal.

However now that more than just the user knows the log on details and password to their account, your boss will be opening himself up to a bit of a legal minefield if he ever tried to prove that it was the user who actually sent an e-mail outwith company policy guidelines.

The same reason why we allow users to set their own logon passwords to the domain etc.

Echoing the previous post, do yourself a favour and start exploring other avenues of employment.

empc4000xl

You have to check company polices. I'm sure its not a "managers" job to be able to check personal emails unless its a company policy, and then on top of that he shouldn't be able to check it at his desk without someone from information assurance or HR if your company doesn't have that level of functionality. Him having access to your box with your username and password he can do malicious stuff and then you take the blame for it. I've seen guys loose there security clearance and things of that nature because they thought they had access. Check with your companies policy and HR. If he wants to be able to see what you are doing find a way where he can have access to your mailbox in that form.

Kaminsky

bjaxx wrote:

what a ... joke, doesn't he have anything better to do? Maybe go out and find some new business..

take the best advice you will ever get, find a new job!

/agree

He is a monster paranoid micro manager. You will only learn the bad way of doing things under him.

It is not illegal to read employees email and it is not an invasion of privacy. However, it is not a very good way to run a company. Where is the trust in your employees and why should they work hard for him if they all think he is out to get them. Maybe it is just some weird scare tactic to make people behave themselves with their email.

Personally, I would be having none of it.

stupidboy

Obviously he has little fulfil his time and justify his salary.

IIRC - If access is required then by all means he can check, however, without an AUP there is nothing that he can do with this information. You could have e-mails calling your boss all the names under the sun and without an AUP he can't do anything (although I do not suggest you try this out).

Someone please correct me if I am wrong, but I did have this discussion with an IT manager sometime ago when he asked me to poke through peoples mail accounts.

If there is no framework at current, how can you know what is right and wrong?

kctxau

"I know he owns the company and the e-mail is through the company, however, it is our personal e-mail acount and I feel that it is invasion of privacy to check our e-mail whenever he wants, and especially to fire people because of it."
No, it is your COMPANY email account, and yes, it is legal for him to do so. If you wish to communicate inappropriate/non-company related/personal emails, use your web account ie yahoo mail etc. That is, providing there is no company policy regarding internet usage for non business related material. Besides, you are there because you were hired to help with company business only. Any other benefits such as internet usage/email usage/telephone usage that are non-company business related, are a "LUXURY" provided by the company, not a "RIGHT". As far as looking for another job that will allow you personal access/privacy, that may be a difficult personal requirement to interview with.
Remember also, that even your home email only has privacy......untill someone in the legal system decides they want to see it. (those emails through a service provider are typicaly retained for 90-180 days on the backup systems....including web site visits)

blargoe

It is legal for him to do that. Also, depending on where you live they can fire you for any reason anyway. But it is the company's data, to use however they wish.

HOWEVER, if I were in the position of working for such a jerk that had nothing better to do than be threatening like that, foolishly requiring all of your passwords and reading your email, I'd be finding different work. I could not work in that kind of environment.

seuss_ssues

This is not that uncommon. Stupid thing that he did was go out and ask for passwords rather than making it company policy that all computer usage may be monitored. He should have then went to the IT staff and had them set it up so that he could view it.

eMeS

I agree with the consensus that reading your emails created during the course of work are company property, and they are well within their legal means to view the data.

However, given the method your boss has chosen to read emails requires your password (and userid), I believe that both moral and potentially legal lines have been crossed.

My point is this...when he uses your userid and password, he is signing onto the email system as you, and can therefore not only read emails, but send them as well. In a sense, he is assuming your identity when he signs onto email.

The problem with this is not reading your emails. The problem is what other actions could he take signed onto email as you? Could he send threatening emails to someone? How would you prove to law enforcement that you were not the person that sent the threatening emails in such a scenario?

Not only would I say no to this type of request, I would immediately leave that company. I know there are always many reasons why people can't just pick up anchor and leave. In this case, those reasons are clearly outweighed by the potential difficulties this person could cause you if he abused the ability to access your email account.

If your boss were smarter he would know that he could read everyone's email at the server level, rather than having to individually log into each one. If he were even smarter he would undestand that the only way to success in business is to focus on results.

By doing what he proposes, not only does he open you up to potential damages, he could potentially cause problems for himself (e.g., girl at work says guy sent suggestive emails, guy claims that he didn't and that because the boss had access to his email account, that there is reasonable doubt as to who did it. Girl's attorney's don't care and sues everyone...)

Also, why not just have a policy that he be cc'd on every message? Seems simpler.

Personally, I have enough of my own email...why would I want to log in and read anyone else's?

I'd get a smarter boss that's a little more focused on results...

MS

kctxau

Regardless of whether it is smart, moraly ethical, stupid, unfair, unsafe or whatever, if it is a company supported/enforced policy, you have the choice to accept it by their rules or move on. After 20 years of working with state agency/corporations regarding mailed/emailed/telephoned communication investigations, I can assure you, no matter if you feel you are right and they are wrong, you will run out of money for attorneys loooooong before they do.

wedge1988

Tell him to read the Data Protection Act. http://www.opsi.gov.uk/Acts/Acts1998/ukpga_19980029_en_1

Obviously this only applies if you live in the UK. But its basis is to protect personal and institutional data from harm or non-genuine editing.

Im sure he would love you if you told him to read it before he starts looking into personal e-mails!

tiersten

Assuming it is done properly then yes, a company is generally allowed to monitor whatever you do during company time on company property in most countries. If the account is your work email account then the company will have full access to it. If you want to do things in your private email account then do it at home and not at work.

At the end of the day, if you don't like this policy then you'll have to leave and go somewhere else.

coffeeking

All he had to do to achieve his goal was to come up with some sort of monitoring system, there is plenty out there, may be you should tell him about them, since he seem to have his mind occupied with wrong stuff.

As many other have suggested, do not give it out mate, you don't want to deal with consequences.

I am sure all your co-workers are hating him for what he did.

What I wonder, and I have seen this happen, is that how come these kind of people make it to the positions they hold; for a manager to do this, come on!

RobertKaucher

eMeS wrote:

I agree with the consensus that reading your emails created during the course of work are company property, and they are well within their legal means to view the data.

However, given the method your boss has chosen to read emails requires your password (and userid), I believe that both moral and potentially legal lines have been crossed.

My point is this...when he uses your userid and password, he is signing onto the email system as you, and can therefore not only read emails, but send them as well. In a sense, he is assuming your identity when he signs onto email.

Have to agree with this. This actually breaks the chain of evidence if something does occur and these emails need to be dredged up in a legal battle. Who actually sent the email? Was is Bob or Bob's boss? How can we prove that another individual was not able to gain access to the passwords? They must be written down some place... surely he cannot remember 150 passwords.

I would be concerned about entrusting my identity and reputation to an individual who does not have even a small understanding of the potential ethical issues involved. Reading your emails is one thing, demanding the right to potentially impersonate you is another.

Kasor

As long as the email account is belong the company, then the company had the right to review the email content.

Remember, you are thinking to much. Email is to help you to compute with your co-worker and business related issues. So, keep all your personal issues at your personal email (yahoo, hotmail, gmail....) Too easy..

Daniel333

Perfectly legal, required in banking! Seriously.

We decided to mess with a manager we knew was reading our email a few years back. Ending up sending emails of jibberish, copy pasted foreign languages that we did speak back and forward. Ended up writing actual emails in Word, locked it. Then placed it in an encypted Zip file. Funny as heck when asked us to stop it and to take it seriously.