Offline A pause in navigation

Mailboxes, privacy
and data protection

November 2000

disponibile anche in italiano

  Giancarlo Livraghi
For other comments on internet marketing
see the Netmarketing online newsletter




Generally I am quite militant about privacy and personal freedom. And I think they are also good for business. But in the case of office e-mail it’s quite clear that a company has a right to read, check and control all correspondence, by all employees, sent or received on its behalf. On the other hand employers should not be allowed to interfere with the personal life of employees or intercept their private communication. The solution is conceptually simple: separate identities.

It’s quite surprising that many companies (including some that have fairly strict procedures about almost everything) are ignoring this problem. I don’t think it’s because it gives them a right to “spy” on people. They are just being careless. Results, sometimes, are quite funny. Personal messages come with elaborate tags dictated by a corporate legal office; or with disclaimers such as “this reflects only the personal opinion of so-and-so“.

Using a corporate mailbox for personal mail is not like calling home and saying “I’ll be late at the office”. It’s like writing private correspondence on the company’s letterhead. Therefore people (if they use the net privately as well as for business) should have at least two mailboxes. That helps, by the way, to keep mail files tidy. People should also have a right (if they so choose) to use encryption for private mail to which the employer doesn’t have a key. Just as they have a private key to a drawer in their desk.

Someone could argue that people shouldn’t be encouraged to write too much personal mail from the office. But that’s a separate story. If they have time to waste they could do crossword puzzles or chat on the phone (or online). There are some ridiculous ideas around, such as the German tax authorities demanding that time spent online during work hours (or anyhow on company owned systems) be treated (and taxed) as compensation – while of course that’s impossible to measure, or even to estimate reasonably. Bureaucracy is not the answer. But separation of identities can help.

Even management should not use office mailboxes (“letterhead”) for private correspondence. And, on the other hand, senior people should be able to use protected systems in order to discuss confidential matters in a restricted environment. That’s not very easy, but “secure systems” exist and they should be used when appropriate.

It’s surprising how lackadaisical many people are about confidential matters. Taxi drivers and restaurant waiters probably know more corporate (and personal) secrets than most professional spies. E-mail, of course, travels openly on the net. And many confidential files are kept on networked computers with such poor protection that it doesn’t take a “great hacker” to read them.

Of course many companies can’t afford to manage their own server with their own security. But they should be more careful about how their systems are “hosted”. With all the hype about e-business. and the lack of expertise in most organizations, “outsourcing” can be a reasonable concept; but too many companies fall into the trap of suppliers (or software vendors) who say “don’t worry, I’ll do it all for you”. It doesn’t work; and the company’s identity, trading standards, reliability, responsibilities and relationships (as well as information that shouldn’t be revealed too soon to competitors) are in the hands of someone else. Is that a trusted and committed partner or some generic, standardized and leaky pipeline?

Security isn’t the only problem. Companies can lose control of operations and allow outsiders to warp their identities.

The internet is no short-term fad. It’s here to stay. Companies (and people) should lean to be in better control of their communication. Distinct mailboxes won’t solve all of the problems, but they are a good starting point. If we know where and how things are happening, it’s easier to know where to set the partitions. And it isn’t expensive. Anyone drawing a decent salary can afford a personal internet connection (even were “free” online services are not available). Or, even better... it’s a small cost for a company to give a personal mailbox to all its employees – and encourage them to use it. The more familiar they become with the internet at home, the more efficient they will be when they use it for business.

Home Page Gandalf