Do you know what your IT department is doing?
CNET reports that companies are increasing their monitoring of employee e-mail. This is going way beyond just having a policy allowing it; over 60% of larger companies surveyed say their staff will read or otherwise analyze outgoing email. (The actual study from a software vendor is available here; caveat emptor).
The study found that:
[C]ompanies are concerned about making sure e-mail isn’t used to leak company trade secrets or other intellectual property, and about complying with financial disclosure regulations. Another factor is preventing confidential internal memos from getting zapped outside the company….
The Wall Street Journal notes ($?) further:
As this debate gets sorted out, employers are getting more serious about employees’ Web habits. An American Management Association/ePolicy Institute study released last month found that 76% of companies surveyed monitored employee Web use. Sixty-five percent used software to block connections to certain sites, up sharply from 2001. Last year, a separate AMA/ePolicy study found 50% of workplace IM users have sent or received “risky” messages â€“ such as attachments, confidential information or potentially offensive content.
Denise Howell previously announced that her firm Reed Smith and DolphinSearch have collaborated on a product called ComplianSeek, which seems to be a narrowly designed solution targeted at retention requirements imposed upon investment advisers by federal law.
Have companies or firms employing IT personnel to physically monitor outgoing messages thought this through completely? What about employee privacy protections afforded by federal or state law for personal information (SSN or health, for example)? Or what if Joe in IT sees the memo from the GC to Big Firm partner seeking counsel on a proposed acquisition of a public company–or on legal aspects of a major downsizing that includes the IT department? Did these same companies have the mail room steam open letters when we only communicated by written correspondence? Or record telephone conversations for later transcribing?
Some form of smartly targeted automated scanning of messages may be in the cards for some companies in certain circumstances. But if I am a CEO of a company under withering international competition, I really want to question hiring more IT staff to read and report on outgoing email. Technology suddenly isn’t the promised panacea at that point.
And one more thing that always troubles me: who will watch the watchers?