Is it legal for a company to access emplyees mailboxes without their knowledge
I came across some email threads between two high rank employees of a bog corporation. They were talking about "quietly" login in to employees mailboxes and monitor their mail.
Is this legal ? I am not sure if they have to notify the employee or not.
Any link or any input would be appreciated.
Is this legal ? I am not sure if they have to notify the employee or not.
Any link or any input would be appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You're welcome. Make sure you don't get into trouble by revealing this to the wrong people (meaning people who would not be authorized to know this themselves).
You should make sure what laws apply. Those might be different depending on what Country you live in.
In any case, you should fix the rules on paper and let everyone know.
Example for something that happened in Germany (our pentesters made us aware of that): employees were told not to do private e-mails at all, so it was forbidden but not written down, instead they were just being told by word of mouth.
An employee's mailbox was searched to find some important attachment in his absence. He became aware of that and though he did not have a problem with that particular search reason, he had a problem with his mailbox being searched without his consent, so went to court and won. The admin had to pay a fine.
In any case, you should fix the rules on paper and let everyone know.
Example for something that happened in Germany (our pentesters made us aware of that): employees were told not to do private e-mails at all, so it was forbidden but not written down, instead they were just being told by word of mouth.
An employee's mailbox was searched to find some important attachment in his absence. He became aware of that and though he did not have a problem with that particular search reason, he had a problem with his mailbox being searched without his consent, so went to court and won. The admin had to pay a fine.
correct, it depeds in which jurisdication you are living. In most of Europe its not just, the company owns the server and thus all the data inside it, and therefore they can search.
In Europe the companies ARENT allowed to look in peaoples e-mail boxes even in official ones. Same also can apply to users home directories or private files on PCs.
Also secret VNC monitoring or logging of internet usage are illegal in most of Europe.
So you need to look at the laws in place in your country regarding this kind of stuff, if unsurfe consult the legal department of your organization.
In Europe the companies ARENT allowed to look in peaoples e-mail boxes even in official ones. Same also can apply to users home directories or private files on PCs.
Also secret VNC monitoring or logging of internet usage are illegal in most of Europe.
So you need to look at the laws in place in your country regarding this kind of stuff, if unsurfe consult the legal department of your organization.
Yup - this is jurisdictional - in many jurisdictions, you can do this provided the employee is on notice (has signed a contract that explicitly says the email system, computers, and any web access is considered company property, for company use, and is subject to inspection at any time for any purpose). In some, it is only ok for operational purposes (so you can inspect mail for antivirus/antitrojan, or to fix an issue, but not to see if a company document is attached someplace).
You need to check with a lawyer familiar with your local law, rather than an international site like EE :D
You need to check with a lawyer familiar with your local law, rather than an international site like EE :D
ASKER