Privacy issues with email
My boss was out of town and I was managing a heavy workload by multi-tasking. One client, let’s call her “Ray”, was especially demanding and rude but since the customer is always right, I hid my frustration from her. My boss at the time was my brother and so I didn’t hold back as I explained the situation in an email. I sealed the deal with the unprofessional subject description, “Ray is a bitch,” and continued to multi-task as I hit “send” on my email, not realizing that I was sending my confidential and emotional email directly to Ray, and not to my brother. In no time at all, Ray’s lawyer fired us on Ray’s behalf. That was the end of our relationship with Ray, but for me, it was the beginning of the recognition of the potential danger of email and the importance of never doing anything like that again.
(Image: Lance Page /truthout; Adapted: D. Harvester, G. Esteves)
Email danger comes in many forms. It is easy to instantly share emails with many people, regardless of content or intended recipient. Email danger lurks at home and in the workplace and laws governing email may not be what you would assume. It is important to use common sense when using email and to be aware of the following:
Email recipients may easily compromise email privacy when forwarding emails.
In addition to passing along sensitive information, indiscriminate forwarding can also supply the contact information of all those in the email thread.
- It is usually wise to delete contact information of others before forwarding an email.
- It is important for any email sender to recognize that they do not have the power to prevent their message from reaching others but they do have the power to be extremely careful about what they put in writing in an email before hitting “send.”
Email makes it easy for us to mistakenly send an overly emotional note which may not be perceived by the recipient in the way it was intended.
The act of writing an emotional note to feel better is fine. That said, the intelligent and wise thing to do is to hold onto an emotional email overnight and to review and edit it carefully before hitting “send” when you are less emotional.
Auto-complete, emotions and multi-tasking can lead to addressing an email to the wrong person.
My story with Ray is the perfect example of all of this. I should not have sent the email when I was feeling emotional and my multi-tasking increased the chance of making an error. My email provider automatically suggests recipient names as soon as I type a letter or two and with a growing address book that includes recipients with similar email addresses, the auto-suggested addresses are often incorrect.
- It is always a good idea to confirm the recipients of your emails but it is especially critical when the email is of a confidential or emotional nature.
Emails read and sent from work may not be private.
Employers often own their electronic mail systems and are legally entitled to review and monitor the contents. This applies to both personal and work-related emails and includes web-based accounts such as Yahoo and Hotmail as well as instant messages. Examples of workplace privacy court cases that were decided in the employer’s favor include Bourke v. Nissan, Smyth v. Pillsbury, and Shoars v. Epson.
Deleted emails are often still accessible.
- In the workplace, deleted content such as emails may be permanently “backed up” with other important information from the computer system and at home or on any hard drive, deleted emails may be retrieved and restored in various ways. For example, on AOL, deleted mail goes into a “recently deleted mail” folder where it can be easily located, restored and then viewed. There are software programs that easily recover deleted emails as well as other deleted items on a hard drive.
- If an employer’s email system has an option for marking messages as “private”, this does not guarantee that the messages will remain confidential. There are exceptions to this but the case of Smyth v. Pillsbury shows how there cannot be an assured guarantee of privacy in the workplace.
- Emails, like the rest of the items on the Internet, are subject to unauthorized access from hackers. For example, intelligent software can easily access email content via an unprotected router. Pertinent information in the “subject” field can further increase the risk of compromise. For example, a subject of “credit card info” may easily signal an email that’s worth hacking. To be safe, it is a good idea to avoid including important information such as bank accounts, credit card numbers, birth certificates and social security numbers in any email.
Information hosted by a “cloud” provider may allow the provider access to your data.
“The cloud” refers to the storing of data on line via a provider such as Google (gmail) or Amazon instead of on the hard drive of a computer, for example. Cloud storage enables one to access their data from any computer or device such as an iPad or cell phone and this serves backup purposes as well as the ability to easily access the information from anywhere in the world.
- Since some cloud providers have rights to the data they store, it is important to select cloud providers carefully. Understand the cloud provider’s rights to your data and be aware of terms of service and privacy policies before using cloud services. This applies to secondary platforms as well since services may be hosted by a secondary provider as in the case of Amazon hosting Netflix.
- Since privacy may be compromised by storing information in the cloud, it is best to avoid storing highly confidential information such as birth certificates, tax returns and other important documents in the cloud.
Emails stored on line and in “the cloud” may be intentionally intercepted by the government and by law enforcement without a search warrant or judicial approval.
- The Electronic Communications Privacy Act (ECPA) allows police access to Americans’ e-mail, or documents stored online that are more than six months old, without having to acquire a judge’s permission, as long as the authorities deem it relevant to a criminal investigation. ECPA was created in 1986 and has not been updated to align with current technology thus providing limited protection for citizens. Furthermore, in an attempt to prevent and thwart terrorism and crime, the USA Patriot Act also inhibits the privacy of US citizens.
- The USA Patriot Act was passed shortly after the September 11th, 2001 attacks on the World Trade Center and the Pentagon. In May of 2011, the Patriot Act was extended by President Obama as an attempt to deter terrorist acts in the United States and around the world and to enhance law enforcement investigatory tools. Its purpose includes, but is not limited to, allowing the government access to emails (and other communications and documentation) without judicial permission.
Long after an email has been deleted it may be available for others to access and read. Encryption software can make the message unreadable by those that were not intended to read the message, but the most prudent advice is to avoid putting things into an email that you do not want others to see. Since emails may ultimately get into the hands of unintended recipients, one should always consider the risk of privacy invasion when using electronic communications.
Thanks for the reminder of how potentially dangerous E-mail can be, especially for those of us who enjoy “expressing” ourselves through the written word. It is so easy to forget the sharable nature of E-mail. You are not alone in your multi-tasking mishap. Been there…done worse!
As always – well researched and important to read! I have a colleague who received an incredibly emotional and hurtful email. The impact of those words will forever haunt her and the damage for the sender appears irreparable. Like you, the sender has learned a hard lesson.
Keep up the great work Hayley!
Once again you have excelled in your research and have written wisely on something we should all be absolutely aware of. Thank you. I look forward to your next blog!
wish i had known all this years ago! good reminder about birth certificates: kids sports teams ask for copies of these all the time; best to redact all but birthdates before you submit them!
Thank you again for providing valuable tips on safeguarding our emails. I will certainly be more careful next time before I hit the send button. I’m sorry you had to learn through a very expensive lesson 🙁
Thank you for your informative article. I learned something about icloud storing.
Didn’t know about the government access until I read your article. They probably won’t be accessing my emails about the Parent Association at Sydney’s school, but your blog is a good reminder that I have to think twice before I hit the send button …
Hayley… the more I read your blog… the more I realize that eventually there won’t be such thing as “privacy” at work! at least not in the bottom and middle level management
Multi-tasking is over-rated! Like you said: I think the most important thing is to think before hitting that send button.
Great article, I hadn’t realized that I’d become rather lax in this area, so this was a very timely reminder.
Excellent reminder of important email protocols.
Very informative!