Can your employer read your personal emails?

Published by on April 7, 2016 in VPN & Privacy

According to an upcoming survey from the Comparitech.com team, 53% of the working British public think their employer should have no right to read any personal messages sent via corporate email accounts or across workplace networks.

Additionally, just over one in three of the 1,000 respondents thought the monitoring of their private messages at work was illegal.

But what does the law say?

Unfortunately for them, that is not actually the case.

According to the UK government’s own website, employers may monitor their staff in a number of ways, including checking their web browsing history and all emails sent and received.

One caveat here is that such monitoring is only permitted if the employer has disclosed that it may take place, via a contract of employment, or via its publicised policies and procedures.

An employee does, however, have the right to resign and claim constructive dismissal should such monitoring take place without their knowledge, though the emphasis will be on them to prove they had not been informed that such monitoring could take place.

A recent European Court of Human Rights ruling clarifies things further.

When a Romanian man challenged his dismissal, which came about after his employer accessed private messages sent via Yahoo Mail during working hours, the court responded by saying it was not “unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours”.

In addition to the legal situation, there are several other points to think about when sending personal messages at work. Read on to learn what else you need to consider.

stockfresh_5348431_cellphone-isolated-over-laptop-keyboard_sizeS

Can an employer access emails sent via the corporate network if I use my personal account?

As already mentioned, it is highly likely that your employer has a legal right to access any information you transfer across its networks.

Whether it has the technical ability to do so or not is not so clear cut though.

Depending upon the email or webmail client you are using, your communications may or may not be encrypted.

If they are, great, but you need to remember that monitoring software will still recognise that you have accessed your email account, even if it cannot identify the content of the messages you send or receive.

If your email service does not employ encryption, assume all your emails can and will be read.

When I access my personal email account for the first time at work, can my employer read any old messages in my inbox or sent folder?

Again, the answer is maybe, and will depend on how your employer’s servers are configured and whether or not your messaging service employs encryption.

The safest best is to assume that every message in your account is fair game.

I’ve already sent personal emails across my employer’s network – how long does it take for them to be removed?

That’s a good question for which there isn’t an equally good answer – every company configures its servers differently. What that means is there is no time limit in respect to information no longer being stored.

Messages sent and received could be archived for a day, a week, a month or longer.

To put things into perspective, my previous employer’s email policy stated that all messages would be archived for eternity.

I got caught out by Google’s recent April Fools prank and need to delete the message – is that possible?

First of all, the good news: you’re not alone, that ill-thought out prank caused more than a few headaches for a great many people.

Now for the bad news: deleting a message that has already been sent offers no guarantees that it hasn’t already been received (and read) by the recipient(s). Not only that, but there is also every chance that the corporate network has been backed up, potentially many times.

It sounds obvious, and patently patronising, but you really should think twice before hitting that ‘Send’ button.

Oh, and on that topic, also check your use of ‘Reply to All;’ the biggest ever facilitator of email faux pas and data leakage ever.

This all sounds rather scary – is there anything I can do to protect my personal email communications?

Yes: encryption.

As mentioned earlier, encryption most likely won’t prevent your employer from knowing you’ve sent or received personal messages but it should ensure the content of those emails remains private.

We’ve already covered how you can encrypt and protect your email in a previous article. Read that now to learn how you can enhance your privacy with Gmail, webmail, Outlook, iOs, Android and OS X email services.

Do you have any other tips about email privacy at work?

As we mentioned in the press release accompanying our survey results, you should:

  • Check your employment contract and company policies and procedures to understand whether your personal emails can be read
  • If in doubt, assume everything sent and received on your corporate email account will be monitored and accessed by your employer
  • If you must send personal email at work, consider signing up for an encrypted webmail account (if permitted)
  • Better yet, always use your own personal device, connected to your own mobile account, not the corporate Wi-Fi network

Leave a Reply

Your email address will not be published. Required fields are marked *