Slashdot Mirror
Where is the Line on Email Privacy?
"It could be interpreted that the company is looking for evidence of impropriety or dishonesty on the part of the prior employee, but there was never a question before the sudden termination to suggest anything out of the ordinary was ongoing. I am such an admin. I am ready to allow access to the company requesting it. Several details are bugging me though. First, I have never been asked for access to any other terminated employees' email. Second, I recently inquired about preserving email for a different employee and got the short answer that all company ties had to be completely terminated. Third, the server is not owned by the company in question. I'm completely (other than the following item) independent of the company. Fourth, it's my relative's account.
I've simply not responded so far, but how far do I go? I'm not an ISP and I don't have agreements with the users. I'm also not the IT dept.
Has anyone else had anything remotely similar, and if so; how did you respond?"
If the email account in question is a work account provided to the employee by the company for work use, then the contents of the account are normally the property of the company, not the employee. Normally, the employee should not be using the account for personal use anyway, so any violations of his privacy are his own fault. Business email accounts generally contain a lot of valuable information pertaining to the job of the former employee which the company is perfectly entitled to recover.
If I seem short sighted, it is because I stand on the shoulders of midgets
If the employee's contract, like mine, states that the company owns all e-mail communication then they owns it.
Kids today are tyrants. They contradict their parent, gobble their food, and tyrannize their teachers. - Socrates 400 BC
I'm providing some of those services to some smaller bussines. If I've got information that some user is not longer working for that company, I would delete/remove all the data associated with him same moment. There is few catches about it, but as sooner You remove them, the less chance is to end up with some horny manager asking for mail from cute secretary which was fired. To sum up, I'll go with "right on time" removal of all former employee data, and in case employee still HAS account/data in my system, then customer have any right to see it since they ARE paying for it. I'm not going ethical into these things, I'm selling services...
Sinisa
I work for a shared website hosting company, our policy is that the entity paying for the site and the mailboxes owns them, in this case the company.
How they choose to use the mail boxes is their business. Trying to override your customers idea of correct policy towards their staff will only cost you their business and the resulting bad reputation will hurt you.
My sympathies if its your relative, you could always lie and say that the box was deleted when the employee left.
Does that company now have access to the email even though there is no written contract nor technology use policy?
me look left
me look right
me still sees no lawyers.
This is an ethical or moral or legal question (depending on your particular viewpoint).
Slashdot, to the extent it's not a troll-fest and crap-flooder's convention, is a technical forum.
That said, this techie's understanding of the relevant law is that an employee's email, as any other work-product, belongs to the company that paid for the email account and paid the employee for the time the employee spent producing the email.
On the other hand, at one time and place -- Feudal Europe -- "employers" thought they also had the right of droit du seigneur too, so we shouldn't fall into the trap of believing that something is right just because it's legal.
Perhaps by asserting that privacy trumps payment you'll be striking a blow for freedom that will be remembered, centuries from now, as the beginning of our liberation from employers who today claim that they can lock employees in warehouses, denying them medical attention or can strip search workers accused of theft.
Opinions on the Twiddler2 hand-held keyboard?
Hi,
As resident information officer for my little company, I've had both legal advice (in UK) and experience of similar situations.
First off, the paperwork you need to worry about is the stuff between you (3rd party email services provider) and your customer (the company). What the company did or didn't say to the employee isn't really your problem - although it is their problem.
Now, ideally, your contract, or your services schedule would contain something saying just what happens in this situation. If not - now's the time to add it!
I would think that if the company phoned up and said 'sorry to be thick but I've forgotten the password for account xyz can you reset it?' then you'd do that, because handling lost or forgotten passwords is what you as service provider do.
And that, basically is what has happened. Now, it _may be_ that the company actually promised the employee that it wouldn't read their old email once they'd left (a somewhat odd promise anyway). But, that's not your problem. You aren't helping the company break its promise, because you don't know about it's promise.
More importantly it's NOT YOUR PLACE to determine your customer's privacy policies. That's actually quite important because your customers are (under UK law) liable for YOUR decisions regarding privacy. In order to deal with that liability your customers need to know what you will do in a given situation, and simply turning round and saying 'sorry dude I'm not going to tell you that' isn't good enough. A privacy policy that's too strict is just as bad as one that's too loose.
That last sentence may seem odd, but consider this. Your customer is liable under the UK Data Protection Act for any personal information it holds. Now, just before Employee left the company, someone sent a copy of their CV to Employee on the off chance of getting a job. Now, that CV is sensitive personal information, and Company MUST be able to access it and/or remove it if the author of the CV so requests.
So, it's no good them saying 'sorry, we can't delete your CV from our mail server because our ISP won't let us, so I guess it'll just hang around on the hard disk for ages until some guy somewhere with a root password takes a look at it'.
No good at all, you see?
So, my advice is:
1) Don't play 'privacy hero' and decide what your customers can and can't do.
2) Get some data protection rules into your contracts asap.
3) Meanwhile act assuming that the customer is honest and decent - if they aren't it won't be your fault, but if you pre-judge them as evil spying people then it will be your fault
-----
Okay, if it was a personal account it would be different. But come on! Personal email addressses are a dime a dozen - who would use their work email address for personal things if they didn't want their employer to be able to read them?
and any data protection/human rights/RIPE style laws in place.
In the UK, I think the answer would be know with a policy document that the 'user' has agreed to. This of course is still open to question as the UK human rights law and RIPE laws currently contradict each other on this. So until a court decides which has precident it's unclear.
How about you make a (verified) copy of the mailbox in question and (secretly) keep a copy on CD. Send a copy to the employee. Delete the mailbox.
Contact the company and say that as the employee was termintated you (following standard procedure) removed the mailbox and sent a copy to the 'mailbox owner', the employee.
Say you may be able to recover some data if they have a legal case for it.
You should then act on what they say, but you have something in writing to prevent you being sued by the employee for releasing personal data as you can counter sue the company for misleading you.
No IANAL
Slightly off-topic this, the company I work for hosts the website and e-mail for its parent company. Now before we got them a domain name and standardised their email accounts, they used various personal accounts, most of them been Hotmail or AOL.
:-)
Since they started using our server, management (including the CEO) insisted they keep the Hotmail accounts going in case we start to read confidential mails, never mind the unknown script kiddies who (attempt to) break into Hotmail 24/7
As far as security within technology goes, some people in management really have no idea... It makes me wonder what goes on in their heads!
no other way to check it out.
geez, why do people have to ask these things from slashdot?? ALL YOU GET IS OPINIONS ON HOW IT SHOULD BE, NOT THE CURRENT STATE OF THE LAWS IN THE COUNTRY YOU'RE IN.
for example there are countries in which you CAN NOT read employees email legally unless you have explicitly said&informed that you will read it when you gave that account to him/her(or along those lines anyways, and it must have been very clearly said/informed to the person in question that the mail isn't private despite being protected by a password and seeming to be for his/her eyes only, otherwise it's the same as receiving a letter with the employees name at the office, falling under 'letter secrecy'.). same goes for other 'private' material like tracking calls against the will of the employee(even if the business is paying for the line)..
one of the very good reasons for laws to exist is to make limits on what rights of yours you can give away... businesses don't come before people!
world was created 5 seconds before this post as it is.
-The law. You should have a lawyer, as a company. Use "it". Law _always_ _always_ _always_ supersedes business arrangements, policies, whatever.
-Your contractual obligations and anything you've committed yourself to. See #1.
And you could argue about the following:
-Your customer's needs, your conscience, your reputation, etc etc etc.
Cole's Law: Thinly sliced cabbage
There's no reason to divulge personal or private correspondence, but there's also no reason not to turn over work related information. Keep whatever you do quiet, and I suspect you'd be perfectly fine legally as well. And, if the company in question knows the relation between you and the former employee, I dare say they're going to practically expect you to filter the email beforehand anyways.
Whoever pays the bills gets access to whatever accounts they're paying for. Your deal is with them, not their employees. The fact they even have employees is irrelevant as far as you're concerned.
Opportunity knocks. Karma hunts you down.
If you were in your relative's shoes, and he was the admin for the company, what would you want him to do for you?
I think you could think of this another way. Do you think phone conversations should be private?? Would you want the company you worked for taping all your conversations??
The company could be on a fishing expidition for all you know, looking for a way to get back at your relative.
Corporate morality is nonexistant in today's world.
If they owned the computer hardware, then they would have a powerful arguement for owning the emails. But according to your question, _you_ own the hardware.
If I were an ISP for that company, I would tell them to get a court order. I would do the same if I were playing admin for them.
I would respond to them in writing/certified mail that you need to protect yourself legally, and request politely that they do things "officially" and get a court order.
If they decide to no longer use your services and let you go, then you never needed their business in the first place. I would send a letter to them acknowledging the cessation of a business relationship. Then _with out reading the emails_ I would delete them, as there is no longer a business relationship with the company, and you no longer need them for any reason. Don't tell them that in the letter BTW, just do it.
They could threaten to sue you, in which case you no longer need their business. Call a lawyer. Have him send a certified letter to them explaining that you are immediately severing your business relationship and ask the lawyer how long you should hold on to the emails (I would guess thirty days, if not seven)and then delete them.
If they deliver a court order, obey it, and hope that you have an honest relative. Have him get a lawyer in any event.
Above all, keep yourself clean, honest, and do nothing that you will not be afraid to tell about in a court of law later without perjurying yourself.
I Am Not A Lawyer, and this is not meant as legal advice. Get a lawyer before doing any of this It's just one pal chatting with another about opinions on how to keep your nose clean.
If the bottom falls out, and everything goes to pot, sue slashdot for letting you ask the question in the first place before telling you to get a lawyer.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Most significantly, if the account was used for external business contacts, they'l like to continue the contacts, handle any incoming e-mail, etc.
Really, it bouls down to how you see your "customers". Is it primarily the company, or primarily the individuals?
I might forward any unread mail and set up a permanent future forwarding, but not provide the password to the mail account itself, so the company can't pretend that Mr.X is stll working there, but others can see that Ms.Y is taking over.
Alternatively, bounce all of Mr.X's e-mail with a message to contact Ms.Y instead.
If I felt there was something funny about the request and didn't think Mr.X was going to go on a vandalism rampage, I might have a quiet word with Mr.X before forwarding the e-mails. It's not like he couldn't have done anything he was going to do between the firing and the company telling you about it, after all...
Looks like the courts in Finland just upheld a legislation barring an employer from reading employee e-mails. Couldn't find an announcement in English, nor are the translation tools too good, so you'll have to take my word for it. So they're faring well.
Marxist evolution is just N generations away!
1) Whatever you do will set a precedent, so keep that in mind. Saying "No" seems to your benefit, since saying "Yes" could set a pattern and they could expect more in the future.
2) Have you actually told them you still have the data? If so, this may not have been wise. As long as they don't know if the data still exists, they can push for it. If they don't know, they're reaching in the dark. This may be a good reason to start a policy of deleting accounts whenever you've received notice an employee is fired or whenever a client stops taking your services.
3) Get a lawyer. Why? This WILL be a precedent, if not for others, for this company. If they get what they want now, they may start asking to check everyone's email account and, eventually, they might go so far as to expect you to provide them with access to all accounts. You need to find out if you have a right to refuse the request. The best news that you could get would be a lawyer telling you that you either a) don't have to provide the data, or b) are not allowed to provide the data.
4) As said above (2 times), this will set a precedent, no matter what. In my experience, whenever someone asks for a special service, that isn't the end. It's not long before they ask for a repeat, and, once they've broken down that boundary, they ask for more and more. If you do decide to provide them access, or you find out you have to give them access, if possible you SHOULD charge for the service. Otherwise, they won't see this as as an item with value. By charging, you are setting a limit and taking steps to make sure they don't just keep asking for and expecting you to do more and more for them.
Where does the independent hoster look for guidance on something such as this?
Not Slashdot, hopefully. *My* advice to you is, talk to your lawyer before proceeding.
You probably have a contract with the company that your are providing hosting for, not the employee. But you (and your lawyer) will probably need to go over your TOS before granting or refusing access.
When you are a small provider, word of mouth counts for a lot. And getting on your customer's bad side will probably cost you.
Once again, talk to a lawyer before taking action.
Sidenote: Do you think anything in your relative's mailbox might harm him? Have you talked to him? Could they forge emails so it looks like he's the one sending them?
Always keep your personal and business email accounts separate. If you can have them on different domains, better. Even if you own the business, that might not be the case tomorrow.
No sig
IANAL and I am not familiar with US Law but in Europe and in Germany there is something called the Datenshutzgesetz (Data Protection Law) which prevents a business from accessing any such info without permission. It is also illegal to check the URL's that staff browsed and so on.
:)
Basically digging through mail is considered the same as placing a wiretap on his phone: A definite no-no.
What we here do is to ask our new employees to sign a document that we make a copy of all mail that comes in to their account and treat it as normal business correspondence. Never had any problem with it and it is quite clear that we need to have access to old business mail.
That one particular mailbox is getting pretty damn large though
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
Traditional UNIX sysadmin ethics prohibit snooping in email for any reason. Snooping files and traffic is similarly verboten, except debateably (ulimit) in the case of excessive resource usage. This was done to increase user confidence and frank discussions in electronic media.
Current capitalist thinking is whoever pays, owns. This is pushed because email has proven to be very popular, frank and valuable. A victim of it's own success.
Personally, I did snoop in my wife's email. That's why she's now my ex. Neither qualms nor regrets.
And hopefully, your third mistake will NOT be hosting another company's mail or whatever without a written agreement and AUP.
That being said: If the person using the mailbox was an employee of the co. paying for it, easy call: the contents belong to the employer. If the mailbox user was a contractor or, worse still, an unconnected third party, privacy and/or copyright and/or trade secret laws could apply and things could get very sticky. In which case you may be best off doing as some earlier posters suggested, causing the server to "forget" it ever had mail in that box, then forgetting about it yourself. IANAL, blah blah blah.
Life is like surrealism: if you have to have it explained to you, you can't afford it.
I imagine the only reason you know about this is because you haven't given them direct access to set up and delete email accounts, or to change the passwords on them. Here is my advice:
If the email is addressed to their registered domain, then they own the email.
If the email is addressed to your registered domain, then who owns the email depends on the agreement you had with them. If you did not have a written agreement which discloses ownership of email sent to the addresses the agreement is written for then run don't walk, directly to your lawyer. At this point it becomes a you said/they said type of issue.
You could simply tell them what your policy is after the fact, and follow through with your new 'policy' but if you favor your relative they may sue you, if you favor them your relative may sue you, so at this point it's best to stop and get advice from someone who can represent you if their advice goes awry.
Lastly, send out a new terms of service to all current 'customers' explicitly stating your terms of service. Tell them that if after 30 days they are still hosting with you then that act shows they agree to the new terms of service.
In the company I work for I regularily forward email accounts to the employee who is either taking over the old position or the employee who is handling most of the added workload. The simple fact is that a lot of work-related (and contract work at that) email is always in the pipeline, and a customer is not going to take, "We fired the employee and deleted their email for privacy" as an excuse for why we didn't respond to their request in a timely manner. Our employees understand this when they come and when they go. This forwarding is only active for a month or so, and we prevent any outgoing emails from being created in that person's name from our mailserver.
-Adam
Or, for that matter, forcing them to work overtime without paying them for it and giving the fruits of his labour to the shareholders.
That's really what it comes down to, I think. Whoever arranged for the service to be provoided to the employee and paid for it (or managed the relationship, if the service was free), is the owner of the data.
I really don't like it either, but a couple of times I have been required to provide people's email to my boss, including a Vice-President. I had to do a little bit of soul searcing on that, but not a whole lot.
Then I was, at another point, asked if I could archive all incoming and outgoing mail. I made a half-hearted effort, and eventually reported back that it wasn't possible. It was an ugly time all around in those days. At least I kept my job after 90% of the employees were layed off.
But then again, none of these people were my relatives. I hated them all.
I have misplaced my pants.
You simply wait for a court order. That's how things work. Don't hand anything over without a court order. Simple.
If they don't have a contract with you stating that their e-mails on your system are their property, then you don't have to give them anything -- unless some court feels you need to.
Phil
That's you screwed then. Don't do *anything* without your line management putting it in writing. You'd be opening yourself up to all sorts of legal nasties. In the EU, it's very thorny: despite AUPs to the contrary, people have still been charged for infringing the HRI by reading others email. Even if the AUP covers it mind: and also bear in mind any email that account's recieved from other people. They didn't sign any policy and so could argue that you've infringed their privacy.
All this is closing the door after the horse has bolted: get a formal ToS written now by a lawyer, get everyone to sign it, and tread carefully.
Fourth, it's my relative's account.
Even if for no other reason, you need to stand back and look at what you've done in the past. As a business providing a service for a fee, your company must treat this user's email the same as every other's. You're opening the company up for a justifiable lawsuit from the employer if you don't. Not only that, but you're establishing a precedent you'll have to follow in all future encounters with this employer and probably all others.
If you have no policies or past precedents to follow, you need to forget that this person is your relative and ask what you'd do with any other user. Then do the same. Your company may still get sued for making the wrong choice, but you'll eliminate the conflict of interest problem. Just make sure you immediate document this new policy, at least internally, and follow it in the future.
Even better, if you're not just a one-person company, recuse yourself. Give the employer's request to someone else to handle, and make it clear to that person that you have a conflict of interest and that they have the full authority to make whatever decision is consistent with past practice (and failing that, company philosophy and goals) without fear of reprisals. In writing, if possible.
My small gamedev co. used to serve up our own email, but when we downgraded from a T1 to DSL (we were sharing the T1 with a neighbor who moved) we switched to hosting.
Since we were used to full control, we went with something that provided administration features via the webmail system. With this we can set up lists, and more relevantly to this issue, set users passwords (among other things).
If ever somebody left the company (good terms or not) and we needed access to their email (for evidence, or just not wanting to miss an RFP sent to a no longer employed producer), we would simply set said ex-employee's password and take what we want. The hoster never gets involved.
Here one of the Sr. producers holds the keys to the email, in other situations a network admin would be ideal (we have no admin, just whatever random code monkey has time to love and nuture our network).
The software our hoster uses is iMail from Ipswitch. Here's a link.
(I have no connection to ipswitch except that our email hoster uses their software.)
I'm sure there's probably open source solutions that can provide similar features (or be adapted to do so).
DONT PANIC
Further if there was no specific provision in the "lease/service contract" there is probably no extension of it to the server. This might even hold for "IP" rights of what on the server.
IANAL. Talk to lawyer about this.
As an ACM member I will ...
1.1 Contribute to society and human well-being.
1.2 Avoid harm to others.
1.3 Be honest and trustworthy.
1.4 Be fair and take action not to discriminate.
1.5 Honor property rights including copyrights and patents.
1.6 Give proper credit for intellectual property.
1.7 Respect the privacy of others.
1.8 Honor confidentiality.
Sounds like you should not turn over the email. I wouldn't.
It doesn't sound like he wants legal advice to me.
/., I run a mail server for a company who fired one of my relatives. They now want access to his email, which I guess I'm required (ehtically and probably legally) to give to them. However, I'm torn between loyalty to my customer and loyalty to my relative (I think they're looking for proof of some misdeed) - can anyone here give me an excuse to forego my sense of ethics?"
Here's the way I read the question:
"Dear
Seriously, I don't think he's asking for legal advice, it sounds like he's asking for an excuse to ignore his conscience.
While asking a lawyer is the best advice you can give, it's probably not what he wants to hear (because he already knows what the lawyer will tell him.)
If you were, then what to do would be obvious:
1) Open your relative's email account, scan through his email.
2) Save off all the stuff you can embarrass him with at family get-togethers. Make special note of such terms as "snookums" and "little homer" or whatnot.
3) Find anything illegal and make an encrypted copy. Accidently lose those backup tapes. Not that you are going to blackmail your relative, but you might be able to get some moral compensation for your time and effort by spoofing email from your relative to the sender/recipient, and recommending the purp pony up some money to your favorite charity or else you'll go 'public' with it. If your relative winds up with some broken limbs, so much the better - he should have never been dealing with such people in the first place.
4) Then, flat out delete anything that makes _you_ look bad.
5) THEN send the batch of email to the company. Replace CRLF with \0, then tar, uuencode, compress, and bzip with a password. Make sure you remove the filename extensions at each step, and tell them it's 'zipped', and you did the work on a 'Mac' (.hqx the thing for good measure). Then, sign it with a pgp key that's registered to a third-party public key server that no-one can validate to unless they live in Tunisia.
If the company wants the information so bad, they'll get it, eventually.
6) Finally, to lighten the mood, spoof an email to your relative's wife pretending to be his 'office girlfriend', telling him how much she misses their little 'get togethers' in the copy room. Hillarity ensues.
There, now you know what it takes to be an accomplished Systems Administrator.
Are you American? Canadian? European? Russian? It matters so much for this type of question.
Montreal - Best city to live in!
I have a question for the story poster. The whole scenario seems sketchy to me to begin with. The odds of this exact mailbox meeting this exact series of events is very unlikely. Did you get the hosting contract based on the relative's connection to the company? If you did, welcome to conflict of interest! You have entered a convoluted world of nepotism and insider backroom deals. Anything you write down can and will be used against you since its only a matter of time until you do something illegal.
Well, thats really worst case scenario. But expect extra scrutiny if this actually does go sour and it looks like you guys are scratching each others back.
The moral of the story? Conflict of interest rules protect both the employer and employee.
So there's an easier way out of this. Tell whoever's asking that the mailbox is empty. Read the email yourself for curiosity's sake, delete it with a secure over-write, and be done with it.
Why wrestle with the morality of the situation when you aren't even qualified to do so, and might put yourself in legal trouble by cooperating in case this employee sues your ass off in court?
Better not to get involved. Don't waste your time.
And this is the first time access has been asked for. As recently as the first of the year the order was 'dump everything'. Yes, there is a personal conflict on my part- why not ask for the others' recently closed accounts?
What we did as a company when we had a similar situation (posting anonymously because of this) is delete the account and have all email to it fowarded to the person replacing the job. We felt this was ethical as we needed those emails anyway, and the account was most likly empty anyway.
We did not have the account anymore and did not falsify our udentity as said person. But emails that we were receiving would be subject as to weather we would press charges against the former partner. And had ramifications in the 10's of thousands of dollors of business that was being stolen by a partner of the company.
Mr. Former Employee
C/O Old Employer Co.
123 Industrial Way
Anytown, NJ 12345-6789
IANAL so I don't know the answer to this question: Who is legally allowed to open this envelope? I know I've seen bosses open the mail of departed former employees, look at it and say, "OK, I know what to do with this," and walk off, but the legality of such actions never crossed my mind. Find out the answer to this, and you've probably got your answer to the ethical dilemma around the e-mail question.
You could tell them that there is no way to get at the data without the password.
It they want the data they have to get the password from the employee. It they want to go to court, they should go to court to get the employee to give them the password.
You could even change the e-mail system so that it indeed encrypts the accounts with the password, and avoid problems in the future.
The company and the ex-employee both want something from you. The company want information, the ex-employee want you not to pass on that information. You, therefore, hold the balance of power.
..... [different address in each e-mail], it is the only copy since your recent server upgrade, and how much would they be prepared to offer you to lay their hands on it? You must fake the headers so it looks as though the same message was sent cc: to both parties, even though the SDB location is different.
Proper etiquette in this situation is to back up the data onto a CD-R, make a second copy, and place each in a separate safe deposit box in the same city. You should then e-mail each party independently, telling them that you have the information stored on a CD-R, and it is in a safe deposit box at
In your next e-mail to each side, you "carelessly" let slip how much the other side was prepared to offer you for the disputed data, and ask if they would like to raise their bids. You do this several times and it proceeds like a poker game when it's down to just two players: they keep calling and raising the stakes, and if neither side folds then it will come to a showdown.
Once each side has reached their maximum bid for how much they are prepared to offer, and you have booked a flight to the West Indies, then you let each side have their own copy of the data!
Je fume. Tu fumes. Nous fûmes!
A lot of people, I noticed, are saying that the box belongs to the company, but the box is not the same as the mail. If I agreed to put my diamond in your safe, does that mean the diamond belongs to you? I certainly hope not!
If there were a contract stating that all mail stored in the box belonged to the company, that would be different. But there is no contract!
"Sometimes it takes more than an axe and a busload of strangers to work through your anger." -Rikk Estoban
Clearly, though, you can obtain consent from the original addressee and then disclose.
Every single business with whom you have *any* association in this precise moment is lying to you.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
My employee handbook is explicitly clear that anything I post or transmit through any company-managed infrastructure is the company's property. I have no rights of privacy to any of it. This simplifies things greatly, as anything I send or read through the company mail server, whether we host it or not, is already explicitly company property.
Before anybody reacts that this seems awfully fascist or intrusive, I want to say that it provides me a real sense of security to know exactly where my boundaries are and that they are not flexible or partisan in their enforcement. That said, I'm the sysadmin whom others would call when they need so-and-so's email, and I've done exactly that on more than a few occasions already. "Company mail" is company mail.
-j