Mixing
![What should be covered in a performance review? [closed]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjbpfN9tAutmK93bJRC3ZoROZzi2TJDms5n8_qJuhgE0a9b52OOHayv3NGT8igAdFL7byXNst-_1DZK5SjrIJ28_6RQPUpBROqMs5s6jo-ZsjX8kjDwfxJufIitH3TaQRXWaGSQKRQib-f/s72-c/1.jpg)
Ethics regarding setup of forwarding rules unknown to mailbox owner
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
6
down vote
favorite
I work with someone, I'll say her name is Jane, who is an administrative assistant here. Jane discovered that unbeknownst to her, someone had set up several automatic forwarding rules in her Outlook. She has been with the company at least a couple years, so for all she knows this could have been going on the whole time (not sure). In any case, emails that were sent to her were getting automatically forwarded to multiple people, including her own peers who are other administrative assistants equal to her, all without her knowledge (until discovering the rules).
Are there standard ethical rules regarding this type of thing? It seems like there should be something wrong with that. But simply googling this I do not find what I'm looking for. Maybe that means there are no such ethics, in which case, probably the best thing to do is just let it go (now that she's turned them off). But I wanted to try to find out. Thank you!
ANSWERS TO QUESTIONS IN COMMENTS:
Our company does not have a documented internal privacy policy (not that I'm aware of, anyway. If it does, it is not in a place that everyone has access to).
She is not sure whether everyone who was getting her emails is aware it was without her knowledge. But PRETTY sure at least one of them was aware of this.
Jane does not know who set them up, or why they were set up. Though the suspicion is purely for singled-out monitoring and micro-managing, given these same peers also try to track her exact arrival and departure times (we do not use key cards or anything like that) and things like that.
No, it does not look like these forwarding rules were also set up for the other people. Jane does not get anyone else's email. I personally do not have any forwarding rules set up either, and know of others that do not.
ethics email
asked Mar 23 '16 at 18:41
Andarta
22716
 |Â
show 4 more comments
up vote
6
down vote
favorite
I work with someone, I'll say her name is Jane, who is an administrative assistant here. Jane discovered that unbeknownst to her, someone had set up several automatic forwarding rules in her Outlook. She has been with the company at least a couple years, so for all she knows this could have been going on the whole time (not sure). In any case, emails that were sent to her were getting automatically forwarded to multiple people, including her own peers who are other administrative assistants equal to her, all without her knowledge (until discovering the rules).
Are there standard ethical rules regarding this type of thing? It seems like there should be something wrong with that. But simply googling this I do not find what I'm looking for. Maybe that means there are no such ethics, in which case, probably the best thing to do is just let it go (now that she's turned them off). But I wanted to try to find out. Thank you!
ANSWERS TO QUESTIONS IN COMMENTS:
Our company does not have a documented internal privacy policy (not that I'm aware of, anyway. If it does, it is not in a place that everyone has access to).
She is not sure whether everyone who was getting her emails is aware it was without her knowledge. But PRETTY sure at least one of them was aware of this.
Jane does not know who set them up, or why they were set up. Though the suspicion is purely for singled-out monitoring and micro-managing, given these same peers also try to track her exact arrival and departure times (we do not use key cards or anything like that) and things like that.
No, it does not look like these forwarding rules were also set up for the other people. Jane does not get anyone else's email. I personally do not have any forwarding rules set up either, and know of others that do not.
ethics email
asked Mar 23 '16 at 18:41
Andarta
22716
2
Some of this will come down to your company's privacy policies. In some companies work emails are company property with no expectation of privacy, in other companies your communications are explicitly your property unless a court orders otherwise.
– Myles
Mar 23 '16 at 18:44
5
if she is singled out and only her mails are being forwarded to her peers while her peers were keeping their emails to themselves, it might be a problem. But in general, workplace email is the employer's property and one should have no explicit or implied expectancy of privacy.
– MelBurslan
Mar 23 '16 at 18:47
1
@MelBurslan Implied privacy of email varies a lot. In my company without a court order we are not even allowed to view the email of employees who have died. Apparently this is in compliance with German privacy laws.
– Myles
Mar 23 '16 at 19:14
1
I'm curious: How did she discover the rules were in place? Was she trying to set up a new rule or did she have an idea that something like this was going on? She should talk to her direct manager about this. If her manager doesn't know anything about it then there might be a far larger problem that the company need to investigate.
– NotMe
Mar 23 '16 at 23:50
2
@MelBurslan her e-mails being employer property is one thing, sharing them without her knowledge is another. Assuming that the employer has the obligation to protect her personal data, any e-mail from HR with such data opens the company for a lawsuit, if that mail got disclosed to her peers.
– Dmitry Grigoryev
Mar 24 '16 at 12:06
 |Â
show 4 more comments
up vote
6
down vote
favorite
up vote
6
down vote
favorite
I work with someone, I'll say her name is Jane, who is an administrative assistant here. Jane discovered that unbeknownst to her, someone had set up several automatic forwarding rules in her Outlook. She has been with the company at least a couple years, so for all she knows this could have been going on the whole time (not sure). In any case, emails that were sent to her were getting automatically forwarded to multiple people, including her own peers who are other administrative assistants equal to her, all without her knowledge (until discovering the rules).
Are there standard ethical rules regarding this type of thing? It seems like there should be something wrong with that. But simply googling this I do not find what I'm looking for. Maybe that means there are no such ethics, in which case, probably the best thing to do is just let it go (now that she's turned them off). But I wanted to try to find out. Thank you!
ANSWERS TO QUESTIONS IN COMMENTS:
Our company does not have a documented internal privacy policy (not that I'm aware of, anyway. If it does, it is not in a place that everyone has access to).
She is not sure whether everyone who was getting her emails is aware it was without her knowledge. But PRETTY sure at least one of them was aware of this.
Jane does not know who set them up, or why they were set up. Though the suspicion is purely for singled-out monitoring and micro-managing, given these same peers also try to track her exact arrival and departure times (we do not use key cards or anything like that) and things like that.
No, it does not look like these forwarding rules were also set up for the other people. Jane does not get anyone else's email. I personally do not have any forwarding rules set up either, and know of others that do not.
ethics email
asked Mar 23 '16 at 18:41
Andarta
22716
I work with someone, I'll say her name is Jane, who is an administrative assistant here. Jane discovered that unbeknownst to her, someone had set up several automatic forwarding rules in her Outlook. She has been with the company at least a couple years, so for all she knows this could have been going on the whole time (not sure). In any case, emails that were sent to her were getting automatically forwarded to multiple people, including her own peers who are other administrative assistants equal to her, all without her knowledge (until discovering the rules).
Are there standard ethical rules regarding this type of thing? It seems like there should be something wrong with that. But simply googling this I do not find what I'm looking for. Maybe that means there are no such ethics, in which case, probably the best thing to do is just let it go (now that she's turned them off). But I wanted to try to find out. Thank you!
ANSWERS TO QUESTIONS IN COMMENTS:
Our company does not have a documented internal privacy policy (not that I'm aware of, anyway. If it does, it is not in a place that everyone has access to).
She is not sure whether everyone who was getting her emails is aware it was without her knowledge. But PRETTY sure at least one of them was aware of this.
Jane does not know who set them up, or why they were set up. Though the suspicion is purely for singled-out monitoring and micro-managing, given these same peers also try to track her exact arrival and departure times (we do not use key cards or anything like that) and things like that.
No, it does not look like these forwarding rules were also set up for the other people. Jane does not get anyone else's email. I personally do not have any forwarding rules set up either, and know of others that do not.
ethics email
asked Mar 23 '16 at 18:41
Andarta
22716
edited Mar 23 '16 at 19:03
asked Mar 23 '16 at 18:41
Andarta
22716
asked Mar 23 '16 at 18:41
Andarta
22716
asked Mar 23 '16 at 18:41
Andarta
22716
22716
2
Some of this will come down to your company's privacy policies. In some companies work emails are company property with no expectation of privacy, in other companies your communications are explicitly your property unless a court orders otherwise.
– Myles
Mar 23 '16 at 18:44
5
if she is singled out and only her mails are being forwarded to her peers while her peers were keeping their emails to themselves, it might be a problem. But in general, workplace email is the employer's property and one should have no explicit or implied expectancy of privacy.
– MelBurslan
Mar 23 '16 at 18:47
1
@MelBurslan Implied privacy of email varies a lot. In my company without a court order we are not even allowed to view the email of employees who have died. Apparently this is in compliance with German privacy laws.
– Myles
Mar 23 '16 at 19:14
1
I'm curious: How did she discover the rules were in place? Was she trying to set up a new rule or did she have an idea that something like this was going on? She should talk to her direct manager about this. If her manager doesn't know anything about it then there might be a far larger problem that the company need to investigate.
– NotMe
Mar 23 '16 at 23:50
2
@MelBurslan her e-mails being employer property is one thing, sharing them without her knowledge is another. Assuming that the employer has the obligation to protect her personal data, any e-mail from HR with such data opens the company for a lawsuit, if that mail got disclosed to her peers.
– Dmitry Grigoryev
Mar 24 '16 at 12:06
 |Â
show 4 more comments
2
Some of this will come down to your company's privacy policies. In some companies work emails are company property with no expectation of privacy, in other companies your communications are explicitly your property unless a court orders otherwise.
– Myles
Mar 23 '16 at 18:44
5
if she is singled out and only her mails are being forwarded to her peers while her peers were keeping their emails to themselves, it might be a problem. But in general, workplace email is the employer's property and one should have no explicit or implied expectancy of privacy.
– MelBurslan
Mar 23 '16 at 18:47
1
@MelBurslan Implied privacy of email varies a lot. In my company without a court order we are not even allowed to view the email of employees who have died. Apparently this is in compliance with German privacy laws.
– Myles
Mar 23 '16 at 19:14
1
I'm curious: How did she discover the rules were in place? Was she trying to set up a new rule or did she have an idea that something like this was going on? She should talk to her direct manager about this. If her manager doesn't know anything about it then there might be a far larger problem that the company need to investigate.
– NotMe
Mar 23 '16 at 23:50
2
@MelBurslan her e-mails being employer property is one thing, sharing them without her knowledge is another. Assuming that the employer has the obligation to protect her personal data, any e-mail from HR with such data opens the company for a lawsuit, if that mail got disclosed to her peers.
– Dmitry Grigoryev
Mar 24 '16 at 12:06
2
2
Some of this will come down to your company's privacy policies. In some companies work emails are company property with no expectation of privacy, in other companies your communications are explicitly your property unless a court orders otherwise.
– Myles
Mar 23 '16 at 18:44
Some of this will come down to your company's privacy policies. In some companies work emails are company property with no expectation of privacy, in other companies your communications are explicitly your property unless a court orders otherwise.
– Myles
Mar 23 '16 at 18:44
5
5
if she is singled out and only her mails are being forwarded to her peers while her peers were keeping their emails to themselves, it might be a problem. But in general, workplace email is the employer's property and one should have no explicit or implied expectancy of privacy.
– MelBurslan
Mar 23 '16 at 18:47
if she is singled out and only her mails are being forwarded to her peers while her peers were keeping their emails to themselves, it might be a problem. But in general, workplace email is the employer's property and one should have no explicit or implied expectancy of privacy.
– MelBurslan
Mar 23 '16 at 18:47
1
1
@MelBurslan Implied privacy of email varies a lot. In my company without a court order we are not even allowed to view the email of employees who have died. Apparently this is in compliance with German privacy laws.
– Myles
Mar 23 '16 at 19:14
@MelBurslan Implied privacy of email varies a lot. In my company without a court order we are not even allowed to view the email of employees who have died. Apparently this is in compliance with German privacy laws.
– Myles
Mar 23 '16 at 19:14
1
1
I'm curious: How did she discover the rules were in place? Was she trying to set up a new rule or did she have an idea that something like this was going on? She should talk to her direct manager about this. If her manager doesn't know anything about it then there might be a far larger problem that the company need to investigate.
– NotMe
Mar 23 '16 at 23:50
I'm curious: How did she discover the rules were in place? Was she trying to set up a new rule or did she have an idea that something like this was going on? She should talk to her direct manager about this. If her manager doesn't know anything about it then there might be a far larger problem that the company need to investigate.
– NotMe
Mar 23 '16 at 23:50
2
2
@MelBurslan her e-mails being employer property is one thing, sharing them without her knowledge is another. Assuming that the employer has the obligation to protect her personal data, any e-mail from HR with such data opens the company for a lawsuit, if that mail got disclosed to her peers.
– Dmitry Grigoryev
Mar 24 '16 at 12:06
@MelBurslan her e-mails being employer property is one thing, sharing them without her knowledge is another. Assuming that the employer has the obligation to protect her personal data, any e-mail from HR with such data opens the company for a lawsuit, if that mail got disclosed to her peers.
– Dmitry Grigoryev
Mar 24 '16 at 12:06
 |Â
show 4 more comments
6 Answers
6
active
oldest
votes
up vote
8
down vote
As silly as this may sound, I'm willing to bet Jane set this up a long time ago by accident or someone did for her and she forgot about it. In my experience with non-tech people, I found they did all sorts of bizarre things. If Jane sends you a picture via pasting into Words, you can bet she doesn't know anything about what a "Rule" is.
Unless the rules somehow targeted something specific like forwarding any personal or bank account information, I really can't say anything malicious happened here. I would also think about the consequences of these rules. Did people play cruel jokes on her by knowing something from the emails? Or did they collaborate with her such as, "I seen the email from Joe and I think we should go ahead and set up that ASAP."
My guess is the simplest. If she has no idea how to use a computer chances are the rules were accidental or intentially with unintended consequence. Ex she wanted to forward customer replies to her workers but she didn't understand the rules would also send anything else.
answered Mar 23 '16 at 19:54
Dan
4,752412
4
If I was getting forwarded emails I would ask why.
– paparazzo
Mar 23 '16 at 20:22
@Paparazzi True. It's entirely possible that 2 years ago Jane went on vacation, set up a forward rule by the office techie, then said to everyone, "I'm off to vacation and I set up a rule to forward you my message." When she came back she forgot about it and so did everyone else until someone new came along and asked.
– Dan
Mar 24 '16 at 12:21
1
She set it up 2 years ago, forgot, people have been getting her email for 2 years, and no one has said you are back from vacation can turn off forwarding. Yes possible.
– paparazzo
Mar 24 '16 at 12:36
There is no way she set these up herself - she didn't even know how to find them. I showed her how to find rules when she came to me with the suspicion that her peer was getting her emails. And if anyone had ever collaborated with her on any of those then she would know they were getting forwarded.
– Andarta
Mar 24 '16 at 13:59
suggest improvements |Â
up vote
4
down vote
As a "Just in case whoever did this was careless" if you go into the properties of the undesirable .rwz file and get the details of date created and owner. This isn't 100% however if the file was created by one of the suspicious peers that is a pretty strong indication of malicious intent. If one of the email receivers created the file, that is likely enough to bring to HR. They will need to be asked if they did it and confronted with evidence if they deny, or come up with a business reason if they come clean. If caught lying or no business reason can be presented for modifying a co-workers computer without their knowledge then you have a pretty strong case for disciplinary action.
Ethically even if her emails are company property that does not mean that they are authorized to be shared with the particular people who were receiving them (just like you can't take all of your boss's emails when they aren't looking even though those emails are company property).
answered Mar 23 '16 at 19:49
Myles
25.4k658104
Thanks, Myles. Though as far as I know, the .rwz file is only created when you export the rules. If Jane does that then the details of that file of course are going to say Jane made it today. So unfortunately it's not helpful. I tried googling how to find out who originally made a rule, but am not finding anything.
– Andarta
Mar 23 '16 at 20:57
Sorry Andarta that was phrased badly on my part. I intended that to be a part of the perpetrator needing to be careless. More likely that the perpetrator built this rule on their machine, exported it to a thumb drive or common drive and then imported it rather than building it from scratch on her system (unless she leaves her computer unlocked and unattended for long periods of time). If they left this file on a common drive or on her machine you have evidence.
– Myles
Mar 24 '16 at 14:26
oooooh...I see, @Myles. Interesting idea, I hadn't thought of that. I searched on our shared drive and that didn't have anything. I could maybe have her try looking on her computer. Though recently her computer needed some sort of work done so the IT guy here was on it anyway - it would have been very easy for someone to have him set it up directly on her machine either then or when she was first set up on it. Thanks!
– Andarta
Mar 24 '16 at 16:17
suggest improvements |Â
up vote
1
down vote
Andarta, while legal answers may be off topic for this site, legal resources are probably your best resource for ethics questions. Law and ethics are tightly intertwined and that is where you will find the most thorough discussion of what constitutes ethical conduct in this context.
The ethics and legality of what happened are discussed in broad terms in this piece on Privacy in the Workplace from The Berkman Center for Internet & Society at Harvard Law School. In particular, read the introduction. It says that the law in this area is new and evolving. It also provides links to additional resources.
I don't think that Jane should let this go. Jane should not just go to HR, but also to the legal department, and ask them about their internal privacy policy, and tell them about her situation. She should have a conversation with them about this and explain how this made her feel. Does she want to know what to expect from the employer with respect to her privacy? Tell them that. Does she feel that without a policy she feels afraid of doing her work? Does not having a policy contribute to a culture of fear in the workplace? Tell them that. Tell folks in HR and in Legal.
It's not about filing a lawsuit. It's the Legal folks' job to write the privacy policy. It's not an HR job. So she should go to both HR and Legal and convey that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
As others have said, this might have been an innocent technical issue, or may be a sign that the company is monitoring employees and not telling them about it. Or that she is being singled out. Or that there is a malicious employee playing a trick on her. She won't know until she has that conversation. And even then she may not know. But if she is worried and wants to know the truth, this is the way to peace of mind. She should not get angry. She should go with an attitude of curiosity. Don't pass judgement on the company or on HR or on Legal until you hear their side of the story.
answered Mar 23 '16 at 19:52
Give Love
458
1
Most employers will have an IT or privacy policy that states "All electronic communications may be monitored" (and most employees barely skim over those policies in their handbook) but even without such a policy, I think the employer is still in the clear to monitor work emails. Courts have found that employers are generally free to read employee email messages, as long as there's a valid business purpose for doing so.
– Johnny
Mar 23 '16 at 20:23
@Johnny that may well be true. But I still think that Jane should talk to the legal folks. It's not about filing a lawsuit. It's the legal folks job to write the privacy policy. It's not the HR's job. So she should go to them and make the case that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
– Give Love
Mar 23 '16 at 20:42
@Johnny - I understand that technically yes, companies "own" employees' emails and have a right to review them if necessary. But in this case, she was not given a valid business reason for it, and it is her peers getting her emails, not her boss who would be doing the reviewing.
– Andarta
Mar 23 '16 at 20:44
@Andarta - She doesn't need to be given a valid business reason for it, the employer just needs to have a valid business reason. The business case doesn't need to involve a supervisor reviewing her emails, it can just be something as simple as "She's an important member of the Admin team that many in the organization rely on, and we need others on the team to be able to respond to her emails if she's not available". Businesses don't just technically own employee emails, they do own them and are responsible for them.
– Johnny
Mar 23 '16 at 20:53
Employer's right to monitor email is not the same as right to forward to random people without informing the user. Monitoring is generally covered as an IT or compliance department's responsibility, not one for your peers.
– cdkMoose
Mar 23 '16 at 22:50
 |Â
show 2 more comments
up vote
0
down vote
If it is legal is a legal question and off topic for this site. The law differs country to country.
Let's assume it is legal.
If this was legitimate then most likely it would have been done at the mail server level or Group Policy so she would not know.
If these emails were going to multiple parties they had to notice. FW will be in the subject and the mail sent to you.
I have not verified but if they really were forwarded then they should be in the sent items folder.
I would go to your boss. As it is also kind of a violation of his/her privacy if his/her emails were forwarded.
If you don't feel like you got a good answer from your boss then you can go to HR.
answered Mar 23 '16 at 20:15
paparazzo
33.3k657106
suggest improvements |Â
up vote
0
down vote
Assuming you have competent admin, this is most likely done by a peer. The admin would be able to do this invisibly at the mail server.
My advice to her would be to remove the rules and see if anyone asks why, and then query why they were there. She shouldn't be doing anything that she needs to hide on her work email anyway. Until someone says something just ignore it, there are too many reasons why it might have been done, both legitimate and malicious.
This underlines why people need to lock their machines when they don't use them, and have a strong password (you can actually password protect your .pst file as well). That way if anything has changed you know that it was done by admin and can query them as to why if you feel the need.
answered Mar 23 '16 at 21:05
Kilisi
94.5k50216376
1
Actually, as an administrative assistant, there are plenty of confidential emails that she might need to hide from peers and others within the company. These emails might be part of a confidential discussion with her manager and/or HR. Lack of privacy for herself does not mean that just anyone in the company can read her email.
– cdkMoose
Mar 23 '16 at 22:39
I agree with cdkMoose. One thing that comes to mind is whether those other admin assistants are spying on her particular boss. Honestly, I'd bring this up with management.
– NotMe
Mar 23 '16 at 23:52
good points, but I'm not the paranoid sort, I tend to take things at face value unless I have a reason not to. So I would assume there was a legit reason at some point in time. I can't see what bringing it up with management would do in a positive way. Start an investigation and make it the office drama of the week? Investigation hasn't much chance of turning anything up. Better to make someone show their hand than look sideways at everyone.
– Kilisi
Mar 24 '16 at 0:58
1
If it was an attempt at sabotage why would the attacker do a blanket forward to multiple people? And on top of that nobody saying anything for seemingly a very long time? It seems like either everyone is in on it or somehow the rule was setup on purpose at some point and just forgotten about. It seems logical to me that someone attempting at espionage would try a more covert approach such as asking an sysadmin or if they knew her password why not simply log in every night and browse emails/files instead of a blanket forward rule?
– Dan
Mar 24 '16 at 16:49
1
I should also add if it was a espionage attempt wouldn't the perpetrator always be one step ahead of Jane? Or at least some sort of internal problems such as accounts missing or identity stolen? Seems like if it was something like that the attack would be known or at least something fishy going on.
– Dan
Mar 24 '16 at 16:53
 |Â
show 1 more comment
up vote
0
down vote
If Jane is absolutely sure that she didn't set this up herself (perhaps when taking leave at some point?), then 2 options remain.
One, is that it is an official action to monitor her mailbox. It's quite common among administrative pools to have some form of email sharing setup, though if this was the case she would be aware of it, and there are better ways to implement this. It could also be for disciplinary or performance reasons, but again there are much better ways to set this up. And, ethically she should be made aware of that, and in many jurisdictions, legally she would have to be informed too.
Second, it is an unofficial action, either setup by another assistant or by her manager. This is effectively spying, if there's any chance that she would receive sensitive material by email, a security breach. Sensitive material doesn't have to be classified military secrets, it could be personal employee information (payroll, reasons for absences), it could be a managers calendar, it could be customer information or details of potential customers or sales, it could be details of an upcoming product/service etc.
In either case, I think Jane should consider acting as if it is a security breach and reporting it as such. How she actually does this will depend on her organisation, it may be more appropriate to approach her manager directly (unless she suspects him/her of involvement), or it may be more appropriate to talk directly to IT or IT security. Her organisation's computer usage policy may give some guidance.
If this is something unofficial, it will bring in the right people to address it, if it's something official then at least she will know and will be addressing it head on, and by highlighting how it has been handled may also be protecting herself.
answered Mar 24 '16 at 11:17
Steven Mulkerrins
1011
suggest improvements |Â
StackExchange.ready(function ()
$("#show-editor-button input, #show-editor-button button").click(function ()
var showEditor = function()
$("#show-editor-button").hide();
$("#post-form").removeClass("dno");
StackExchange.editor.finallyInit();
;
var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True')
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');
$(this).loadPopup(
url: '/post/self-answer-popup',
loaded: function(popup)
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');
pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);
)
else
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true)
showEditor();
);
);
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
8
down vote
As silly as this may sound, I'm willing to bet Jane set this up a long time ago by accident or someone did for her and she forgot about it. In my experience with non-tech people, I found they did all sorts of bizarre things. If Jane sends you a picture via pasting into Words, you can bet she doesn't know anything about what a "Rule" is.
Unless the rules somehow targeted something specific like forwarding any personal or bank account information, I really can't say anything malicious happened here. I would also think about the consequences of these rules. Did people play cruel jokes on her by knowing something from the emails? Or did they collaborate with her such as, "I seen the email from Joe and I think we should go ahead and set up that ASAP."
My guess is the simplest. If she has no idea how to use a computer chances are the rules were accidental or intentially with unintended consequence. Ex she wanted to forward customer replies to her workers but she didn't understand the rules would also send anything else.
answered Mar 23 '16 at 19:54
Dan
4,752412
4
If I was getting forwarded emails I would ask why.
– paparazzo
Mar 23 '16 at 20:22
@Paparazzi True. It's entirely possible that 2 years ago Jane went on vacation, set up a forward rule by the office techie, then said to everyone, "I'm off to vacation and I set up a rule to forward you my message." When she came back she forgot about it and so did everyone else until someone new came along and asked.
– Dan
Mar 24 '16 at 12:21
1
She set it up 2 years ago, forgot, people have been getting her email for 2 years, and no one has said you are back from vacation can turn off forwarding. Yes possible.
– paparazzo
Mar 24 '16 at 12:36
There is no way she set these up herself - she didn't even know how to find them. I showed her how to find rules when she came to me with the suspicion that her peer was getting her emails. And if anyone had ever collaborated with her on any of those then she would know they were getting forwarded.
– Andarta
Mar 24 '16 at 13:59
suggest improvements |Â
up vote
8
down vote
As silly as this may sound, I'm willing to bet Jane set this up a long time ago by accident or someone did for her and she forgot about it. In my experience with non-tech people, I found they did all sorts of bizarre things. If Jane sends you a picture via pasting into Words, you can bet she doesn't know anything about what a "Rule" is.
Unless the rules somehow targeted something specific like forwarding any personal or bank account information, I really can't say anything malicious happened here. I would also think about the consequences of these rules. Did people play cruel jokes on her by knowing something from the emails? Or did they collaborate with her such as, "I seen the email from Joe and I think we should go ahead and set up that ASAP."
My guess is the simplest. If she has no idea how to use a computer chances are the rules were accidental or intentially with unintended consequence. Ex she wanted to forward customer replies to her workers but she didn't understand the rules would also send anything else.
answered Mar 23 '16 at 19:54
Dan
4,752412
4
If I was getting forwarded emails I would ask why.
– paparazzo
Mar 23 '16 at 20:22
@Paparazzi True. It's entirely possible that 2 years ago Jane went on vacation, set up a forward rule by the office techie, then said to everyone, "I'm off to vacation and I set up a rule to forward you my message." When she came back she forgot about it and so did everyone else until someone new came along and asked.
– Dan
Mar 24 '16 at 12:21
1
She set it up 2 years ago, forgot, people have been getting her email for 2 years, and no one has said you are back from vacation can turn off forwarding. Yes possible.
– paparazzo
Mar 24 '16 at 12:36
There is no way she set these up herself - she didn't even know how to find them. I showed her how to find rules when she came to me with the suspicion that her peer was getting her emails. And if anyone had ever collaborated with her on any of those then she would know they were getting forwarded.
– Andarta
Mar 24 '16 at 13:59
suggest improvements |Â
up vote
8
down vote
up vote
8
down vote
As silly as this may sound, I'm willing to bet Jane set this up a long time ago by accident or someone did for her and she forgot about it. In my experience with non-tech people, I found they did all sorts of bizarre things. If Jane sends you a picture via pasting into Words, you can bet she doesn't know anything about what a "Rule" is.
Unless the rules somehow targeted something specific like forwarding any personal or bank account information, I really can't say anything malicious happened here. I would also think about the consequences of these rules. Did people play cruel jokes on her by knowing something from the emails? Or did they collaborate with her such as, "I seen the email from Joe and I think we should go ahead and set up that ASAP."
My guess is the simplest. If she has no idea how to use a computer chances are the rules were accidental or intentially with unintended consequence. Ex she wanted to forward customer replies to her workers but she didn't understand the rules would also send anything else.
answered Mar 23 '16 at 19:54
Dan
4,752412
As silly as this may sound, I'm willing to bet Jane set this up a long time ago by accident or someone did for her and she forgot about it. In my experience with non-tech people, I found they did all sorts of bizarre things. If Jane sends you a picture via pasting into Words, you can bet she doesn't know anything about what a "Rule" is.
Unless the rules somehow targeted something specific like forwarding any personal or bank account information, I really can't say anything malicious happened here. I would also think about the consequences of these rules. Did people play cruel jokes on her by knowing something from the emails? Or did they collaborate with her such as, "I seen the email from Joe and I think we should go ahead and set up that ASAP."
My guess is the simplest. If she has no idea how to use a computer chances are the rules were accidental or intentially with unintended consequence. Ex she wanted to forward customer replies to her workers but she didn't understand the rules would also send anything else.
answered Mar 23 '16 at 19:54
Dan
4,752412
answered Mar 23 '16 at 19:54
Dan
4,752412
answered Mar 23 '16 at 19:54
Dan
4,752412
answered Mar 23 '16 at 19:54
Dan
4,752412
4,752412
4
If I was getting forwarded emails I would ask why.
– paparazzo
Mar 23 '16 at 20:22
@Paparazzi True. It's entirely possible that 2 years ago Jane went on vacation, set up a forward rule by the office techie, then said to everyone, "I'm off to vacation and I set up a rule to forward you my message." When she came back she forgot about it and so did everyone else until someone new came along and asked.
– Dan
Mar 24 '16 at 12:21
1
She set it up 2 years ago, forgot, people have been getting her email for 2 years, and no one has said you are back from vacation can turn off forwarding. Yes possible.
– paparazzo
Mar 24 '16 at 12:36
There is no way she set these up herself - she didn't even know how to find them. I showed her how to find rules when she came to me with the suspicion that her peer was getting her emails. And if anyone had ever collaborated with her on any of those then she would know they were getting forwarded.
– Andarta
Mar 24 '16 at 13:59
suggest improvements |Â
4
If I was getting forwarded emails I would ask why.
– paparazzo
Mar 23 '16 at 20:22
@Paparazzi True. It's entirely possible that 2 years ago Jane went on vacation, set up a forward rule by the office techie, then said to everyone, "I'm off to vacation and I set up a rule to forward you my message." When she came back she forgot about it and so did everyone else until someone new came along and asked.
– Dan
Mar 24 '16 at 12:21
1
She set it up 2 years ago, forgot, people have been getting her email for 2 years, and no one has said you are back from vacation can turn off forwarding. Yes possible.
– paparazzo
Mar 24 '16 at 12:36
There is no way she set these up herself - she didn't even know how to find them. I showed her how to find rules when she came to me with the suspicion that her peer was getting her emails. And if anyone had ever collaborated with her on any of those then she would know they were getting forwarded.
– Andarta
Mar 24 '16 at 13:59
4
4
If I was getting forwarded emails I would ask why.
– paparazzo
Mar 23 '16 at 20:22
If I was getting forwarded emails I would ask why.
– paparazzo
Mar 23 '16 at 20:22
@Paparazzi True. It's entirely possible that 2 years ago Jane went on vacation, set up a forward rule by the office techie, then said to everyone, "I'm off to vacation and I set up a rule to forward you my message." When she came back she forgot about it and so did everyone else until someone new came along and asked.
– Dan
Mar 24 '16 at 12:21
@Paparazzi True. It's entirely possible that 2 years ago Jane went on vacation, set up a forward rule by the office techie, then said to everyone, "I'm off to vacation and I set up a rule to forward you my message." When she came back she forgot about it and so did everyone else until someone new came along and asked.
– Dan
Mar 24 '16 at 12:21
1
1
She set it up 2 years ago, forgot, people have been getting her email for 2 years, and no one has said you are back from vacation can turn off forwarding. Yes possible.
– paparazzo
Mar 24 '16 at 12:36
She set it up 2 years ago, forgot, people have been getting her email for 2 years, and no one has said you are back from vacation can turn off forwarding. Yes possible.
– paparazzo
Mar 24 '16 at 12:36
There is no way she set these up herself - she didn't even know how to find them. I showed her how to find rules when she came to me with the suspicion that her peer was getting her emails. And if anyone had ever collaborated with her on any of those then she would know they were getting forwarded.
– Andarta
Mar 24 '16 at 13:59
There is no way she set these up herself - she didn't even know how to find them. I showed her how to find rules when she came to me with the suspicion that her peer was getting her emails. And if anyone had ever collaborated with her on any of those then she would know they were getting forwarded.
– Andarta
Mar 24 '16 at 13:59
suggest improvements |Â
up vote
4
down vote
As a "Just in case whoever did this was careless" if you go into the properties of the undesirable .rwz file and get the details of date created and owner. This isn't 100% however if the file was created by one of the suspicious peers that is a pretty strong indication of malicious intent. If one of the email receivers created the file, that is likely enough to bring to HR. They will need to be asked if they did it and confronted with evidence if they deny, or come up with a business reason if they come clean. If caught lying or no business reason can be presented for modifying a co-workers computer without their knowledge then you have a pretty strong case for disciplinary action.
Ethically even if her emails are company property that does not mean that they are authorized to be shared with the particular people who were receiving them (just like you can't take all of your boss's emails when they aren't looking even though those emails are company property).
answered Mar 23 '16 at 19:49
Myles
25.4k658104
Thanks, Myles. Though as far as I know, the .rwz file is only created when you export the rules. If Jane does that then the details of that file of course are going to say Jane made it today. So unfortunately it's not helpful. I tried googling how to find out who originally made a rule, but am not finding anything.
– Andarta
Mar 23 '16 at 20:57
Sorry Andarta that was phrased badly on my part. I intended that to be a part of the perpetrator needing to be careless. More likely that the perpetrator built this rule on their machine, exported it to a thumb drive or common drive and then imported it rather than building it from scratch on her system (unless she leaves her computer unlocked and unattended for long periods of time). If they left this file on a common drive or on her machine you have evidence.
– Myles
Mar 24 '16 at 14:26
oooooh...I see, @Myles. Interesting idea, I hadn't thought of that. I searched on our shared drive and that didn't have anything. I could maybe have her try looking on her computer. Though recently her computer needed some sort of work done so the IT guy here was on it anyway - it would have been very easy for someone to have him set it up directly on her machine either then or when she was first set up on it. Thanks!
– Andarta
Mar 24 '16 at 16:17
suggest improvements |Â
up vote
4
down vote
As a "Just in case whoever did this was careless" if you go into the properties of the undesirable .rwz file and get the details of date created and owner. This isn't 100% however if the file was created by one of the suspicious peers that is a pretty strong indication of malicious intent. If one of the email receivers created the file, that is likely enough to bring to HR. They will need to be asked if they did it and confronted with evidence if they deny, or come up with a business reason if they come clean. If caught lying or no business reason can be presented for modifying a co-workers computer without their knowledge then you have a pretty strong case for disciplinary action.
Ethically even if her emails are company property that does not mean that they are authorized to be shared with the particular people who were receiving them (just like you can't take all of your boss's emails when they aren't looking even though those emails are company property).
answered Mar 23 '16 at 19:49
Myles
25.4k658104
Thanks, Myles. Though as far as I know, the .rwz file is only created when you export the rules. If Jane does that then the details of that file of course are going to say Jane made it today. So unfortunately it's not helpful. I tried googling how to find out who originally made a rule, but am not finding anything.
– Andarta
Mar 23 '16 at 20:57
Sorry Andarta that was phrased badly on my part. I intended that to be a part of the perpetrator needing to be careless. More likely that the perpetrator built this rule on their machine, exported it to a thumb drive or common drive and then imported it rather than building it from scratch on her system (unless she leaves her computer unlocked and unattended for long periods of time). If they left this file on a common drive or on her machine you have evidence.
– Myles
Mar 24 '16 at 14:26
oooooh...I see, @Myles. Interesting idea, I hadn't thought of that. I searched on our shared drive and that didn't have anything. I could maybe have her try looking on her computer. Though recently her computer needed some sort of work done so the IT guy here was on it anyway - it would have been very easy for someone to have him set it up directly on her machine either then or when she was first set up on it. Thanks!
– Andarta
Mar 24 '16 at 16:17
suggest improvements |Â
up vote
4
down vote
up vote
4
down vote
As a "Just in case whoever did this was careless" if you go into the properties of the undesirable .rwz file and get the details of date created and owner. This isn't 100% however if the file was created by one of the suspicious peers that is a pretty strong indication of malicious intent. If one of the email receivers created the file, that is likely enough to bring to HR. They will need to be asked if they did it and confronted with evidence if they deny, or come up with a business reason if they come clean. If caught lying or no business reason can be presented for modifying a co-workers computer without their knowledge then you have a pretty strong case for disciplinary action.
Ethically even if her emails are company property that does not mean that they are authorized to be shared with the particular people who were receiving them (just like you can't take all of your boss's emails when they aren't looking even though those emails are company property).
answered Mar 23 '16 at 19:49
Myles
25.4k658104
As a "Just in case whoever did this was careless" if you go into the properties of the undesirable .rwz file and get the details of date created and owner. This isn't 100% however if the file was created by one of the suspicious peers that is a pretty strong indication of malicious intent. If one of the email receivers created the file, that is likely enough to bring to HR. They will need to be asked if they did it and confronted with evidence if they deny, or come up with a business reason if they come clean. If caught lying or no business reason can be presented for modifying a co-workers computer without their knowledge then you have a pretty strong case for disciplinary action.
Ethically even if her emails are company property that does not mean that they are authorized to be shared with the particular people who were receiving them (just like you can't take all of your boss's emails when they aren't looking even though those emails are company property).
answered Mar 23 '16 at 19:49
Myles
25.4k658104
edited Mar 23 '16 at 20:17
answered Mar 23 '16 at 19:49
Myles
25.4k658104
answered Mar 23 '16 at 19:49
Myles
25.4k658104
answered Mar 23 '16 at 19:49
Myles
25.4k658104
25.4k658104
Thanks, Myles. Though as far as I know, the .rwz file is only created when you export the rules. If Jane does that then the details of that file of course are going to say Jane made it today. So unfortunately it's not helpful. I tried googling how to find out who originally made a rule, but am not finding anything.
– Andarta
Mar 23 '16 at 20:57
Sorry Andarta that was phrased badly on my part. I intended that to be a part of the perpetrator needing to be careless. More likely that the perpetrator built this rule on their machine, exported it to a thumb drive or common drive and then imported it rather than building it from scratch on her system (unless she leaves her computer unlocked and unattended for long periods of time). If they left this file on a common drive or on her machine you have evidence.
– Myles
Mar 24 '16 at 14:26
oooooh...I see, @Myles. Interesting idea, I hadn't thought of that. I searched on our shared drive and that didn't have anything. I could maybe have her try looking on her computer. Though recently her computer needed some sort of work done so the IT guy here was on it anyway - it would have been very easy for someone to have him set it up directly on her machine either then or when she was first set up on it. Thanks!
– Andarta
Mar 24 '16 at 16:17
suggest improvements |Â
Thanks, Myles. Though as far as I know, the .rwz file is only created when you export the rules. If Jane does that then the details of that file of course are going to say Jane made it today. So unfortunately it's not helpful. I tried googling how to find out who originally made a rule, but am not finding anything.
– Andarta
Mar 23 '16 at 20:57
Sorry Andarta that was phrased badly on my part. I intended that to be a part of the perpetrator needing to be careless. More likely that the perpetrator built this rule on their machine, exported it to a thumb drive or common drive and then imported it rather than building it from scratch on her system (unless she leaves her computer unlocked and unattended for long periods of time). If they left this file on a common drive or on her machine you have evidence.
– Myles
Mar 24 '16 at 14:26
oooooh...I see, @Myles. Interesting idea, I hadn't thought of that. I searched on our shared drive and that didn't have anything. I could maybe have her try looking on her computer. Though recently her computer needed some sort of work done so the IT guy here was on it anyway - it would have been very easy for someone to have him set it up directly on her machine either then or when she was first set up on it. Thanks!
– Andarta
Mar 24 '16 at 16:17
Thanks, Myles. Though as far as I know, the .rwz file is only created when you export the rules. If Jane does that then the details of that file of course are going to say Jane made it today. So unfortunately it's not helpful. I tried googling how to find out who originally made a rule, but am not finding anything.
– Andarta
Mar 23 '16 at 20:57
Thanks, Myles. Though as far as I know, the .rwz file is only created when you export the rules. If Jane does that then the details of that file of course are going to say Jane made it today. So unfortunately it's not helpful. I tried googling how to find out who originally made a rule, but am not finding anything.
– Andarta
Mar 23 '16 at 20:57
Sorry Andarta that was phrased badly on my part. I intended that to be a part of the perpetrator needing to be careless. More likely that the perpetrator built this rule on their machine, exported it to a thumb drive or common drive and then imported it rather than building it from scratch on her system (unless she leaves her computer unlocked and unattended for long periods of time). If they left this file on a common drive or on her machine you have evidence.
– Myles
Mar 24 '16 at 14:26
Sorry Andarta that was phrased badly on my part. I intended that to be a part of the perpetrator needing to be careless. More likely that the perpetrator built this rule on their machine, exported it to a thumb drive or common drive and then imported it rather than building it from scratch on her system (unless she leaves her computer unlocked and unattended for long periods of time). If they left this file on a common drive or on her machine you have evidence.
– Myles
Mar 24 '16 at 14:26
oooooh...I see, @Myles. Interesting idea, I hadn't thought of that. I searched on our shared drive and that didn't have anything. I could maybe have her try looking on her computer. Though recently her computer needed some sort of work done so the IT guy here was on it anyway - it would have been very easy for someone to have him set it up directly on her machine either then or when she was first set up on it. Thanks!
– Andarta
Mar 24 '16 at 16:17
oooooh...I see, @Myles. Interesting idea, I hadn't thought of that. I searched on our shared drive and that didn't have anything. I could maybe have her try looking on her computer. Though recently her computer needed some sort of work done so the IT guy here was on it anyway - it would have been very easy for someone to have him set it up directly on her machine either then or when she was first set up on it. Thanks!
– Andarta
Mar 24 '16 at 16:17
suggest improvements |Â
up vote
1
down vote
Andarta, while legal answers may be off topic for this site, legal resources are probably your best resource for ethics questions. Law and ethics are tightly intertwined and that is where you will find the most thorough discussion of what constitutes ethical conduct in this context.
The ethics and legality of what happened are discussed in broad terms in this piece on Privacy in the Workplace from The Berkman Center for Internet & Society at Harvard Law School. In particular, read the introduction. It says that the law in this area is new and evolving. It also provides links to additional resources.
I don't think that Jane should let this go. Jane should not just go to HR, but also to the legal department, and ask them about their internal privacy policy, and tell them about her situation. She should have a conversation with them about this and explain how this made her feel. Does she want to know what to expect from the employer with respect to her privacy? Tell them that. Does she feel that without a policy she feels afraid of doing her work? Does not having a policy contribute to a culture of fear in the workplace? Tell them that. Tell folks in HR and in Legal.
It's not about filing a lawsuit. It's the Legal folks' job to write the privacy policy. It's not an HR job. So she should go to both HR and Legal and convey that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
As others have said, this might have been an innocent technical issue, or may be a sign that the company is monitoring employees and not telling them about it. Or that she is being singled out. Or that there is a malicious employee playing a trick on her. She won't know until she has that conversation. And even then she may not know. But if she is worried and wants to know the truth, this is the way to peace of mind. She should not get angry. She should go with an attitude of curiosity. Don't pass judgement on the company or on HR or on Legal until you hear their side of the story.
answered Mar 23 '16 at 19:52
Give Love
458
1
Most employers will have an IT or privacy policy that states "All electronic communications may be monitored" (and most employees barely skim over those policies in their handbook) but even without such a policy, I think the employer is still in the clear to monitor work emails. Courts have found that employers are generally free to read employee email messages, as long as there's a valid business purpose for doing so.
– Johnny
Mar 23 '16 at 20:23
@Johnny that may well be true. But I still think that Jane should talk to the legal folks. It's not about filing a lawsuit. It's the legal folks job to write the privacy policy. It's not the HR's job. So she should go to them and make the case that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
– Give Love
Mar 23 '16 at 20:42
@Johnny - I understand that technically yes, companies "own" employees' emails and have a right to review them if necessary. But in this case, she was not given a valid business reason for it, and it is her peers getting her emails, not her boss who would be doing the reviewing.
– Andarta
Mar 23 '16 at 20:44
@Andarta - She doesn't need to be given a valid business reason for it, the employer just needs to have a valid business reason. The business case doesn't need to involve a supervisor reviewing her emails, it can just be something as simple as "She's an important member of the Admin team that many in the organization rely on, and we need others on the team to be able to respond to her emails if she's not available". Businesses don't just technically own employee emails, they do own them and are responsible for them.
– Johnny
Mar 23 '16 at 20:53
Employer's right to monitor email is not the same as right to forward to random people without informing the user. Monitoring is generally covered as an IT or compliance department's responsibility, not one for your peers.
– cdkMoose
Mar 23 '16 at 22:50
 |Â
show 2 more comments
up vote
1
down vote
Andarta, while legal answers may be off topic for this site, legal resources are probably your best resource for ethics questions. Law and ethics are tightly intertwined and that is where you will find the most thorough discussion of what constitutes ethical conduct in this context.
The ethics and legality of what happened are discussed in broad terms in this piece on Privacy in the Workplace from The Berkman Center for Internet & Society at Harvard Law School. In particular, read the introduction. It says that the law in this area is new and evolving. It also provides links to additional resources.
I don't think that Jane should let this go. Jane should not just go to HR, but also to the legal department, and ask them about their internal privacy policy, and tell them about her situation. She should have a conversation with them about this and explain how this made her feel. Does she want to know what to expect from the employer with respect to her privacy? Tell them that. Does she feel that without a policy she feels afraid of doing her work? Does not having a policy contribute to a culture of fear in the workplace? Tell them that. Tell folks in HR and in Legal.
It's not about filing a lawsuit. It's the Legal folks' job to write the privacy policy. It's not an HR job. So she should go to both HR and Legal and convey that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
As others have said, this might have been an innocent technical issue, or may be a sign that the company is monitoring employees and not telling them about it. Or that she is being singled out. Or that there is a malicious employee playing a trick on her. She won't know until she has that conversation. And even then she may not know. But if she is worried and wants to know the truth, this is the way to peace of mind. She should not get angry. She should go with an attitude of curiosity. Don't pass judgement on the company or on HR or on Legal until you hear their side of the story.
answered Mar 23 '16 at 19:52
Give Love
458
1
Most employers will have an IT or privacy policy that states "All electronic communications may be monitored" (and most employees barely skim over those policies in their handbook) but even without such a policy, I think the employer is still in the clear to monitor work emails. Courts have found that employers are generally free to read employee email messages, as long as there's a valid business purpose for doing so.
– Johnny
Mar 23 '16 at 20:23
@Johnny that may well be true. But I still think that Jane should talk to the legal folks. It's not about filing a lawsuit. It's the legal folks job to write the privacy policy. It's not the HR's job. So she should go to them and make the case that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
– Give Love
Mar 23 '16 at 20:42
@Johnny - I understand that technically yes, companies "own" employees' emails and have a right to review them if necessary. But in this case, she was not given a valid business reason for it, and it is her peers getting her emails, not her boss who would be doing the reviewing.
– Andarta
Mar 23 '16 at 20:44
@Andarta - She doesn't need to be given a valid business reason for it, the employer just needs to have a valid business reason. The business case doesn't need to involve a supervisor reviewing her emails, it can just be something as simple as "She's an important member of the Admin team that many in the organization rely on, and we need others on the team to be able to respond to her emails if she's not available". Businesses don't just technically own employee emails, they do own them and are responsible for them.
– Johnny
Mar 23 '16 at 20:53
Employer's right to monitor email is not the same as right to forward to random people without informing the user. Monitoring is generally covered as an IT or compliance department's responsibility, not one for your peers.
– cdkMoose
Mar 23 '16 at 22:50
 |Â
show 2 more comments
up vote
1
down vote
up vote
1
down vote
Andarta, while legal answers may be off topic for this site, legal resources are probably your best resource for ethics questions. Law and ethics are tightly intertwined and that is where you will find the most thorough discussion of what constitutes ethical conduct in this context.
The ethics and legality of what happened are discussed in broad terms in this piece on Privacy in the Workplace from The Berkman Center for Internet & Society at Harvard Law School. In particular, read the introduction. It says that the law in this area is new and evolving. It also provides links to additional resources.
I don't think that Jane should let this go. Jane should not just go to HR, but also to the legal department, and ask them about their internal privacy policy, and tell them about her situation. She should have a conversation with them about this and explain how this made her feel. Does she want to know what to expect from the employer with respect to her privacy? Tell them that. Does she feel that without a policy she feels afraid of doing her work? Does not having a policy contribute to a culture of fear in the workplace? Tell them that. Tell folks in HR and in Legal.
It's not about filing a lawsuit. It's the Legal folks' job to write the privacy policy. It's not an HR job. So she should go to both HR and Legal and convey that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
As others have said, this might have been an innocent technical issue, or may be a sign that the company is monitoring employees and not telling them about it. Or that she is being singled out. Or that there is a malicious employee playing a trick on her. She won't know until she has that conversation. And even then she may not know. But if she is worried and wants to know the truth, this is the way to peace of mind. She should not get angry. She should go with an attitude of curiosity. Don't pass judgement on the company or on HR or on Legal until you hear their side of the story.
answered Mar 23 '16 at 19:52
Give Love
458
Andarta, while legal answers may be off topic for this site, legal resources are probably your best resource for ethics questions. Law and ethics are tightly intertwined and that is where you will find the most thorough discussion of what constitutes ethical conduct in this context.
The ethics and legality of what happened are discussed in broad terms in this piece on Privacy in the Workplace from The Berkman Center for Internet & Society at Harvard Law School. In particular, read the introduction. It says that the law in this area is new and evolving. It also provides links to additional resources.
I don't think that Jane should let this go. Jane should not just go to HR, but also to the legal department, and ask them about their internal privacy policy, and tell them about her situation. She should have a conversation with them about this and explain how this made her feel. Does she want to know what to expect from the employer with respect to her privacy? Tell them that. Does she feel that without a policy she feels afraid of doing her work? Does not having a policy contribute to a culture of fear in the workplace? Tell them that. Tell folks in HR and in Legal.
It's not about filing a lawsuit. It's the Legal folks' job to write the privacy policy. It's not an HR job. So she should go to both HR and Legal and convey that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
As others have said, this might have been an innocent technical issue, or may be a sign that the company is monitoring employees and not telling them about it. Or that she is being singled out. Or that there is a malicious employee playing a trick on her. She won't know until she has that conversation. And even then she may not know. But if she is worried and wants to know the truth, this is the way to peace of mind. She should not get angry. She should go with an attitude of curiosity. Don't pass judgement on the company or on HR or on Legal until you hear their side of the story.
answered Mar 23 '16 at 19:52
Give Love
458
edited Mar 24 '16 at 1:33
answered Mar 23 '16 at 19:52
Give Love
458
answered Mar 23 '16 at 19:52
Give Love
458
answered Mar 23 '16 at 19:52
Give Love
458
458
1
Most employers will have an IT or privacy policy that states "All electronic communications may be monitored" (and most employees barely skim over those policies in their handbook) but even without such a policy, I think the employer is still in the clear to monitor work emails. Courts have found that employers are generally free to read employee email messages, as long as there's a valid business purpose for doing so.
– Johnny
Mar 23 '16 at 20:23
@Johnny that may well be true. But I still think that Jane should talk to the legal folks. It's not about filing a lawsuit. It's the legal folks job to write the privacy policy. It's not the HR's job. So she should go to them and make the case that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
– Give Love
Mar 23 '16 at 20:42
@Johnny - I understand that technically yes, companies "own" employees' emails and have a right to review them if necessary. But in this case, she was not given a valid business reason for it, and it is her peers getting her emails, not her boss who would be doing the reviewing.
– Andarta
Mar 23 '16 at 20:44
@Andarta - She doesn't need to be given a valid business reason for it, the employer just needs to have a valid business reason. The business case doesn't need to involve a supervisor reviewing her emails, it can just be something as simple as "She's an important member of the Admin team that many in the organization rely on, and we need others on the team to be able to respond to her emails if she's not available". Businesses don't just technically own employee emails, they do own them and are responsible for them.
– Johnny
Mar 23 '16 at 20:53
Employer's right to monitor email is not the same as right to forward to random people without informing the user. Monitoring is generally covered as an IT or compliance department's responsibility, not one for your peers.
– cdkMoose
Mar 23 '16 at 22:50
 |Â
show 2 more comments
1
Most employers will have an IT or privacy policy that states "All electronic communications may be monitored" (and most employees barely skim over those policies in their handbook) but even without such a policy, I think the employer is still in the clear to monitor work emails. Courts have found that employers are generally free to read employee email messages, as long as there's a valid business purpose for doing so.
– Johnny
Mar 23 '16 at 20:23
@Johnny that may well be true. But I still think that Jane should talk to the legal folks. It's not about filing a lawsuit. It's the legal folks job to write the privacy policy. It's not the HR's job. So she should go to them and make the case that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
– Give Love
Mar 23 '16 at 20:42
@Johnny - I understand that technically yes, companies "own" employees' emails and have a right to review them if necessary. But in this case, she was not given a valid business reason for it, and it is her peers getting her emails, not her boss who would be doing the reviewing.
– Andarta
Mar 23 '16 at 20:44
@Andarta - She doesn't need to be given a valid business reason for it, the employer just needs to have a valid business reason. The business case doesn't need to involve a supervisor reviewing her emails, it can just be something as simple as "She's an important member of the Admin team that many in the organization rely on, and we need others on the team to be able to respond to her emails if she's not available". Businesses don't just technically own employee emails, they do own them and are responsible for them.
– Johnny
Mar 23 '16 at 20:53
Employer's right to monitor email is not the same as right to forward to random people without informing the user. Monitoring is generally covered as an IT or compliance department's responsibility, not one for your peers.
– cdkMoose
Mar 23 '16 at 22:50
1
1
Most employers will have an IT or privacy policy that states "All electronic communications may be monitored" (and most employees barely skim over those policies in their handbook) but even without such a policy, I think the employer is still in the clear to monitor work emails. Courts have found that employers are generally free to read employee email messages, as long as there's a valid business purpose for doing so.
– Johnny
Mar 23 '16 at 20:23
Most employers will have an IT or privacy policy that states "All electronic communications may be monitored" (and most employees barely skim over those policies in their handbook) but even without such a policy, I think the employer is still in the clear to monitor work emails. Courts have found that employers are generally free to read employee email messages, as long as there's a valid business purpose for doing so.
– Johnny
Mar 23 '16 at 20:23
@Johnny that may well be true. But I still think that Jane should talk to the legal folks. It's not about filing a lawsuit. It's the legal folks job to write the privacy policy. It's not the HR's job. So she should go to them and make the case that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
– Give Love
Mar 23 '16 at 20:42
@Johnny that may well be true. But I still think that Jane should talk to the legal folks. It's not about filing a lawsuit. It's the legal folks job to write the privacy policy. It's not the HR's job. So she should go to them and make the case that this situation made her feel uncomfortable, and she would feel better if there were a privacy policy at the company.
– Give Love
Mar 23 '16 at 20:42
@Johnny - I understand that technically yes, companies "own" employees' emails and have a right to review them if necessary. But in this case, she was not given a valid business reason for it, and it is her peers getting her emails, not her boss who would be doing the reviewing.
– Andarta
Mar 23 '16 at 20:44
@Johnny - I understand that technically yes, companies "own" employees' emails and have a right to review them if necessary. But in this case, she was not given a valid business reason for it, and it is her peers getting her emails, not her boss who would be doing the reviewing.
– Andarta
Mar 23 '16 at 20:44
@Andarta - She doesn't need to be given a valid business reason for it, the employer just needs to have a valid business reason. The business case doesn't need to involve a supervisor reviewing her emails, it can just be something as simple as "She's an important member of the Admin team that many in the organization rely on, and we need others on the team to be able to respond to her emails if she's not available". Businesses don't just technically own employee emails, they do own them and are responsible for them.
– Johnny
Mar 23 '16 at 20:53
@Andarta - She doesn't need to be given a valid business reason for it, the employer just needs to have a valid business reason. The business case doesn't need to involve a supervisor reviewing her emails, it can just be something as simple as "She's an important member of the Admin team that many in the organization rely on, and we need others on the team to be able to respond to her emails if she's not available". Businesses don't just technically own employee emails, they do own them and are responsible for them.
– Johnny
Mar 23 '16 at 20:53
Employer's right to monitor email is not the same as right to forward to random people without informing the user. Monitoring is generally covered as an IT or compliance department's responsibility, not one for your peers.
– cdkMoose
Mar 23 '16 at 22:50
Employer's right to monitor email is not the same as right to forward to random people without informing the user. Monitoring is generally covered as an IT or compliance department's responsibility, not one for your peers.
– cdkMoose
Mar 23 '16 at 22:50
 |Â
show 2 more comments
up vote
0
down vote
If it is legal is a legal question and off topic for this site. The law differs country to country.
Let's assume it is legal.
If this was legitimate then most likely it would have been done at the mail server level or Group Policy so she would not know.
If these emails were going to multiple parties they had to notice. FW will be in the subject and the mail sent to you.
I have not verified but if they really were forwarded then they should be in the sent items folder.
I would go to your boss. As it is also kind of a violation of his/her privacy if his/her emails were forwarded.
If you don't feel like you got a good answer from your boss then you can go to HR.
answered Mar 23 '16 at 20:15
paparazzo
33.3k657106
suggest improvements |Â
up vote
0
down vote
If it is legal is a legal question and off topic for this site. The law differs country to country.
Let's assume it is legal.
If this was legitimate then most likely it would have been done at the mail server level or Group Policy so she would not know.
If these emails were going to multiple parties they had to notice. FW will be in the subject and the mail sent to you.
I have not verified but if they really were forwarded then they should be in the sent items folder.
I would go to your boss. As it is also kind of a violation of his/her privacy if his/her emails were forwarded.
If you don't feel like you got a good answer from your boss then you can go to HR.
answered Mar 23 '16 at 20:15
paparazzo
33.3k657106
suggest improvements |Â
up vote
0
down vote
up vote
0
down vote
If it is legal is a legal question and off topic for this site. The law differs country to country.
Let's assume it is legal.
If this was legitimate then most likely it would have been done at the mail server level or Group Policy so she would not know.
If these emails were going to multiple parties they had to notice. FW will be in the subject and the mail sent to you.
I have not verified but if they really were forwarded then they should be in the sent items folder.
I would go to your boss. As it is also kind of a violation of his/her privacy if his/her emails were forwarded.
If you don't feel like you got a good answer from your boss then you can go to HR.
answered Mar 23 '16 at 20:15
paparazzo
33.3k657106
If it is legal is a legal question and off topic for this site. The law differs country to country.
Let's assume it is legal.
If this was legitimate then most likely it would have been done at the mail server level or Group Policy so she would not know.
If these emails were going to multiple parties they had to notice. FW will be in the subject and the mail sent to you.
I have not verified but if they really were forwarded then they should be in the sent items folder.
I would go to your boss. As it is also kind of a violation of his/her privacy if his/her emails were forwarded.
If you don't feel like you got a good answer from your boss then you can go to HR.
answered Mar 23 '16 at 20:15
paparazzo
33.3k657106
answered Mar 23 '16 at 20:15
paparazzo
33.3k657106
answered Mar 23 '16 at 20:15
paparazzo
33.3k657106
answered Mar 23 '16 at 20:15
paparazzo
33.3k657106
33.3k657106
suggest improvements |Â
suggest improvements |Â
up vote
0
down vote
Assuming you have competent admin, this is most likely done by a peer. The admin would be able to do this invisibly at the mail server.
My advice to her would be to remove the rules and see if anyone asks why, and then query why they were there. She shouldn't be doing anything that she needs to hide on her work email anyway. Until someone says something just ignore it, there are too many reasons why it might have been done, both legitimate and malicious.
This underlines why people need to lock their machines when they don't use them, and have a strong password (you can actually password protect your .pst file as well). That way if anything has changed you know that it was done by admin and can query them as to why if you feel the need.
answered Mar 23 '16 at 21:05
Kilisi
94.5k50216376
1
Actually, as an administrative assistant, there are plenty of confidential emails that she might need to hide from peers and others within the company. These emails might be part of a confidential discussion with her manager and/or HR. Lack of privacy for herself does not mean that just anyone in the company can read her email.
– cdkMoose
Mar 23 '16 at 22:39
I agree with cdkMoose. One thing that comes to mind is whether those other admin assistants are spying on her particular boss. Honestly, I'd bring this up with management.
– NotMe
Mar 23 '16 at 23:52
good points, but I'm not the paranoid sort, I tend to take things at face value unless I have a reason not to. So I would assume there was a legit reason at some point in time. I can't see what bringing it up with management would do in a positive way. Start an investigation and make it the office drama of the week? Investigation hasn't much chance of turning anything up. Better to make someone show their hand than look sideways at everyone.
– Kilisi
Mar 24 '16 at 0:58
1
If it was an attempt at sabotage why would the attacker do a blanket forward to multiple people? And on top of that nobody saying anything for seemingly a very long time? It seems like either everyone is in on it or somehow the rule was setup on purpose at some point and just forgotten about. It seems logical to me that someone attempting at espionage would try a more covert approach such as asking an sysadmin or if they knew her password why not simply log in every night and browse emails/files instead of a blanket forward rule?
– Dan
Mar 24 '16 at 16:49
1
I should also add if it was a espionage attempt wouldn't the perpetrator always be one step ahead of Jane? Or at least some sort of internal problems such as accounts missing or identity stolen? Seems like if it was something like that the attack would be known or at least something fishy going on.
– Dan
Mar 24 '16 at 16:53
 |Â
show 1 more comment
up vote
0
down vote
Assuming you have competent admin, this is most likely done by a peer. The admin would be able to do this invisibly at the mail server.
My advice to her would be to remove the rules and see if anyone asks why, and then query why they were there. She shouldn't be doing anything that she needs to hide on her work email anyway. Until someone says something just ignore it, there are too many reasons why it might have been done, both legitimate and malicious.
This underlines why people need to lock their machines when they don't use them, and have a strong password (you can actually password protect your .pst file as well). That way if anything has changed you know that it was done by admin and can query them as to why if you feel the need.
answered Mar 23 '16 at 21:05
Kilisi
94.5k50216376
1
Actually, as an administrative assistant, there are plenty of confidential emails that she might need to hide from peers and others within the company. These emails might be part of a confidential discussion with her manager and/or HR. Lack of privacy for herself does not mean that just anyone in the company can read her email.
– cdkMoose
Mar 23 '16 at 22:39
I agree with cdkMoose. One thing that comes to mind is whether those other admin assistants are spying on her particular boss. Honestly, I'd bring this up with management.
– NotMe
Mar 23 '16 at 23:52
good points, but I'm not the paranoid sort, I tend to take things at face value unless I have a reason not to. So I would assume there was a legit reason at some point in time. I can't see what bringing it up with management would do in a positive way. Start an investigation and make it the office drama of the week? Investigation hasn't much chance of turning anything up. Better to make someone show their hand than look sideways at everyone.
– Kilisi
Mar 24 '16 at 0:58
1
If it was an attempt at sabotage why would the attacker do a blanket forward to multiple people? And on top of that nobody saying anything for seemingly a very long time? It seems like either everyone is in on it or somehow the rule was setup on purpose at some point and just forgotten about. It seems logical to me that someone attempting at espionage would try a more covert approach such as asking an sysadmin or if they knew her password why not simply log in every night and browse emails/files instead of a blanket forward rule?
– Dan
Mar 24 '16 at 16:49
1
I should also add if it was a espionage attempt wouldn't the perpetrator always be one step ahead of Jane? Or at least some sort of internal problems such as accounts missing or identity stolen? Seems like if it was something like that the attack would be known or at least something fishy going on.
– Dan
Mar 24 '16 at 16:53
 |Â
show 1 more comment
up vote
0
down vote
up vote
0
down vote
Assuming you have competent admin, this is most likely done by a peer. The admin would be able to do this invisibly at the mail server.
My advice to her would be to remove the rules and see if anyone asks why, and then query why they were there. She shouldn't be doing anything that she needs to hide on her work email anyway. Until someone says something just ignore it, there are too many reasons why it might have been done, both legitimate and malicious.
This underlines why people need to lock their machines when they don't use them, and have a strong password (you can actually password protect your .pst file as well). That way if anything has changed you know that it was done by admin and can query them as to why if you feel the need.
answered Mar 23 '16 at 21:05
Kilisi
94.5k50216376
Assuming you have competent admin, this is most likely done by a peer. The admin would be able to do this invisibly at the mail server.
My advice to her would be to remove the rules and see if anyone asks why, and then query why they were there. She shouldn't be doing anything that she needs to hide on her work email anyway. Until someone says something just ignore it, there are too many reasons why it might have been done, both legitimate and malicious.
This underlines why people need to lock their machines when they don't use them, and have a strong password (you can actually password protect your .pst file as well). That way if anything has changed you know that it was done by admin and can query them as to why if you feel the need.
answered Mar 23 '16 at 21:05
Kilisi
94.5k50216376
answered Mar 23 '16 at 21:05
Kilisi
94.5k50216376
answered Mar 23 '16 at 21:05
Kilisi
94.5k50216376
answered Mar 23 '16 at 21:05
Kilisi
94.5k50216376
94.5k50216376
1
Actually, as an administrative assistant, there are plenty of confidential emails that she might need to hide from peers and others within the company. These emails might be part of a confidential discussion with her manager and/or HR. Lack of privacy for herself does not mean that just anyone in the company can read her email.
– cdkMoose
Mar 23 '16 at 22:39
I agree with cdkMoose. One thing that comes to mind is whether those other admin assistants are spying on her particular boss. Honestly, I'd bring this up with management.
– NotMe
Mar 23 '16 at 23:52
good points, but I'm not the paranoid sort, I tend to take things at face value unless I have a reason not to. So I would assume there was a legit reason at some point in time. I can't see what bringing it up with management would do in a positive way. Start an investigation and make it the office drama of the week? Investigation hasn't much chance of turning anything up. Better to make someone show their hand than look sideways at everyone.
– Kilisi
Mar 24 '16 at 0:58
1
If it was an attempt at sabotage why would the attacker do a blanket forward to multiple people? And on top of that nobody saying anything for seemingly a very long time? It seems like either everyone is in on it or somehow the rule was setup on purpose at some point and just forgotten about. It seems logical to me that someone attempting at espionage would try a more covert approach such as asking an sysadmin or if they knew her password why not simply log in every night and browse emails/files instead of a blanket forward rule?
– Dan
Mar 24 '16 at 16:49
1
I should also add if it was a espionage attempt wouldn't the perpetrator always be one step ahead of Jane? Or at least some sort of internal problems such as accounts missing or identity stolen? Seems like if it was something like that the attack would be known or at least something fishy going on.
– Dan
Mar 24 '16 at 16:53
 |Â
show 1 more comment
1
Actually, as an administrative assistant, there are plenty of confidential emails that she might need to hide from peers and others within the company. These emails might be part of a confidential discussion with her manager and/or HR. Lack of privacy for herself does not mean that just anyone in the company can read her email.
– cdkMoose
Mar 23 '16 at 22:39
I agree with cdkMoose. One thing that comes to mind is whether those other admin assistants are spying on her particular boss. Honestly, I'd bring this up with management.
– NotMe
Mar 23 '16 at 23:52
good points, but I'm not the paranoid sort, I tend to take things at face value unless I have a reason not to. So I would assume there was a legit reason at some point in time. I can't see what bringing it up with management would do in a positive way. Start an investigation and make it the office drama of the week? Investigation hasn't much chance of turning anything up. Better to make someone show their hand than look sideways at everyone.
– Kilisi
Mar 24 '16 at 0:58
1
If it was an attempt at sabotage why would the attacker do a blanket forward to multiple people? And on top of that nobody saying anything for seemingly a very long time? It seems like either everyone is in on it or somehow the rule was setup on purpose at some point and just forgotten about. It seems logical to me that someone attempting at espionage would try a more covert approach such as asking an sysadmin or if they knew her password why not simply log in every night and browse emails/files instead of a blanket forward rule?
– Dan
Mar 24 '16 at 16:49
1
I should also add if it was a espionage attempt wouldn't the perpetrator always be one step ahead of Jane? Or at least some sort of internal problems such as accounts missing or identity stolen? Seems like if it was something like that the attack would be known or at least something fishy going on.
– Dan
Mar 24 '16 at 16:53
1
1
Actually, as an administrative assistant, there are plenty of confidential emails that she might need to hide from peers and others within the company. These emails might be part of a confidential discussion with her manager and/or HR. Lack of privacy for herself does not mean that just anyone in the company can read her email.
– cdkMoose
Mar 23 '16 at 22:39
Actually, as an administrative assistant, there are plenty of confidential emails that she might need to hide from peers and others within the company. These emails might be part of a confidential discussion with her manager and/or HR. Lack of privacy for herself does not mean that just anyone in the company can read her email.
– cdkMoose
Mar 23 '16 at 22:39
I agree with cdkMoose. One thing that comes to mind is whether those other admin assistants are spying on her particular boss. Honestly, I'd bring this up with management.
– NotMe
Mar 23 '16 at 23:52
I agree with cdkMoose. One thing that comes to mind is whether those other admin assistants are spying on her particular boss. Honestly, I'd bring this up with management.
– NotMe
Mar 23 '16 at 23:52
good points, but I'm not the paranoid sort, I tend to take things at face value unless I have a reason not to. So I would assume there was a legit reason at some point in time. I can't see what bringing it up with management would do in a positive way. Start an investigation and make it the office drama of the week? Investigation hasn't much chance of turning anything up. Better to make someone show their hand than look sideways at everyone.
– Kilisi
Mar 24 '16 at 0:58
good points, but I'm not the paranoid sort, I tend to take things at face value unless I have a reason not to. So I would assume there was a legit reason at some point in time. I can't see what bringing it up with management would do in a positive way. Start an investigation and make it the office drama of the week? Investigation hasn't much chance of turning anything up. Better to make someone show their hand than look sideways at everyone.
– Kilisi
Mar 24 '16 at 0:58
1
1
If it was an attempt at sabotage why would the attacker do a blanket forward to multiple people? And on top of that nobody saying anything for seemingly a very long time? It seems like either everyone is in on it or somehow the rule was setup on purpose at some point and just forgotten about. It seems logical to me that someone attempting at espionage would try a more covert approach such as asking an sysadmin or if they knew her password why not simply log in every night and browse emails/files instead of a blanket forward rule?
– Dan
Mar 24 '16 at 16:49
If it was an attempt at sabotage why would the attacker do a blanket forward to multiple people? And on top of that nobody saying anything for seemingly a very long time? It seems like either everyone is in on it or somehow the rule was setup on purpose at some point and just forgotten about. It seems logical to me that someone attempting at espionage would try a more covert approach such as asking an sysadmin or if they knew her password why not simply log in every night and browse emails/files instead of a blanket forward rule?
– Dan
Mar 24 '16 at 16:49
1
1
I should also add if it was a espionage attempt wouldn't the perpetrator always be one step ahead of Jane? Or at least some sort of internal problems such as accounts missing or identity stolen? Seems like if it was something like that the attack would be known or at least something fishy going on.
– Dan
Mar 24 '16 at 16:53
I should also add if it was a espionage attempt wouldn't the perpetrator always be one step ahead of Jane? Or at least some sort of internal problems such as accounts missing or identity stolen? Seems like if it was something like that the attack would be known or at least something fishy going on.
– Dan
Mar 24 '16 at 16:53
 |Â
show 1 more comment
up vote
0
down vote
If Jane is absolutely sure that she didn't set this up herself (perhaps when taking leave at some point?), then 2 options remain.
One, is that it is an official action to monitor her mailbox. It's quite common among administrative pools to have some form of email sharing setup, though if this was the case she would be aware of it, and there are better ways to implement this. It could also be for disciplinary or performance reasons, but again there are much better ways to set this up. And, ethically she should be made aware of that, and in many jurisdictions, legally she would have to be informed too.
Second, it is an unofficial action, either setup by another assistant or by her manager. This is effectively spying, if there's any chance that she would receive sensitive material by email, a security breach. Sensitive material doesn't have to be classified military secrets, it could be personal employee information (payroll, reasons for absences), it could be a managers calendar, it could be customer information or details of potential customers or sales, it could be details of an upcoming product/service etc.
In either case, I think Jane should consider acting as if it is a security breach and reporting it as such. How she actually does this will depend on her organisation, it may be more appropriate to approach her manager directly (unless she suspects him/her of involvement), or it may be more appropriate to talk directly to IT or IT security. Her organisation's computer usage policy may give some guidance.
If this is something unofficial, it will bring in the right people to address it, if it's something official then at least she will know and will be addressing it head on, and by highlighting how it has been handled may also be protecting herself.
answered Mar 24 '16 at 11:17
Steven Mulkerrins
1011
suggest improvements |Â
up vote
0
down vote
If Jane is absolutely sure that she didn't set this up herself (perhaps when taking leave at some point?), then 2 options remain.
One, is that it is an official action to monitor her mailbox. It's quite common among administrative pools to have some form of email sharing setup, though if this was the case she would be aware of it, and there are better ways to implement this. It could also be for disciplinary or performance reasons, but again there are much better ways to set this up. And, ethically she should be made aware of that, and in many jurisdictions, legally she would have to be informed too.
Second, it is an unofficial action, either setup by another assistant or by her manager. This is effectively spying, if there's any chance that she would receive sensitive material by email, a security breach. Sensitive material doesn't have to be classified military secrets, it could be personal employee information (payroll, reasons for absences), it could be a managers calendar, it could be customer information or details of potential customers or sales, it could be details of an upcoming product/service etc.
In either case, I think Jane should consider acting as if it is a security breach and reporting it as such. How she actually does this will depend on her organisation, it may be more appropriate to approach her manager directly (unless she suspects him/her of involvement), or it may be more appropriate to talk directly to IT or IT security. Her organisation's computer usage policy may give some guidance.
If this is something unofficial, it will bring in the right people to address it, if it's something official then at least she will know and will be addressing it head on, and by highlighting how it has been handled may also be protecting herself.
answered Mar 24 '16 at 11:17
Steven Mulkerrins
1011
suggest improvements |Â
up vote
0
down vote
up vote
0
down vote
If Jane is absolutely sure that she didn't set this up herself (perhaps when taking leave at some point?), then 2 options remain.
One, is that it is an official action to monitor her mailbox. It's quite common among administrative pools to have some form of email sharing setup, though if this was the case she would be aware of it, and there are better ways to implement this. It could also be for disciplinary or performance reasons, but again there are much better ways to set this up. And, ethically she should be made aware of that, and in many jurisdictions, legally she would have to be informed too.
Second, it is an unofficial action, either setup by another assistant or by her manager. This is effectively spying, if there's any chance that she would receive sensitive material by email, a security breach. Sensitive material doesn't have to be classified military secrets, it could be personal employee information (payroll, reasons for absences), it could be a managers calendar, it could be customer information or details of potential customers or sales, it could be details of an upcoming product/service etc.
In either case, I think Jane should consider acting as if it is a security breach and reporting it as such. How she actually does this will depend on her organisation, it may be more appropriate to approach her manager directly (unless she suspects him/her of involvement), or it may be more appropriate to talk directly to IT or IT security. Her organisation's computer usage policy may give some guidance.
If this is something unofficial, it will bring in the right people to address it, if it's something official then at least she will know and will be addressing it head on, and by highlighting how it has been handled may also be protecting herself.
answered Mar 24 '16 at 11:17
Steven Mulkerrins
1011
If Jane is absolutely sure that she didn't set this up herself (perhaps when taking leave at some point?), then 2 options remain.
One, is that it is an official action to monitor her mailbox. It's quite common among administrative pools to have some form of email sharing setup, though if this was the case she would be aware of it, and there are better ways to implement this. It could also be for disciplinary or performance reasons, but again there are much better ways to set this up. And, ethically she should be made aware of that, and in many jurisdictions, legally she would have to be informed too.
Second, it is an unofficial action, either setup by another assistant or by her manager. This is effectively spying, if there's any chance that she would receive sensitive material by email, a security breach. Sensitive material doesn't have to be classified military secrets, it could be personal employee information (payroll, reasons for absences), it could be a managers calendar, it could be customer information or details of potential customers or sales, it could be details of an upcoming product/service etc.
In either case, I think Jane should consider acting as if it is a security breach and reporting it as such. How she actually does this will depend on her organisation, it may be more appropriate to approach her manager directly (unless she suspects him/her of involvement), or it may be more appropriate to talk directly to IT or IT security. Her organisation's computer usage policy may give some guidance.
If this is something unofficial, it will bring in the right people to address it, if it's something official then at least she will know and will be addressing it head on, and by highlighting how it has been handled may also be protecting herself.
answered Mar 24 '16 at 11:17
Steven Mulkerrins
1011
answered Mar 24 '16 at 11:17
Steven Mulkerrins
1011
answered Mar 24 '16 at 11:17
Steven Mulkerrins
1011
answered Mar 24 '16 at 11:17
Steven Mulkerrins
1011
1011
suggest improvements |Â
suggest improvements |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f64076%2fethics-regarding-setup-of-forwarding-rules-unknown-to-mailbox-owner%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
2
Some of this will come down to your company's privacy policies. In some companies work emails are company property with no expectation of privacy, in other companies your communications are explicitly your property unless a court orders otherwise.
– Myles
Mar 23 '16 at 18:44
5
if she is singled out and only her mails are being forwarded to her peers while her peers were keeping their emails to themselves, it might be a problem. But in general, workplace email is the employer's property and one should have no explicit or implied expectancy of privacy.
– MelBurslan
Mar 23 '16 at 18:47
1
@MelBurslan Implied privacy of email varies a lot. In my company without a court order we are not even allowed to view the email of employees who have died. Apparently this is in compliance with German privacy laws.
– Myles
Mar 23 '16 at 19:14
1
I'm curious: How did she discover the rules were in place? Was she trying to set up a new rule or did she have an idea that something like this was going on? She should talk to her direct manager about this. If her manager doesn't know anything about it then there might be a far larger problem that the company need to investigate.
– NotMe
Mar 23 '16 at 23:50
2
@MelBurslan her e-mails being employer property is one thing, sharing them without her knowledge is another. Assuming that the employer has the obligation to protect her personal data, any e-mail from HR with such data opens the company for a lawsuit, if that mail got disclosed to her peers.
– Dmitry Grigoryev
Mar 24 '16 at 12:06