Is My Boss Reading My Personal E-mail?

Your employer can monitor all electronic communication to and from work equipment, especially when it's sent over the corporate network

Nick Sparagis asks a question no doubt on the minds of anyone who logs onto personal e-mail while at work: The Hewlett-Packard (HPQ) scandal has brought to the surface the curiosity I have had for quite a long time about snooping. I know that using corporate e-mail is always a bad idea for personal use, but how about Web-based e-mail programs like Yahoo! Mail (YHOO) or Google's Gmail (GOOG) inside your corporate network? Can a company read these messages also, if they go through the corporate network? How about my instant messages?

The safest assumption for any employee is that anything he or she sends across an employer's network can and probably will be monitored. This is a widespread and perfectly legal practice, since as a matter of law, electronic communications that you create on your employer's equipment are regarded as the employer's product. As a practical matter, however, the level of monitoring will vary generally both with the type of enterprise and the nature of the traffic.

Messages sent over the corporate e-mail system are generally subjected to the most scrutiny (in some organizations subject to regulatory compliance regimes, such monitoring may actually be required). E-mails sent and received are frequently archived, so copies may exist even of messages that you have deleted. In addition, many companies run messages, especially outbound traffic, through software designed to detect text that might contain confidential company information or "inappropriate" content, however defined by the company.

Eyes Everywhere

Instant messages sent over a company's internal IM system are probably treated much like e-mail. IMs sent over a public system such as AOL Instant Messaging or Yahoo! Messenger are more problematic. If the traffic goes over the company network, it may be monitored and archived. Odds are it isn't, but you can't be sure.

Most organizations monitor, log, and often filter the Web addresses their employees visit. They are less likely to monitor the content of interactions, such as the mail you send or receive through such services as Yahoo! Mail, Gmail, or Microsoft's (MSFT) Hotmail. But they can, and it is safer to assume that they do. Transactions with secure Web sites, such as your bank and most e-commerce sites, are encrypted from end to end. Network monitors can keep track of what sites you connect to but cannot see the contents of any transactions.

The bottom line: You probably are being watched. It's best to keep your personal business personal and off the company's computers and network. But if, like so many of us, you seem to spend most of your waking hours at work, doing some personal business on company time is almost inevitable. Just know your employer's policies and rules and abide by them.

Before it's here, it's on the Bloomberg Terminal.