My friend Martin McKeay posted a few days back about email privacy. Another friend, the great Alan Shimel, responded with some thoughts of his own. In light of these posts, I found interesting the following story from another friend (not a blogging buddy).
Here’s the story: My friend works at a rather large national sales-type company. He has worked there for about the last 10 years. Recently, the company cut quite a few staff in an effort to get rid of some bloat they had accumulated over the years. My friend was passed over by the cuts. He actually got a promotion out of it because he was placed in charge of a territory that was previously run by 5 sales managers and several account managers (so either they did have substantial bloat, or they are trying to kill my friend instead of firing him).
After my friend received his promotion and started to take over the operation of his new territory, his boss informed him that the IT department had been instructed to forward all emails of the previous managers to his inbox. This was done for obvious reasons, and my friend got ready for the deluge of emails. What surprised him was that he started recieving the emails of an additional 5 sales people that were now his employees, and he knew that neither he nor his boss had requested this to be done.
After scratching his head for a few minutes, my friend decided to check with his boss to see what was going on. You can probably see where this is going, but basically, they found that one of the previous managers that got the axe was spying on his sales people. According to my friend (and I believe him), this guy was a micro-manager from hell, and he would not let his sales people make any decisions without his explicit approval. He basically beat his employees into submission and made them little more than robots doing his will. But he was smart enough to keep this from his boss.
He made sure that his boss knew nothing about the emails being forwarded to him by going directly to a single IT person and asking to have this done. I have no clue about the company’s change management process (it is obviously pretty weak), but I guess this IT guy was either bribed or just charmed into doing this without ever letting anyone else know about it. And the IT guy could not really be held accountable after they discovered what had happened because he had taken an early retirement option that had been offered when the company was cutting back (they ended up letting 48 IT people go by either layoffs of early retirement).
So what are some lessons here? First, change management is important. This could not happen (or would be less likely) if the company had a strong change management process that made requests go through the system, and those requests were checked by more than just one individual. Second, system reviews are important. Even if something like this slips by, having a regular review of systems from someone outside this particular responsibility area would have likely turned up something fishy. Third, your privacy is never guaranteed, especially in email and in an employment situation. Though this was done incorrectly, and these employees (according to my friend) did not know they were being monitored, it is still within the rights of the company to check up on the employee’s corporate email.
Vet
Of course, the problem is that monitoring work e-mail is legal and quite wide-spread. Furthermore, monitoring software is just as pervasive in the workplace, often not showing up as a running program/process to the uninitiated.
Don’t like the current status? Talk to your congressmen… Of course, Bush maybe reading it first…
LonerVamp,
Very good point. I have seen many requests come across my desk or asked face-to-face by unit managers or supervisors. I tried to always ask whether or not it should be done and then passed it up for a decision, but I can see where not everyone would do that. Thanks.
Michael
I think I would add #4: have policies stating expectations. While change management is very important, people need to know who can make change requests, what they can request, limits, etc. Without a policy in place, this manager may have made what sounded like a reasonable request to the IT guy. There may have been no cajoling or bribery at all, just an IT dude being asked to do something by a manager-type. Many IT people would just do it…managers constantly make unreasonable or uninformed requests of IT, from access to devices to geting things done. It is a constant barrage, and not every corporate culture is very supportive of IT people who say, “wait a minute, should you be doing this?”
I would think that the employer clearly needs to disclose their monitoring of email as part of introducing the practice (preferably by way of an employee-signed document). Most of the places I have worked had done this. So, the “didn’t know” defense really doesn’t stick in most cases.
On the other hand, if it is being done by a manager to monitor his staff, you’ve got to really question that guy’s management-, prioritizing- and time management skills!