Hacker News new | ask | show | jobs
by Spooky23 1765 days ago
This. +100

I used to think people were paranoid about this stuff until I ran a big email system. Most big companies have a department in compliance or counsel that reads your mail, either in response to a complaint or randomly depending on the industry.

Accused of sexual harassment? Your JDate and Match emails support the idea that you’re lonely. An external entity thinks somebody embezzled money? Your late credit card notice projects that you have money woes.
4 comments
renerthr 1765 days ago
> Most big companies have a department in compliance or counsel that reads your mail

They read the email of your personal email account if you use it in the company-owned phone? Or they read the email of your company email account?

In other words, when you say 'This. +100', what do you mean by 'This'? The parent comment raised many points and I'm confused as to which one you're referring to.

Edit: To be clear, it's my fault because I'm new to these things and I don't understand them well.

link
dylan604 1765 days ago
+100 to the entire way of thinking from the original post. work/personal should be treated like church/state where they are kept separate.

yes, if you read your personal email on a corp device, then there's a good chance corp is reading your personal emails. and 100% yes, the corp can/do read your corp email. they are required to keep copies of every email sent by employees, so just assume at some point some corp lawyer can/will be reading them.

link
renerthr 1765 days ago
> they are required to keep copies of every email sent by employees

Required by who? (Sorry, I'm not so knowledegable about these things)

link
dylan604 1765 days ago
Corporations have to follow guidelines/rules/laws in order to be in good standing. If the corp is sued, the corp will have to respond to discovery requests from the plantiff's attorneys. In the past, so many companies have deleted emails so that they did not have to turn over incriminating evidence has lead to laws being passed that require a minimum amount of document storage. I don't know the details other than it is a thing.

Edit: search "email retention laws" for more precise rules and specifics

link
tpxl 1765 days ago
The corp having to give out emails on legal requests does not in any way shape or form imply they read your mails regularly. They certainly aren't allowed to in some parts of Europe, even though they have to respond to legal requests.
link
dylan604 1765 days ago
>imply they read your mails regularly.

No, but the point is they can. And if there is anything they feel they need to protect themselves, they can investigate. Most corp employees are just too damn busy avoiding doing their regular tasks to be bothered to snoop other employee emails. Yes, I agree that it's not like someone is just tasked with reading all email every day. The point is that they can and do when necessary. Once they start reading, they have no idea where the trail ends so they will be reading a lot.

It all comes down to the same thing stated here multiple times, don't send any messages on corp equipment that you wouldn't want to see read aloud in front of your manager/boss or worse a courtroom.

link
Spooky23 1765 days ago
It depends on locale and industry.

Some companies sample mail and flag for manual inspection.

link
Spooky23 1765 days ago
There are a few different dimensions here. Note that I’m in the US and have experience specific to larger entities.

For you conducting any personal business on work devices, it is pretty easy for employers to get tools that can detect and even capture that activity. That ranges from grabbing files on the device to periodically or continuously recording screen content.

For conducting personal business on work services, that is trivially searchable with O365 or Google Workplace. Some industries (banking, finance) are required to retain all mail and sample it for policy violations. Sometimes contractors are roped into doing this by contract terms. Sometimes dating coworkers becomes a problem when you communicate on work systems in unexpected ways — anything you do is essentially public.

For conducting business on personal devices, employers cannot generally search through your content. (Unless security or other products are present — for example Crowdstrike or similar EDR tools will log most executable launches) But, if evidence exists that you use personal stuff for business and there is a litigation event or investigation, you can be compelled by a court to turn over your personal gear. That risk depends on what you do for a living and for who. (For example, a government employer may have an inspector general with police subpoena powers, if you are a decision maker in a company, a civil suit may focus on something you said or didn’t say)

All-in-all, the best policy is to keep work away from your personal business and vice versa within reason. The meaning of “Within reason” depends on your circumstances. The issues for a unionized white collar worker at a factory are different than an at-will financial analyst at some big bank.

link
ashtonkem 1765 days ago
Plus, if you quit then recovering all those accounts is incredibly annoying.
link
tlogan 1765 days ago
Exactly. And do not sign up for online services you are using personaly with work email.
link
lostlogin 1765 days ago
I work in healthcare. It blows my mind how many people use a work email for communication regarding medical appointments including results and very personal information.

I’m a complete outlier in how conservative I am with this stuff and I’m nowhere near as fastidious as the HN gold standard.

link
Silhouette 1765 days ago
It blows my mind how many healthcare providers routinely transfer sensitive information over insecure channels like email in the first place and ask the patients or carers involved to do the same. The most basic data protection regulations enshrined in law in my country are being openly violated, to say nothing of medical ethics and patient confidentiality.
link
lostlogin 1765 days ago
In New Zealand the move to email comes after faxes were deemed insecure. It’s pretty much universally used, despite the issues.
link
Spooky23 1765 days ago
I’m not looking forward to the day the US government stops believing in the magical security properties of fax machines with respect to HIPAA.
link
acomjean 1765 days ago
I had a co-worker that signed up with everything with his work email. Actually he did all his internet stuff from work (didn't have home access oddly) After some badgering from us he got his own email. when he was hit in the second round of layoffs this helped him a lot.. Even if he was initially schlepping to library to get his email..
link
CaptainZapp 1765 days ago
> Most big companies have a department in compliance or counsel that reads your mail

Thankfully that's illegal herearound. And I work in finance.

There certainly are automated controls on all communication systems and all mails (and relevant phone calls) are recorded and retained. This being a regulatory requirement.

I'm also pretty sure that there's pattern detection software running on those systems to flag potentially problematic communications.

But indiscriminate email monitoring is illegal without a very good reason (suspected fraud, circumvention of regulatory or compliance requirements, etc) is illegal.

This still doesn't mean that I would mix the personal with work on my personal device but I'm glad there are such protections in place.

link