Where is the Line on Email Privacy? 103
"It could be interpreted that the company is looking for evidence of impropriety or dishonesty on the part of the prior employee, but there was never a question before the sudden termination to suggest anything out of the ordinary was ongoing. I am such an admin. I am ready to allow access to the company requesting it. Several details are bugging me though. First, I have never been asked for access to any other terminated employees' email. Second, I recently inquired about preserving email for a different employee and got the short answer that all company ties had to be completely terminated. Third, the server is not owned by the company in question. I'm completely (other than the following item) independent of the company. Fourth, it's my relative's account.
I've simply not responded so far, but how far do I go? I'm not an ISP and I don't have agreements with the users. I'm also not the IT dept.
Has anyone else had anything remotely similar, and if so; how did you respond?"
Is this a business account? (Score:5, Insightful)
Re:Is this a business account? (Score:5, Interesting)
My personal policy in those cases is: the mailbox was empty at the time the account was blocked. All e-mail to it was bounced since.
Re:Is this a business account? (Score:1, Insightful)
Re:Is this a business account? (Score:2)
NOT here in Brasil. E-mail is by law on par with telephonical communications, so tapping without judicial warrant is a crime. Total privacy is expected.
You, but no matter where you are a lot hinges on whose account it was--the company's or the employee's. Sometimes, it's obvious (bob.smith.personal@company.com or customer.service@company.com) but most of the time it's not. Many small companies have customers direct mail to an individual ("just send me your shipping info and I'll get that right out to
Re:Is this a business account? (Score:2, Interesting)
Re:Is this a business account? (Score:3, Insightful)
Re:Is this a business account? (Score:2)
I believe by UK law that is not the case. software programmed by you that has no relevance to your job whatsoever is still owned by you. Interestingly, you can also claim ownership of program code in your field of work if you come up with an innovation in that field that you would not be expected to produce, ie coming up with a brand new ultra high speed sorting algorithm while doing some low level grunt
Re:Is this a business account? (Score:2)
Really? If, as the grandparent post said, the software was written on work time, I'd assume (but it is an assumption) that it belonged to my employer.
My employment contract does state explicitly that the company has no claim over anything I write using neither work resources nor work time, which seems a reasonable compromise on the "who owns it" question. I wasn't awa
Re:Is this a business account? (Score:2)
not much help I know but if it's important to you, central libraries have lots of useful books about this kinda thing
dave
Re:Is this a business account? (Score:2)
You're stupid to think that just because someone else owns the lines, you suddenly don't have any privacy. The telephone company owns the lines you use to tell the latest dirty secret to your wife.. by your logic, they have a right to listen in.
Duh!
Re:Is this a business account? (Score:2)
Re:Is this a business account? (Score:1)
Oh wait...dammit.....
Re:Is this a business account? (Score:3, Insightful)
The owner of the email is the employee, and the only one with the right to read it is the recipient, unless it's corporate email.
P
Re:Is this a business account? (Score:1, Flamebait)
Re:Is this a business account? (Score:3, Insightful)
You're damn fucking straight a company owes me something: Simple human dignity. If you treat an employee like a fucking scumbag, they're far more likely to act like one.
And who's the troll? I have no problem putting food on the table, and I won't have a problem doing so for many years to come.
If the only way to communicate with personal relations is via company email, the company has no right to listen in to the latest saga in that employee's personal health problems.
You think y
Re:Is this a business account? (Score:3, Insightful)
Quite aside from what the law says or doesn't say, it's asshole bosses like you who make companies fail.
Treat your employees like shit, and you'll never get good performance. It is fundamentally impossible to have accurate communication with people
Re:Is this a business account? (Score:2)
I think you slipped and made your personal prejudices a little bit too apparant there.
Pete.Re:Is this a business account? (Score:2)
Re:Is this a business account? (Score:1)
If they're spending 30% of their time on personal phone calls, their work won't get done, their job performance will be terrible, and you'll have adequate grounds for termination - without having to audit e-mail o
Re:Is this a business account? (Score:2)
Re:Is this a business account? (Score:3, Insightful)
But is it?
Of course, as an employer, you're entitled to expect your employees to do their jobs to the best of their ability, in exchange for whatever compensation you agreed. That is not in question.
However, you also have to recognise that you're employing real people with real lives. Some things basically have to be done during o
Re:Is this a business account? (Score:2)
Ah, so that's your bias here. You're not by any chance also based in the US, are you? This heartfelt attitude of "employees are slaves to their employers" seems to be peculiar to (management in) that part of the world.
Fortunately, just because you wrote somethin
Re:Is this a business account? (Score:4, Interesting)
No, no, no, to the law only matters whose communication it is.
Fine, but that doesn't change my point.
So, my mailbox in the company account is mine. It's my communication.
It might be, but it might be someone you have never met trying to contact the company to get a problem resolved, order something, etc.
My point is and was that you can't reasonably assume that all mail that comes to someone's e-mail account at work is an attempt to communicate with them and not an attempt to communicate with the company. If bdp@cryptic.com is answered by a guy named Bruce for a while and then subsequently given to someone named Betty, it might be a case where she's getting his personal communications (e.g. he's Bruce Donald Parsly and she's Betty Due Purdy), or it might be the company's (e.g., they both handle support for the company's Best Darned Product (tm) and he's just been promoted to janitor, leaving her stuck withall the support mail).
The point? You can't tell for sure without more information.
-- MarkusQ
Re:Is this a business account? (Score:2)
IF the facilities are owned by the company, then you have no privacy. It's as simple as that. Haven't you guys heard of all the neat spyware some employers use to watch the activities of employees? That's all legal in a work setting.
The thing that puts this into a gray zone in my mind is that the company doesn't own the hardware. They own the email address itself to the extent that you own mycompany.com. Yet if this provider is doing this without compensation I would ima
Re:Is this a business account? (Score:2)
This is incorrect. An employee has a right to privacy, even for work provided email, here in the EU.
Re:Is this a business account? (Score:5, Interesting)
--trb
Pass the buck on business (Score:2)
Since we were used to full control, we went with something that provided administration features via the webmail system. With this we can set up lists, and more relevantly to this issue, set users passwords (among other things).
If ever somebody left the company (good terms or not) and we needed access to their email (for evidence, or just
Re:Pass the buck on business (Score:2)
Also, our CEO also has the password to the admin account, so if the Sr. producer left, the CEO would still be able to access it.
Re:Is this a business account? (Score:1)
It's generally recognized, though, that individuals are permitted to do private things while at work. One's spouse calls on the company phone to have one bring stop at the store to bring home some tofu or whatever: the phone (and email) is a conduit to the private world.
At the University of California a former employee's email account might be suspended but it is never released to that former employees nominal employer (the supervisor,
employee contact (Score:2, Informative)
If the employee's contract, like mine, states that the company owns all e-mail communication then they owns it.
Re:employee contact (Score:3, Interesting)
Re:employee contact (Score:2)
Nope, because you are in the EU and the EU Human Rights convention grants you the right to have your privacy respected, as implemented in, eg in the UK, the Human Rights Act. There already has been a case before the EUCHR on this subject, i cant find reference to in google unfortunately, but the gist was that an employer read an employees mail and discovered they were gay and the employer was tak
In my case (Score:2, Interesting)
Re:In my case (Score:3, Insightful)
I'm not going ethical into these things, I'm selling services...
If that's so, then you shouldn't be doing what you said you'd do. If your customer (the employer) tells you to delete the account, you delete it. But if they want the data, at least in the USA, it's theirs. And if you delete it, expect them to ask for the data to be restored from your backups.
Failing to turn it over to them or deleting it without their permission may get you sued, and rightly so. Unless your contract with the employer s
Remeber who is paying (Score:5, Interesting)
How they choose to use the mail boxes is their business. Trying to override your customers idea of correct policy towards their staff will only cost you their business and the resulting bad reputation will hurt you.
My sympathies if its your relative, you could always lie and say that the box was deleted when the employee left.
Re:Remeber who is paying (Score:1)
Scenario 1:
Co -- hi. this is your client, company X, and we'd like to disable account to employee Y.
Me -- ok, one minute, ok. the account is disabled.
Co -- oh, and I would like the content of the mailbox to be sent to employee Z.
Me -- ok, one minute, ok. the mbox was empty [NOTE: don't even bother to look].
Co -- oh, and I would like to redirect all e-mail sent to it to employee Z, also.
Me -- ok, one m
Re:Remeber who is paying (Score:3, Insightful)
Re:Remeber who is paying (Score:1)
Re:Remeber who is paying (Score:2)
Don't give business to someone who lies to you.
There are still honest people in this world.
Newsflash: (Score:2)
Re:Newsflash: (Score:2)
Well, then name three such businesses I have just given my custom to - tell me how they are currently lying to me.
Re:Remeber who is paying (Score:2)
You email passwords? Unencrypted? In the freakin' clear?
Dude... I'm nervous about giving passwords over the phone if I don't know the recipient well. That's trusting a lot of security, including their [the recipient of the password] Outlook Express and virus scanner. Odds are, that email will be saved. Some viruses have forwarded out old emails for fun.
Are you still a sysadmin?
Re:Remeber who is paying (Score:2)
2. who said anything about unencrypted?
3. yes and no. I work as a developer and as a system administration (yes, security) consultant.
HTH,
Re:Remeber who is paying (Score:2)
-Josh
Re:Remeber who is paying (Score:3, Interesting)
Old story - a sys/admin at company I was doing consulting for was bragging on his security at lunch with me one day, I told him I could hack my way onto his netw
IANAL (Score:3, Interesting)
me look left
me look right
me still sees no lawyers.
This is an ethical or moral or legal question (depending on your particular viewpoint).
Slashdot, to the extent it's not a troll-fest and crap-flooder's convention, is a technical forum.
That said, this techie's understanding of the relevant law is that an employee's email, as any other work-product, belongs to the company that paid for the email account and paid the employee for the time the employee spent producing the email.
On the other hand, at one time and place -- Feudal Europe -- "employers" thought they also had the right of droit du seigneur [bartleby.com] too, so we shouldn't fall into the trap of believing that something is right just because it's legal.
Perhaps by asserting that privacy trumps payment you'll be striking a blow for freedom that will be remembered, centuries from now, as the beginning of our liberation from employers who today claim that they can lock employees in warehouses, denying them medical attention [metafilter.com] or can strip search workers accused of theft. [hubbartt.com]
Re:IANAL (Score:1)
This is almost entirely, if not entirely, a myth [snopes.com].
Policy, policy, policy (Score:5, Informative)
As resident information officer for my little company, I've had both legal advice (in UK) and experience of similar situations.
First off, the paperwork you need to worry about is the stuff between you (3rd party email services provider) and your customer (the company). What the company did or didn't say to the employee isn't really your problem - although it is their problem.
Now, ideally, your contract, or your services schedule would contain something saying just what happens in this situation. If not - now's the time to add it!
I would think that if the company phoned up and said 'sorry to be thick but I've forgotten the password for account xyz can you reset it?' then you'd do that, because handling lost or forgotten passwords is what you as service provider do.
And that, basically is what has happened. Now, it _may be_ that the company actually promised the employee that it wouldn't read their old email once they'd left (a somewhat odd promise anyway). But, that's not your problem. You aren't helping the company break its promise, because you don't know about it's promise.
More importantly it's NOT YOUR PLACE to determine your customer's privacy policies. That's actually quite important because your customers are (under UK law) liable for YOUR decisions regarding privacy. In order to deal with that liability your customers need to know what you will do in a given situation, and simply turning round and saying 'sorry dude I'm not going to tell you that' isn't good enough. A privacy policy that's too strict is just as bad as one that's too loose.
That last sentence may seem odd, but consider this. Your customer is liable under the UK Data Protection Act for any personal information it holds. Now, just before Employee left the company, someone sent a copy of their CV to Employee on the off chance of getting a job. Now, that CV is sensitive personal information, and Company MUST be able to access it and/or remove it if the author of the CV so requests.
So, it's no good them saying 'sorry, we can't delete your CV from our mail server because our ISP won't let us, so I guess it'll just hang around on the hard disk for ages until some guy somewhere with a root password takes a look at it'.
No good at all, you see?
So, my advice is:
1) Don't play 'privacy hero' and decide what your customers can and can't do.
2) Get some data protection rules into your contracts asap.
3) Meanwhile act assuming that the customer is honest and decent - if they aren't it won't be your fault, but if you pre-judge them as evil spying people then it will be your fault
Where's the problem? (Score:1)
depends on the country you are in (Score:2)
In the UK, I think the answer would be know with a policy document that the 'user' has agreed to. This of course is still open to question as the UK human rights law and RIPE laws currently contradict each other on this. So until a court decides which has precident it's unclear.
How about ... (Score:2, Insightful)
Contact the company and say that as the employee was termintated you (following standard procedure) removed the mailbox and sent a copy to the 'mailbox owner', the employee.
Say you may be able to recover some data if they have a legal case for it.
You should then act on what they say, but you have something in writing to prevent you being sued by the employee fo
Re:How about ... (Score:1, Insightful)
check with local lawyer. (Score:4, Insightful)
geez, why do people have to ask these things from slashdot?? ALL YOU GET IS OPINIONS ON HOW IT SHOULD BE, NOT THE CURRENT STATE OF THE LAWS IN THE COUNTRY YOU'RE IN.
for example there are countries in which you CAN NOT read employees email legally unless you have explicitly said&informed that you will read it when you gave that account to him/her(or along those lines anyways, and it must have been very clearly said/informed to the person in question that the mail isn't private despite being protected by a password and seeming to be for his/her eyes only, otherwise it's the same as receiving a letter with the employees name at the office, falling under 'letter secrecy'.). same goes for other 'private' material like tracking calls against the will of the employee(even if the business is paying for the line)..
one of the very good reasons for laws to exist is to make limits on what rights of yours you can give away... businesses don't come before people!
In Order of Importance... (Score:3, Insightful)
-Your contractual obligations and anything you've committed yourself to. See #1.
And you could argue about the following:
-Your customer's needs, your conscience, your reputation, etc etc etc.
Laws aside, here's a solution.... (Score:2)
There's no reason to divulge personal or private correspondence, but there's also no reason not to turn over work related information. Keep whatever you do quiet, and I suspect you'd be perfectly fine legally as
Re:Laws aside, here's a solution.... (Score:2)
Re:Laws aside, here's a solution.... (Score:2)
Re:Simply... (Score:4, Insightful)
Seconded. He who pays for it, gets to play with it. Period.
If this company is paying for, say, five email accounts with you, and called up to say 'what is the password for account j.foobar?' then your response should have been 'Oh, of course! The password is: gorblat.'
Period. It's their accounts, you don't know what they do with them, you don't want to know what they do with them, you don't need to know what they do with them, and so on.
Dot some Is, cross some Ts (Score:3, Interesting)
I think you could think of this another way. Do you think phone conversations should be private?? Would you want the company you worked for taping all your conversations??
The company could be on a fishing expidition for all you know, looking for a way to get back at your relative.
Corporate morality is nonexistant in today's world.
If they owned the computer hardware, then they would have a powerful arguement for owning the emails. But according to your question, _you_ own the hardware.
If I were an ISP for that company, I would tell them to get a court order. I would do the same if I were playing admin for them.
I would respond to them in writing/certified mail that you need to protect yourself legally, and request politely that they do things "officially" and get a court order.
If they decide to no longer use your services and let you go, then you never needed their business in the first place. I would send a letter to them acknowledging the cessation of a business relationship. Then _with out reading the emails_ I would delete them, as there is no longer a business relationship with the company, and you no longer need them for any reason. Don't tell them that in the letter BTW, just do it.
They could threaten to sue you, in which case you no longer need their business. Call a lawyer. Have him send a certified letter to them explaining that you are immediately severing your business relationship and ask the lawyer how long you should hold on to the emails (I would guess thirty days, if not seven)and then delete them.
If they deliver a court order, obey it, and hope that you have an honest relative. Have him get a lawyer in any event.
Above all, keep yourself clean, honest, and do nothing that you will not be afraid to tell about in a court of law later without perjurying yourself.
I Am Not A Lawyer, and this is not meant as legal advice. Get a lawyer before doing any of this It's just one pal chatting with another about opinions on how to keep your nose clean.
If the bottom falls out, and everything goes to pot, sue slashdot for letting you ask the question in the first place before telling you to get a lawyer.
There are possible good reasons for this... (Score:2, Insightful)
Really, it bouls down to how you see your "customers". Is it primarily the company, or primarily the individuals?
I might forward any unread mail and set up a permanent future forwarding, but not provide the password to the mail account itself, so the company can't pretend that Mr.X is stll working there, but others can see that Ms.Y is taking over.
Alternativel
Only in America? (Score:4, Interesting)
Re:Only in America? (Score:2)
Interesting. Wonder if this law is consistent with the treatment of e-mail in other parts of their legal system? For example, in the US, e-mails have the status of written communication and are "discoverable" during lawsuits. Testimony that you said "Cheat them out of $100M"
Re:Only in America? (Score:2)
Think of Future Implications... (Score:4, Insightful)
2) Have you actually told them you still have the data? If so, this may not have been wise. As long as they don't know if the data still exists, they can push for it. If they don't know, they're reaching in the dark. This may be a good reason to start a policy of deleting accounts whenever you've received notice an employee is fired or whenever a client stops taking your services.
3) Get a lawyer. Why? This WILL be a precedent, if not for others, for this company. If they get what they want now, they may start asking to check everyone's email account and, eventually, they might go so far as to expect you to provide them with access to all accounts. You need to find out if you have a right to refuse the request. The best news that you could get would be a lawyer telling you that you either a) don't have to provide the data, or b) are not allowed to provide the data.
4) As said above (2 times), this will set a precedent, no matter what. In my experience, whenever someone asks for a special service, that isn't the end. It's not long before they ask for a repeat, and, once they've broken down that boundary, they ask for more and more. If you do decide to provide them access, or you find out you have to give them access, if possible you SHOULD charge for the service. Otherwise, they won't see this as as an item with value. By charging, you are setting a limit and taking steps to make sure they don't just keep asking for and expecting you to do more and more for them.
Re:Think of Future Implications... (Score:2)
As a postmaster you have no right to withhold the information. It doens't matter that they may ask for complete control over e-mail in the future. It's
Re:Think of Future Implications... (Score:2)
When I was a teenager, I rode my bike everywhere (I still do, quite often, I prefer it to a car). My Mother kept telling me (since I was so cocky) that I could be "dead right." In other words, it didn't matter if I had a right of way, if a car didn't stop, I could still be dead.
The employer may, as you say, have the right to access the info. And, if it is illegal, it may very well be their fault. But that doesn't mean the person who's e-mail is being ex
Re:Think of Future Implications... (Score:2)
Thus: get a lawyer, they may suck sometimes, but they are good to cover your ass.
Legal issue (Score:2)
Not Slashdot, hopefully. *My* advice to you is, talk to your lawyer before proceeding.
You probably have a contract with the company that your are providing hosting for, not the employee. But you (and your lawyer) will probably need to go over your TOS before granting or refusing access.
When you are a small provider, word of mouth counts for a lot. And getting on your customer's bad side will probably cost you.
Once again, t
Re:in Holland (Score:2)
Basically digging through mail is considered the same as placing a wiretap on his phone: A definite no-no.
What we here do is to ask our new employees to sign a document that we make a copy of all mail that comes in to their accou
Conflicting answers (Score:4, Informative)
Traditional UNIX sysadmin ethics prohibit snooping in email for any reason. Snooping files and traffic is similarly verboten, except debateably (ulimit) in the case of excessive resource usage. This was done to increase user confidence and frank discussions in electronic media.
Current capitalist thinking is whoever pays, owns. This is pushed because email has proven to be very popular, frank and valuable. A victim of it's own success.
Personally, I did snoop in my wife's email. That's why she's now my ex. Neither qualms nor regrets.
Re:Conflicting answers (Score:2)
There's a story waiting to be told.
In my case, my wife and I sometimes read email over eachothers' shoulders.
We know each other's passwords and nothing is hidden.
I'm guessing that whatever you read while snooping her email would have lead to a split eventually anyway - snooping just made you discover sooner rather than later.
Sorry dude - I hope you find someone better.
Lesson learned, hopefully. (Score:2)
That was your first mistake. Your second was in not running to a lawyer the instant you got the request. Without something on paper, you're now at risk of legal action no matter what you do or don't do. Get off Slashdot and go talk to someone who knows business law!
And hopefully, your third mistake will NOT be hosting another company's mail or whatever without a written agreement and AUP.
T
Chances are good that... (Score:3, Informative)
If the email is addressed to their registered domain, then they own the email.
If the email is addressed to your registered domain, then who owns the email depends on the agreement you had with them. If you did not have a written agreement which discloses ownership of email sent to the addresses the agreement is written for then run don't walk, directly to your lawyer. At this point it becomes a you said/they said type of issue.
You could simply tell them what your policy is after the fact, and follow through with your new 'policy' but if you favor your relative they may sue you, if you favor them your relative may sue you, so at this point it's best to stop and get advice from someone who can represent you if their advice goes awry.
Lastly, send out a new terms of service to all current 'customers' explicitly stating your terms of service. Tell them that if after 30 days they are still hosting with you then that act shows they agree to the new terms of service.
In the company I work for I regularily forward email accounts to the employee who is either taking over the old position or the employee who is handling most of the added workload. The simple fact is that a lot of work-related (and contract work at that) email is always in the pipeline, and a customer is not going to take, "We fired the employee and deleted their email for privacy" as an excuse for why we didn't respond to their request in a timely manner. Our employees understand this when they come and when they go. This forwarding is only active for a month or so, and we prevent any outgoing emails from being created in that person's name from our mailserver.
-Adam
Who paid? (Score:3, Informative)
I really don't like it either, but a couple of times I have been required to provide people's email to my boss, including a Vice-President. I had to do a little bit of soul searcing on that, but not a whole lot.
Then I was, at another point, asked if I could archive all incoming and outgoing mail. I made a half-hearted effort, and eventually reported back that it wasn't possible. It was an ugly time all around in those days. At least I kept my job after 90% of the employees were layed off.
But then again, none of these people were my relatives. I hated them all.
Re:Who paid? (Score:2)
Note that in certain industries, this is federal law. Financial houses, for example, must archive all communications.
Wait... (Score:3, Informative)
If they don't have a contract with you stating that their e-mails on your system are their property, then you don't have to give them anything -- unless some court feels you need to.
Phil
Too late (Score:3, Informative)
That's you screwed then. Don't do *anything* without your line management putting it in writing. You'd be opening yourself up to all sorts of legal nasties. In the EU, it's very thorny: despite AUPs to the contrary, people have still been charged for infringing the HRI by reading others email. Even if the AUP covers it mind: and also bear in mind any email that account's recieved from other people. They didn't sign any policy and so could argue that you've infringed their privacy.
All this is closing the door after the horse has bolted: get a formal ToS written now by a lawyer, get everyone to sign it, and tread carefully.
You have a conflict of interest (Score:4, Insightful)
Fourth, it's my relative's account.
Even if for no other reason, you need to stand back and look at what you've done in the past. As a business providing a service for a fee, your company must treat this user's email the same as every other's. You're opening the company up for a justifiable lawsuit from the employer if you don't. Not only that, but you're establishing a precedent you'll have to follow in all future encounters with this employer and probably all others.
If you have no policies or past precedents to follow, you need to forget that this person is your relative and ask what you'd do with any other user. Then do the same. Your company may still get sued for making the wrong choice, but you'll eliminate the conflict of interest problem. Just make sure you immediate document this new policy, at least internally, and follow it in the future.
Even better, if you're not just a one-person company, recuse yourself. Give the employer's request to someone else to handle, and make it clear to that person that you have a conflict of interest and that they have the full authority to make whatever decision is consistent with past practice (and failing that, company philosophy and goals) without fear of reprisals. In writing, if possible.
Talk to lawyer (Score:2)
Further if there was no specific provision in the "lease/service contract" there is probably no extension of it to the server. This might even hold for "IP" rights of what on the server.
IANAL. Talk to lawyer about this.
ACM Code of Ethics (Score:4, Insightful)
1.1 Contribute to society and human well-being.
1.2 Avoid harm to others.
1.3 Be honest and trustworthy.
1.4 Be fair and take action not to discriminate.
1.5 Honor property rights including copyrights and patents.
1.6 Give proper credit for intellectual property.
1.7 Respect the privacy of others.
1.8 Honor confidentiality.
Sounds like you should not turn over the email. I wouldn't.
I bet you're not an Experienced SysAdmin... (Score:2, Funny)
1) Open your relative's email account, scan through his email.
2) Save off all the stuff you can embarrass him with at family get-togethers. Make special note of such terms as "snookums" and "little homer" or whatnot.
3) Find anything illegal and make an encrypted copy. Accidently lose those backup tapes. Not that you are going to blackmail your relative, but you might be able to get some moral compensation for your time and effort by spoofing email from your r
Your country? (Score:1)
Conflict of interest? (Score:2)
Easy way out: AVOID IT ALTOGETHER (Score:2)
Why wrestle with the morality of the situation when you aren't even qualified to do so, and might put yourself in legal trouble by cooperating in case this employee sues your ass off in court?
Better not to get involved. Don't waste your time.
How was this handled in previous technologies? (Score:2, Interesting)
Mr. Former Employee
C/O Old Employer Co.
123 Industrial Way
Anytown, NJ 12345-6789
IANAL so I don't know the answer to this question: Who is legally allowed to open this envelope? I know I've seen bosses open the mail of departed former employees, look at it and say, "OK, I know what to do with this," and walk off, but the legality of such actions never crossed my mind. Find out the answer
Many smart replies- here is a dumb one (Score:1)
It they want the data they have to get the password from the employee. It they want to go to court, they should go to court to get the employee to give them the password.
You could even change the e-mail system so that it indeed encrypts the accounts with the password, and avoid problems in the future.
It's obvious what to do (Score:2)
Proper etiquette in this situation is to back up the data onto a CD-R, make a second copy, and place each in a separate safe deposit box in the same city. You should then e-mail each party independently, telling them that you have the information stored on a CD-R, and it is in a safe deposit box at
Whose mail is it? (Score:1)
A lot of people, I noticed, are saying that the box belongs to the company, but the box is not the same as the mail. If I agreed to put my diamond in your safe, does that mean the diamond belongs to you? I certainly hope not!
If there were a contract stating that all mail stored in the box belonged to the company, that would be different. But there is no contract!
Read the ECPA - this is covered (Score:4, Informative)
Clearly, though, you can obtain consent from the original addressee and then disclose.
my company owns it all (Score:1)
Before anybody reacts that this seems awfully fascist or intrusive, I want to say that it provides me a real sense of security to know exactly where my boundaries ar