moodyk13
Contributor
During a routine maintenance of computer systems I.T. stumbled upon highly sensitive company communications going on via an employees personal, third party email account. Based on the nature and content of the emails that had popped up on the home screen, I.T. felt they had probable cause/justification to conduct company related searches in this email account such as specific company topics, names, company email addresses, etc. Again, all company related. What they uncovered was emails of HIPPA violations, company reports, recorded phone calls and inappropriate email exchanges between employee and one of the senior management staff.
Problem #1: I.T. conducted the searches based on what they saw when this private email account opened up as the home screen, but didn't report those immediately, rather without further authorization.
Problem #2: The person(s) I.T. would have needed to obtain authorization from were/are participants in the employees emails
Problem #3: There was no "privacy / no expectation of privacy" policy in place at the time of the investigation. One has since been implemented, but anything before that implementation .............
Right now, my position with I.T. has remained I cannot do anything with this information. All I can do is implement the policy and if anything happens here forward then we deal with it then.
Any advice is greatly appreciated
Problem #1: I.T. conducted the searches based on what they saw when this private email account opened up as the home screen, but didn't report those immediately, rather without further authorization.
Problem #2: The person(s) I.T. would have needed to obtain authorization from were/are participants in the employees emails
Problem #3: There was no "privacy / no expectation of privacy" policy in place at the time of the investigation. One has since been implemented, but anything before that implementation .............
Right now, my position with I.T. has remained I cannot do anything with this information. All I can do is implement the policy and if anything happens here forward then we deal with it then.
Any advice is greatly appreciated