Electronic Communication: Some Reflections

The second question that comes up is: Who owns it? Well, this is thornier. In general, companies employ a simple axiom: corporate business stays on corporate systems. Thus, corporate employees may not store corporate (or customer) data on personally owned systems. Corporate employees use corporate email addresses to transact corporate business (@bigcompany.com), never using a jimbob@yahoo.cxm even if it’s more convenient. Most corporate IT policies also indicate that employees have no expectation of privacy with regard to electronic communication (e.g., email, or instant messaging, if offered) conducted with company systems. Using company systems for personal business is usually discouraged, if not prohibited outright. Additionally, the Sarbanes-Oxley legislation, which is applicable to publicly held corporations, mandates an extensive retention period for electronic communications.

Violation of these policies in a large company can lead to governmental fines or other penalties and can even lead to termination of employment for individuals.

Company ownership of these communications facilitates the handing-off of critical activities in the event that an employee is incapacitated, dies, or leaves the company unexpectedly. Previous discussions are then easily transferred from the old person to the new by system administrators. Company operations are allowed to continue with fewer disruptions.

So, in a secular environment, the company owns the email, the chats, the calendars, and so on, because those things are all related to transacting company business, even if aspects of it are confidential or proprietary. These communications are seen as the property of the company because they represent work undertaken on the  company’s behalf as a result of the employer-employee relationship.

Note that the notion of emails being “on” a computer is an obsolete one, particularly with the increasing use of webmail (i.e., reading email using a web browser) from services like Gmail, Yahoo Mail, Hotmail, and even the Microsoft Exchange/Outlook web interface and smart phones such as the iPhone or BlackBerry. In these cases, the mail is never really “on” the computer used to read the message, in that that computer is only displaying the message without storing it on the device. The message is kept in the mail store. For this reason, many companies will permit a company-provided web interface to be used to read company email, as perhaps the only weak exception to the “company data stays on company systems” rule, since nothing is actually “resident” on the local system.

But in the Church, we have been operating with a different standard. It is by far the norm that every clergyman and church worker has a private email address used to conduct Church-related business. (This is still true when a church-specific email address such as frjohn@somechurch.com simply forwards to a Gmail account, as the mail store is not owned by or contractually provided to the church.) Thus the messages related to the operations of the diocese or parish are diffuse – stored and transmitted on a mix of systems determined, in most cases, by the convenience of the person choosing the email address. Church communications are rarely stored on Church-owned systems, and, as often as not, are entrusted to “free” providers elsewhere.

This is problematic at a couple of levels. First, no one generally knows who has actual custody of the communication. Who is responsible for Gmail, or Yahoo Mail, etc? Are they honest? Have they been background-checked? Is the mail encrypted within the message store? (If not, system intruders can steal it. Many readers have been contacted by companies who have recently seen their email lists compromised in just this fashion. Those lists provide half the information needed to steal from the mail store.) These questions are why companies either host email internally with trusted employees running things or use other companies that provide security protections within the contractual terms of service.

Secondly, the confidentiality of the data is by no means guaranteed. (Encryption would help, but, as mentioned already, few messages are encrypted.) Gmail, in fact, is rather explicit that your email messages will be scanned for keywords that can then be used to present advertising to you. Innocuous? Maybe. But what if someone gets the idea to look for other things, or specific name and email addresses, and to perform specific actions (like forwarding it to another website’s owner) on that basis. How would you ever know?

Page 2 of 3 | Previous page | Next page