Employers routinely read staff emails

Thirty-eight percent of UK companies with 1,000 or more employees hire staff to read or analyse outbound email, according to a new survey by a messaging security company.

Proofpoint, based in Cupertino, California, suggests that companies have good reason to worry: more than half investigated an email leak of confidential or proprietary information and almost 40% investigated a violation of privacy or data protection regulations in the past year.

Additional key findings from the survey, which was fielded by Forrester Consulting, include:

Over 81% of UK companies have a written acceptable use policy for email.

Almost 34% of companies have terminated an employee for violating email policies in the past 12 months.

More than 70% of companies have disciplined an employee for violating email policies in the past year.

Companies estimate that nearly 1 in 5 outgoing emails (18.1%) contains content that poses a legal, financial or regulatory risk.

More than a third (33.9%) of companies report their business was impacted by the exposure of sensitive or embarrassing information in the last year. 14.3% were impacted by improper exposure or theft of customer information, while 15.2% were impacted by improper exposure or theft of intellectual property.

Louise Townsend, a data protection specialist with Pinsent Masons, the law firm behind OUT-LAW.COM, said employers must ensure that their monitoring activities are legal.

"The Regulation of Investigatory Powers Act, the Lawful Business Practice Regulations, the Data Protection Act and the Human Rights Act all impact in this area depending on the nature of the activities being undertaken," she said. "While it is encouraging that so many companies have policies in place, what is more important is that these policies comply with the law, are put into practice consistently and are enforced."

Townsend warned that "reading the personal emails of staff without lawful justification could land employers in trouble."

The study also found that other communications channels, such as blogs and message boards, are emerging as sources of risk for companies:

Nearly half of companies are very concerned or concerned about web-based email as a conduit for exposure of confidential or proprietary information. Respondents are also very concerned about FTP, instant messaging, peer-to-peer networks, blogs and message boards.

More than one in five companies (20.5%) has disciplined an employee for violating blog or message board policies in the last year. Almost four percent of companies fired an employee for such infractions. Thirteen percent of public companies investigated the exposure of material financial information via a blog or message board posting in the past year.