You can stop staring at the ceiling each night, wondering. A new study has confirmed what many a cubicle dweller has long suspected: Many companies, maybe even yours, are monitoring outgoing e-mails.
According to a new survey conducted by Forrester Consulting and sponsored by Proofpoint Inc., a company that makes anti-spam and filtering software, more than 43 percent of corporations with more than 20,000 employees employ staff to monitor and read outbound e-mail.
The survey of 140 corporate decision-makers found that companies’ concern about employees leaking sensitive information via e-mail ranked as the biggest reason behind the snooping policy.
The study said almost 75 percent of large corporations view reducing the financial and legal risks of outbound e-mail as ”important” or ”very important.”
Another concern driving the monitoring trend, respondents said, is ensuring that the enterprise is complying with personal, financial and healthcare privacy regulations, such as Sarbanes-Oxley, Gramm-Leach-Bliley and the Health Insurance Portabilty and Accountability Act of 1996 (HIPAA).
Gary Steele, CEO of Proofpoint, said the firm believes that, over time, enterprises will put technology in place to help them manage the threat of information leakage. ”We see an opportunity for many companies to establish policies” along these lines too, he told internetnews.com. In the meantime, however, many scanning products aren’t really up to the task, he said.
On the other side of the equation, he added, ”Individuals need to think about their use of the corporate e-mail system. We recommend that people keep and use a personal e-mail address outside the corporate system.”
Although the survey didn’t ask how far a company may or may not go to watch how its employees use company property and adhere to e-mail policies, Steele said observing privacy policies regarding federal regulations was often cited in the results. For example, one of the HIPAA mandates is that personal, medical information be kept confidential, which means it should not be e-mailed without certain protections. HIPAA regulations govern how healthcare organizations share and store information about patients.
The Forrester/Proofpoint survey also found that about 30 percent of all respondent companies rely on staff to monitor outbound e-mail content. And the larger the organization, the more prevalent is the practice. For example, 43.6 percent of companies with more than 20,000 employees used personnel to monitor outbound e-mail. In addition, another 33 percent of all companies reported that they conduct regular audits of outbound e-mail content. More than 38 percent of large companies said that they regularly audit the content of outbound email.
Staggering stats? Forrester thought so, but not how you may think. In its summary and conclusions, the research firm’s consulting group suggested the results are a testament to ”the widespread failure of current content-scanning technologies to stop the leak of intellectual property, confidential memos and embarrassing information from the enterprise.”
Less than 12 percent of companies report that they have deployed technology for detecting intellectual property breaches in outbound e-mail. The most common technique used for detecting these e-mails remains physical review by hired staff.
The survey comes on the heels of a recent federal court ruling that held it is perfectly legal for ISPs to read and copy the inbound e-mail of their clients. The ruling by the U.S. Court of Appeals for the First Circuit in Boston held that e-mail does not enjoy the same eavesdropping protections as telephone conversations, because it is stored on servers before being routed to recipients.
This article was first published on internetnews.com.