I would have replied to this sooner, but I've been off ill.
>
> Most businesses keep paper files of incoming and outgoing snail mail as a
> matter of course. This is done so that evidence is available in the event
> of any subsequent dispute with other parties, such as suppliers or
> customers. In general, employees are aware of this, understand it and
> accept it. To many managers, it seems an obvious extension to retain
> archive copies of all incoming and outgoing e-mail. Similarly, internal
> memos are normally filed and it seems reasonable that the same should be
> done with e-mails.
Note: When companies keep copies of correspondance it is copies that
are explicitely printied off to be archived/filed
Note: When companies keep copies of correspondance it is copies that
the author (or someone who has access to it) has decided needs to be
archived, even if this decision is a 'default'
Note: When companies keep copies of correspondance it is not of personal
or private letters that people have written.
I have seen systems (Pipex's if memory serves) where outgoing emails are cc'ed
to 'autofiler', which I assume keeps a copy. This is reasonable enough.
Indeed, change mailers to make it the default, and people have to
specifically stop it from being archived, fine. But to set up a system
where ANY email is copied to an archive without the senders control is
not acceptable, IMHO.
> I am not a lawyer and I do not purport to give legal advice, but as I
> understand it e-mail messages can now be used as evidence in civil cases in
> the UK. ISTR someone getting sued successfully for libel contained in an
> internal e-mail message. To protect themselves against forged e-mail being
> used to bring a fraudulent claim, companies want to keep evidence of the
> messages that have been sent or received by their employees.
This is what logs are for.
> In the case of professional practices, such as accountants or lawyers, they
> have a specific duty of care towards clients. As such, one point of view
> is that they have a *duty* to retain correspondence to show what they have
> done on behalf of their clients and could potentially be seen as negligent
> if failure to keep proper records subsequently resulted in a client
> suffering loss. It has been argued that these duties apply just as much to
> e-mail as to snail mail.
Fine, they have a duty. That doesn't mean that they want to have all
their correspondance monitored. Nothing significant here, IMHO.
> In addition, if you are using your company's e-mail system you are doing so
> in your capacity as an employee. Your employer is potentially liable for
> your actions and is therefore entitled to know what you are doing.
> Further, most companies provide e-mail for business use, not personal use,
> and sending personal messages could be seen as a misuse of the system.
> Likewise, messages sent to a company address are being sent to someone in
> their capacity as an employee. I can see no good reason why a company
> should not be allowed to monitor messages sent or received on behalf of the
> business.
You can't? So you think that it is quite reasonable that a company can
monitor your talking to another potential employer? What about your talking
to the police about misconduct within the company? You might not do
that of course, but some people might. Indeed I have had discussions
with future employers whilst at my then employers.
> As I see it, there are reasonable grounds for businesses to retain copies
> of e-mails and the most simple way to ensure that this is done is for the
> MTA to file archive copies of all messages.
Of emails, sure, of _all_ emails, no.
> I worked for several years for a professional practice that did this and
> never heard of any complaints that such information had been abused. I did
> come across cases where people who had failed to keep their own backups
> were very pleased that an important message could be retrieved from the
> archives.
I know of places where the facility was abused. The users never did
find out. And no, it wasn't me who abused it.
> In the UK, any e-mail archives could well be Personal Data within the terms
> of the Data Protection Act, so companies would have all of the duties set
> out in the Act to restrict access and not to make improper use of the data.
> I imagine that the same would apply in other EU countries.
Uh-huh. And I trust other companies to be secure. Oh yes.
I've seen far too many mickey mouse places. Come to that I've seen
_large_ companies who didn't treat customer confidentiality with
enough respect to trust anyone with regards this. Not that I am
overly paranoid about the email I send out, but if someone did
intercept a private email I would probably have a fit.
> Please let's treat other exim users as responsible people and let them know
> how to keep archive copies if they need to. I think that most people who
> have got as far as implementing exim are likely to be the kind of people
> who will have a fairly sensible outlook on privacy.
Please don't insist that other users have to agree with your view of the world
and privacy issues. I did not tell the person that he should not do
what he was proposing, indeed I told him that it could be done. I
just chose to exercise my right not to tell him _how_ it could be done.
There have been other 'hints' since then about how it might be done,
and suggestions on improving the overall model, but noone I notice
has actually posted a solution.
>
> Tony
>
Julian
Unix Admin, Internet Vision
--
*** Exim information can be found at
http://www.exim.org/ ***
