Survey: Email Compliance Means Employee Surveillance

U.S., European, and Australian enterprises are so worried about compliance that they're increasingly hiring full-time folk to read employees' email.

And what they're looking for may surprise you.

Results of an online survey commissioned by Proofpoint, a vendor of email security and policy software, and conducted by Forrester Consulting show that 29 percent of 301 U.S. companies with more than 1,000 employees employ staff to read or otherwise analyze outbound email; 38 percent of them perform regular audits on outbound corporate email. Fifteen percent employ staff whose primary or exclusive job is to read or otherwise analyze outbound email content.

A full 41 percent of companies in the same U.S. sample that have over 20,000 employees are reading outbound email.

The trend is even stronger in the U.K., where 38 percent of 32 enterprises reported reading or analyzing employee email and 53 percent are doing regular outbound email content audits.What are these companies worried about? Adult, obscene, or potentially offensive content was reported by 30 percent of the entire worldwide sample of 424 enterprises as the top concern about outbound email. Proprietary or confidential business information ranked second, with 26 percent of respondents citing it as key. See Table 1.

Table 1: Top Concerns About Outbound Email

While enterprises are intent on regimenting outbound email with live bodies, they're also turning to technology (type unspecified) for help: Of the 301 U.S. enterprises surveyed, over 20 percent are using technology to monitor outbound email for personal health data, other personal data or financial information, and problematic Web mail content.

Ironically, just 15 percent of U.S. respondents said they were using technology to detect leaks of intellectual property in outbound email. But more than 30 percent are using content-based encryption on outbound email.

If you work for one of the surveyed enterprises and violate their terms of email use, watch out: Of the 301 U.S. enterprises surveyed, 44 percent had investigated email-based leaks of confidential information in the last year; 51 percent had disciplined employees for violating email policies within in the same timeframe; and 15 percent had actually fired them.Britain's tougher: In the U.K., of the 32 enterprises surveyed, 78 percent reported having disciplined employees for email violations, and 44 percent have terminated an employee.

U.S. enterprises worry most about the corporate email system. But they also worry about email sent from mobile devices, Web-based email (Google, Yahoo accounts, etc.), and instant messages. See Table 2.

Table 2: Top Concerns About Conduits Other Than Corporate Email

This finding, along with the news that enterprises are fixed on routing obscene or offensive email, seems in keeping with recent comments from IM archiving vendors: "Sure, companies need compliance. But often it's about sex -- who's having sex with whom!" says Richard Bliss, VP of marketing at Gwava, a Montreal-based supplier of products focused mainly on Novell GroupWise environments.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.