Most of us deliver our work via a company laptop, with or without access to a virtual machine, and it’s often tempting to access your personal email, save the login so that you don’t type the password every time, store photos, download some files you’ve received or even get personal / flirty on the company email. It’s fine if you want to do all this, as long as you own the possible consequences.
All companies have an obligation to inform their employees about any form of employee monitoring they are running. While you may say they don’t inform you, they actually do, but it’s often so ambiguous or in small letters or in an addendum, that your mind may not capture it. I can guarantee you that all labour contracts specify that utilizing company resources for personal use is forbidden.
Here are some realities that you should be aware of:
- Emails sent from your company address are monitored. To give you an example, you may have noticed in Outlook integrations with software for email classification. In the banking industry, emails that ring a bell either due to attachment or possibly sensitive content get forwarded to security consultants for closer examination. That means there’s a good chance that a third person will get to read your email. NDA or not, it may not make you feel comfortable.
- Company chat servers can be monitored for sensitive language. I know one company where swearing and key words relating to sex were alerting the IT department.
- If there is a suspicion that you may have disclosed confidential information to third parties, an internal request can be issued to verify your email. Whether this falls between legal boundaries or not, that depends on the country, but fact is your email history may be checked even if it can’t be used as a legal evidence.
- Links you have accessed are always monitored. An ex-colleague of mine accessed her Picasa albums, when the service was still in-use. In one of the albums she had a photo made at client’s HQ, featuring one of the managers. There was nothing harming or out of place in the content, but because the link showed up in the reports, someone from client’s IT department, clicked the link and escalated the matter, causing a lot of stir out of nothing.
- Computers crash and they will be taken to IT, for data recovery. Will you be embarrassed if some strangers go through the files you’ve stored on your workstation, maybe even left on your desktop?
- Screen sharing while you have personal windows open may put you in awkward situations. I’ve attended an online meeting some time ago, with a database specialist from Netherlands, in which the guy who was presenting was trying to locate some info, so he was switching through the open windows. Let’s just say we got to learn his most personal preferences when it comes to sex.
- Some VMs allow IT support to connect remotely and take over control without any confirmation from your side. Best case you might see a pop-up that someone has connected to your machine.
- In case of extreme measure (mass contract termination as it happened during the economic crisis), you will just be informed that you have been fired and asked to leave the building immediately, while your personal items from your desk will be collected later on and sent to you. This happened in a Canadian company with offices worldwide, where employees were asked to attend an all hands meeting happening simultaneously worldwide. Following the meeting, those that were nominated were asked to leave the building taking only their backpack / purse while the rest of their personal items were sent to them the next day.
- Massive downloads (from hundreds of MB onwards usually), in most corporations, are monitored and reported. Usually if you’ve done such downloads and you are resigning, your manager may be asked to review them and confirm there is nothing threatening intellectual property.
- Legally, depending on the country and the contract you’ve signed, you may have no right to oppose disclosure of any information that you’ve run through the company servers.
There was a time when the only way to access your email or other web resources was via a computer, but nowadays we can check anything on our smartphones, so there is really no reason to access personal data from your company laptop. Everything I’ve shared in here, I’ve learned first-hand, so do take them as facts. In the end, being aware of these things, and acting accordingly, sums up to being professional.
Do you have any relating experience that turned to a lesson learned?