Hi Guys
Just wanted to get your opinion on something. I work for a small company (100+ users) and there are lots of managers. I am constantly getting requests for managers to have view access to their team’s inboxes (when they are away for example to monitor for work proposes). I don’t necessarily agree with this and isn’t an approach I’m used to working in, in larger organisations. It’s becoming a real pain to look after and from an HR point of view wonder if this should even be happening. It was the way the company worked before i started so have just become accustomed to it. Of course this is what Out of Office and mail boxes forwards etc are made for but want to see what you all think
Thanks
10 Spice ups
ryangoode
(Ryan Goode)
2
I always see my role as an enforcer of the agency’s rules, not the creator. For me, it’s up to management. I may add my input, but at the end of the day, I use my position to enforce management’s policies.
Maybe would get something in writing from them on this issue.
1 Spice up
jay6111
(Jay6111)
3
I would take it up with your HR department and explain some of your concerns. Last case I checked in court a users email even though a company email still has legal privacy rights.
I worked for a health organization and this question came up a lot, we ended up getting a lawyer involved to give HR the full legal aspect. Once that was done we just referred everyone to HR to get the permission needed. Not a single person ever came back to say they got permission, so it is a very touchy subject.
-Jay
2 Spice ups
ran1799
(RandalColumb)
4
I have consulted for may small companies that do the same thing. The reason has always been for work related reasons. Small businesses usually have just one person that always handles a certain job like purchase orders. The manager doesn’t want to miss an important email so they want access to their underlings email in case they are on vacation or sick. All email sent to a corporate account is the property of the corporation, not the individual that receives it. If people want to get personal email then use gmail, hotmail, or yahoo.
2 Spice ups
clenihan
(Craig1510)
5
Hi,
It all depends on the employment contract the staff sign. Most now include paragraphs stating that all E Mails and Internet usage is monitored for the protection of the employee and the company and that as such managers/IT may access your account/Documents without prior notification.
The wording varies greatly but if there is nothing in the contract then I would only ever grant access if the employee in question provided permission or a senior director asked in writing etc as part of a disciplinary.
If the proverbial hits the fan then you don’t want to be the one to be blamed.
timd5286
(Vee.Hexx)
6
i too dont agree with personal work email being available to the users manager, but sometimes is nessacery. imo, access to personal mailboxes should be kept on a discapliary level only.
there could be emails to/from the user and HR that related to their manager. manager has access, then they can interfer with that data.
the solution? a slight change in working practice… use shared mailboxes. in my view, an email to “conference@domain.com” is far more profesional than “jbloggs@domain.com” and doesnt get tied up with OOO issues, or the recipent having to forward the email onto some else.
2 Spice ups
dariena
(DarienA)
7
personal work email? Non Sequitur.
Company equipment, company email address, company email.
(as long as that’s been clearly stated in the company’s policy manual).
I stress to my employees all the time (and its clearly stated in our manual). My company has the right to access anything. Calls here are recorded, email is automatically archived. If you don’t want it potentially becoming known, don’t do it on company equipment.
3 Spice ups
I think it is non-compliant - most firms now have a compliance officer (aspecially if they are Sarbanes-Oxely certified) and this person at my last company would not permit anyone to access an email database.
The only exception was when a specified IT person was instructed to search for particular information and pass on to HR.
timd5286
(Vee.Hexx)
9
DarienA wrote:
personal work email? Non Sequitur.
i thought someone would say that.
I should of put it in quotes 
i use the word personal as in ‘personal’ work mailbox versus a shared group work mailbox.
agalvin
(Andy438)
10
We try to ensure our policies are clear and concise so there is no ambiguity of personal use of business tools (Email, Internet etc)
If a manager requests access to another mailbox or requests staff have access to each others then all parties are made aware.
If HR do so for disciplinary reasons this is done in writing between the HR Manager and Head of IT.
Shared mailboxes are used as much as possible to keep the amount of requests to a minimum.
1 Spice up
Vee.Hexx wrote:
i too dont agree with personal work email being available to the users manager, but sometimes is nessacery. imo, access to personal mailboxes should be kept on a discapliary level only.
there could be emails to/from the user and HR that related to their manager. manager has access, then they can interfer with that data.
the solution? a slight change in working practice… use shared mailboxes. in my view, an email to “conference@domain.com” is far more profesional than “jbloggs@domain.com” and doesnt get tied up with OOO issues, or the recipent having to forward the email onto some else.
+1 for Vee.hexx
Simple solution, NEVER use an individual’s email address for business purposes, people leave, die, or get fired, not to mention go on vacations.
I feel best practice is an email address with a purpose, IE Sales@…, Purchasing@…, HR@…, these can be shared mailboxes for that purpose.
End users should be instructed on “Send on Behalf of” use.
1 Spice up
Vee.Hexx - agree with your comments regarding shared mailboxes.
I also think it is down to the company as to how they want to handle things but i do think as an IT nerd I should be advising as best I can from an IT point of view as well as past experiences. What bothers me is the casual attitude of my company towards this and feels it could turn around and bite them in the bum as Vee.Hexx says, if potential emails regarding the manager are read by that same manager - this equals headaches.
With regards the shared mail boxes - would this be in the form of a regular mail box or a mail enabled public folder? How would the sharing be setup - set permissions for the inbox for example?
Thanks everyone for your input. I love these Spiceworks Forums/Communities - definitely gives me enough consideration to have a decent chat with the IT manager and HR.
I agree with most of whats been said. Historically, employees have had little to no privacy expectations on company hardware, but recent court cases have shown a huge shift toward requiring the company to have a policy in place that states this, and ensure that employees are aware of this policy.
As long as this is the case, your company pretty much has the right to monitor whatever they want, in some cases even personal (gmail, hotmail, etc) email accessed via company property.
As far as an employee sending emails about their manager on their company email, they deserve all the headaches that would bring. Not the brightest move.
I’m thinking as I’m reading this thread, and there is no way we would be able to follow everything outlined here.
We are an 85 employee firm (so similar in size to the orginal poster). there’s always coverage issues or an ‘emergency’. My rule of thumb is this. I ask them what they are looking for, and/or allow them to come to my workstation to look for a particular email.
Forget everythign else. We all know staff have been known to send out a email or have a converstation they may not want to have their boss read. it happens.
Fact is ALL of my upper management has set their system up so that their Exec Assistant can read their email. So the orginal posters management many not see a reason not to have access for work purposes.
Another thing that happens, is staff have been taught to set up Out of Office email rules. Then they pre-set up things so that their super important customers email auto forwards to a manager or co-worker who is covering them. That cuts down on a LOT of ‘check email requests’.
timd5286
(Vee.Hexx)
15
Thomas2858 wrote:
With regards the shared mail boxes - would this be in the form of a regular mail box or a mail enabled public folder? How would the sharing be setup - set permissions for the inbox for example?
Thanks everyone for your input. I love these Spiceworks Forums/Communities - definitely gives me enough consideration to have a decent chat with the IT manager and HR.
exchange powershell command:
New-Mailbox -Name:‘%MAILBOX ALIAS%’ -OrganizationalUnit:‘%AD OU FOR MAILBOX USER ACCOUNT%’ -Database:‘%EXCHANGE STORAGE GROUP%’ -UserPrincipalName:‘%EMAIL%@domain.com’ -Shared
that should be fairly obvious what each bit does. then you just grant the intended users full access/send-as rights accordingly.
aside from it not being used directly from an AD user, it has the same features as a normal mailbox; calendar, contacts, inbox etc. from what i can tell it’s just for organisational purposes where it reports ‘shared’ mailbox type in exchange.
if multiple users are using this, then you could educate the users to use colour tags and/or the completed flag so others know it’s being delt with.
another thing we do; if discaplinary action is being done on the mailbox, we would dump the mailbox to a pst and give HR the PST file (read-only). this saves the original emails in the active mailbox without fear of it being deleted by any party.
Awesome. Thanks for that Vee.Hexx. Definitely going to look into implementing that
The other thing I wanted to mention was the requests coming through aren’t just simple ‘view inbox when user is away’ requests. Managers (3 per team) basically want view access to all folders and sub folders all the time to basically dip in and out - Opinions?..
This might be going slightly off topic but again, historically this has been done by individually setting view permissions on each mailbox folder (nightmare if they are organised and have lots of sub folders)! What is the most efficient way of doing this (exchange 2003)
maxsec
(maxsec)
17
Thomas2858 wrote:
Awesome. Thanks for that Vee.Hexx. Definitely going to look into implementing that
The other thing I wanted to mention was the requests coming through aren’t just simple ‘view inbox when user is away’ requests. Managers (3 per team) basically want view access to all folders and sub folders all the time to basically dip in and out - Opinions?..
This might be going slightly off topic but again, historically this has been done by individually setting view permissions on each mailbox folder (nightmare if they are organised and have lots of sub folders)! What is the most efficient way of doing this (exchange 2003)
great a group for each management team then add the right to the users mailboxes to the group. That way you’re just adding one layer of access to manange and as people move you can just the group.
In the longer term I’d look at WHY this information is need and isn’t on a CRM system or something shared in the first place.
I’m likely reiterating someone else’s post, but to be clear: the company OWNS the email system and it’s the COMPANY’S email. The individuals should be told that, should remember that, and should behave accordingly. They should have no expectation of privacy. Want to send a private email? Use your personal email account, to which the company has no access.
1 Spice up
We get these requests from time to time and they are usually granted. Especially in cases where someone leaves the company.
Along the same lines, the system administrator here has it in his mind that he can remote into any machine anytime he feels like it. I 100% disagree with this. He simply remotes in and the person on their computer suddenly sees their mouse and keyboard moving and they aren’t doing it. Can be quite alarming to some. But, what is most disturbing is his quest for power.
Just because one is the system administrator does not give you the right to see anyone’s screen anytime you feel like it. What if it is an HR system and that HR employee has someone’s personal information up on the screen? What if it is a manager typing someone’s review? Or it could even be an executive working on confidential company data.
My point is, even as an admin, we have a certain responsibility to know that even we have limits.
Any thoughts on this?
1 Spice up
alex3031
(Alex3031)
20
I’m going to throw my .02 cents in before reading all of the thread.
In our organization our inside sales supervisor has access to all of his subordinates mailboxes so that he can ensure any customer emails that come though are taken care of in a timely fashion if someone is out. I don’t see a major issue with this as most companies have policies in place that let employees know their communication may be monitored. This of course can become unwieldy in a larger organization. I prefer the method of email forwarding rules combined with Out of Office myself. If I am going to be out for a period of time (more than a day or two) I have rules to forward what I consider regular or frequently received important emails to my supervisor, and my Out of office clearly states that I am out of the office and should immediate assistance be required to please contact my supervisor and I provide his email address. It is my supervisors responsibility to let me know what, if anything urgent came through while I was gone do work is not duplicated, but it works well, and I believe this is how most larger organization work it. Is it right? That’s up interpretation. Is it wrong? No, not by any means. Is it unethical? No business email should be used for business, and it should be expected that it might be read, as business email is the companies property. It never ceases to amaze me how many people use company email for personal stuff.
1 Spice up
