Skip to main content
Skip to main navigation
Skip to talk navigation

Active discussions

Please or to access all these features

Add post

Watch this thread

Save thread

Start a new thread

Flip thread

Hide thread

My feed

Saved Active Unanswered threads

Getting started FAQ's

Unanswered threads Acronyms Talk guidelines

Hide shortcut buttons

Talk

Flip

1 2 3 4 5 6

AIBU?

To think my boss shouldn't have access to my emails?

143 replies

thepartysover · 18/07/2019 16:33

I'm soon to be going on maternity leave and as part of my handover my boss has asked for the password to my work email address "so that nothing gets missed".

I will be setting up an out of office email response (including the relevant people to contact in any instance) - am I being unreasonable to say no to this, or does my boss have the right to access my correspondence?

OP posts:

Report

CommeDesPoissons · 18/07/2019 18:20

However, third parties are not permitted to access my email inbox: work or personal. They probably can. But they shouldn't.

Totally routine in the case of a DSAR, although obviously it should only be in accordance with your organisation's data protection policy.

Your work emails and work contacts are your employer's property.

In the OP's case, as so many have said, delegate access is the way to go.

Rm2018 · 18/07/2019 18:23

Giving your password is a massive no for it security. Your it department should just give him access. Never give passwords it can be gross misconduct

RiddleyW · 18/07/2019 18:24

If it helps, we're not permitted to hold third party data in our emails.

Do you have to delete all external email as it comes in then? All of it will be third party data if a person sent it. That would make my job so difficult but I guess it depends what you do.

RiddleyW · 18/07/2019 18:25

Oh yes and good point they’d have to breach that policy if there was a DSAR. Are you in the uk?

NiceLegsShameAboutTheFace · 18/07/2019 18:29

Do you have to delete all external email as it comes in then? All of it will be third party data if a person sent it. That would make my job so difficult but I guess it depends what you do.

We don't deal with external email very often. In any event, all our work is dealt with via a group email account, to which the world and his wife have access. Our personal work email addresses are for the more sensitive, personal stuff.

WaxOnFeckOff · 18/07/2019 18:29

I guess it depends on which email system you use, but, my colleague and i have access only to each others in-box. That way we can monitor and deal with what comes in but can't see anything that has been put into a folder.

Or, you could set up a group mail box and auto-forward all your emails to that while you are off - all replies then go from the box and not from you.

NiceLegsShameAboutTheFace · 18/07/2019 18:30

Are you in the uk?

Me? Yep.

RiddleyW · 18/07/2019 18:30

Ah right in that case I can sort of see how it works although your employer would still have to go through them if a fellow employee made a DSAR.

Teddybear45 · 18/07/2019 18:34

Never share passwords. He can, however obtain access over your inbox and diary.

PositiveVibez · 18/07/2019 18:34

In our place, secretaries have access to whoevers emails they are secretary for at any given time.

Secretaries also have access to other secretaries emails in case they need to cover them and their officers.

Managers can have access to whoevers email they feel like.

Our pc's are password protected, but email isn't.

That's why if you want to email or receive anything personal, don't use your works email.

Standard practice in our place.

CommeDesPoissons · 18/07/2019 18:36

If it helps, we're not permitted to hold third party data in our emails.

All emails (apart from generic accounts like info@ or enquiries@), both content and addresses, are personal data for GDPR purposes. They will probably still exist on your company's servers, unless there is a policy to delete them from there. The bottom line is that ultimately you don't have the final say on what happens to your work emails, so as was said upthread, never post anything you wouldn't want someone else to see.

TinchyP · 18/07/2019 18:38

"It still doesn't alter the fact that my employer, under its own policies, does not have the right to access my emails."

Point taken! @NiceLegsShameAboutTheFace

DennisMailerWasHere · 18/07/2019 18:39

Our policies that you'd be disciplined formally for sharing passwords. And probably him for asking for a password if you told anyone!!

But handing over delegated access to dairy and inbox, using his login, perfectly normal/expected practice.

Justanotherlurker · 18/07/2019 18:41

As others have said, YABU to think he shouldn't have access, he shouldn't have the password however if the IT infra is any good your password policy should expire anyway by the time you return from Maternity, if the IT infra isn't any good then just set a forawrd all rule to his email.

DeRigueurMortis · 18/07/2019 18:43

@Anewbooknotanewchapter

I am really worried that my employer has access to my work email account. I have sent private information via work email to colleagues/my line manager related to absences linked to very personal and private events that have affected my ability to do my job/be in work over the last couple of years...... I had no idea IT department could just root through these as and when they pleased.

Anything you put in an email can be accessed by the admin of the email service.

The "admin" isn't necessarily one person. In a medium/small business it can be up to 10 people.

That said, whilst they have admin privilege they also have admin accounts, which in any reputable company are logged and routinely reviewed.

As an admin, if you were found to have inappropriately accessed information (emails/documents/files) or changed the permissions of other users you would be fired. It's gross misconduct.

As the saying goes "with great power comes great responsibility".

So I'm answer to your post - yes your employer has access to your emails.

However, in any company with good IT practice the IT staff are not rooting round your emails.

They would need authority to do so and their access to your account would be logged. If it was not authorised they would face disciplinary action.

regmover · 18/07/2019 18:44

There's a lot of bollocks being spouted on this thread. Regardless of what the policy is re data security when you are actually in work - sharing passwords, access to emails etc... Your company "own" the emails you send and receive on their email system and under your work email address. It's not your inbox - it's company property.
Our IT department would just tell you that from your last day they would be giving your boss access to your emails. How they do it is down to them really.

ChazsBrilliantAttitude · 18/07/2019 18:50

Anewbook
The IT department cannot root around in emails containing personal data even on the work system. Data can only be processed for legitimate purposes and has to be treated with an appropriate level of confidentiality. Your employer has duties to ensure your data is treated in accordance with Data Protection laws (GDPR).

CommeDesPoissons · 18/07/2019 18:53

There's a lot of bollocks being spouted on this thread. Regardless of what the policy is re data security when you are actually in work - sharing passwords, access to emails etc... Your company "own" the emails you send and receive on their email system and under your work email address. It's not your inbox - it's company property.
Our IT department would just tell you that from your last day they would be giving your boss access to your emails. How they do it is down to them really.

regmover has it exactly.

DGRossetti · 18/07/2019 18:59

No, we don't. I work for a forward thinking organisation that trusts its staff.

So did I. Right up until a random incident revealed that HR staff had bee quietly emailing personal staff details to their personal email accounts for years. That was when an outbound filter was put in place (modified actually) and discovered the dangers of "trust".

There was already an outbound filter in place, since we were PCI compliant, and had to demonstrate employees couldn't email credit card details out of the company (which was a PITA for spreadsheets with big numbers in them).

Personally I'd rather work for an organisation that understood and applied the law, than one which used nebulous words like "trust". And if I worked for an organisation that used a phrase like "trust our employees", I'd be extra-careful reading their employee handbook/AUP and data protection directives.

Tanith · 18/07/2019 19:02

"However, in any company with good IT practice the IT staff are not rooting round your emails.
They would need authority to do so and their access to your account would be logged. If it was not authorised they would face disciplinary action."

I used to be an email admin when I worked in the IT dept of a telecoms company. I had full access to all email accounts in the company. Managers would occasionally submit a request for me to go into an employee's account, but it had to be signed off through the correct channels.

One manager requested the deletion of all congratulations messages sent to a new father because the baby had died a few hours after birth.

Another requested an email account to be collected up and sent to him after the member of staff was attacked and subsequently died. He also requested that the update messages he'd had to send to his team should be deleted from the accounts of the staff member's closest friends so they would not be upset on reading them.

All these requests were signed off by senior management.

AquaPris · 18/07/2019 19:03

Well of course they do. That's how they can monitor malpractice, fraud, Mistakes etc. It is not YOUR email, it is their email that you are using.

Your private emails are yours.

chomalungma · 18/07/2019 20:18

If it helps, we're not permitted to hold third party data in our emails. We have strict rules on data and how its stored

But if you say your employer does not have the right to see your emails, how do they know what data you are storing in your emails or are sending out?

And as for trusting staff...unfortunately there have been plenty of cases of employees emailing out personal data to home addresses and to other people in breach of data protection. An employer who understands data protection would have a system of monitoring emails and being able to see what emails have been sent out and what they contain. They wouldn't want to routinely access it - but they should be able to investigate a data breach without an employee saying they haven't got the right to access an email account.

Don’t want to miss threads like this?

Weekly

Sign up to our weekly round up and get all the best threads sent straight to your inbox!

Email address

Log in to update your newsletter preferences.

You've subscribed!

Trickyteens · 18/07/2019 20:51

There can be some poor practice, even when not illegal. My Dd had a short term job where the senior manager trained video cameras at their desks.

DGRossetti · 18/07/2019 21:05

would have a system of monitoring emails and being able to see what emails have been sent out and what they contain. They wouldn't want to routinely access it - but they should be able to investigate a data breach without an employee saying they haven't got the right to access an email account

you can get 3rd party services which look for certain patterns and flag up a report for further investigation ....

returnofthecat · 18/07/2019 21:16

Everywhere I've ever worked has made clear work emails are for work, any personal use is discouraged and the company has the right to read your emails.

In practice, delegate access is given to a line manager during long periods of absence and emails are only scrutinised if there's a disciplinary going on. So many people seem to think they 'own' their work emails - they don't. Their work does.

When someone leaves, their line manager gets their mailbox permanently and goes through it to fish out any relevant emails.

Flip

1 2 3 4 5 6

Please create an account

To comment on this thread you need to create a Mumsnet account.