To think my boss shouldn't have access to my emails?

[thepartysover]

I'm soon to be going on maternity leave and as part of my handover my boss has asked for the password to my work email address "so that nothing gets missed".

I will be setting up an out of office email response (including the relevant people to contact in any instance) - am I being unreasonable to say no to this, or does my boss have the right to access my correspondence?

I wouldn't hand over your password, im sure they can redirect emails to him or out of office will state who they need ro speak with

Yeah, he has the right to this for work correspondence.

You should always assume anything you write on a work email can be read by managers or other employees, it's not private and there are usually clauses in employment contracts to make this clear

To be clear the issue is not about an employer having the right to access your work email account.

"Work email" there is a clue there

What's inappropriate (or rather against all good IT security practice) is to give, or request your work password, because they can use it to pretend to be "you".

Not just on email, but any other systems you use. Work in finance but have a single sign on system??? Email then access to the finance software with your account....

I can't reiterate this enough.

Do not ever give your password.

If your manager needs access to your emails then it's simple to set up a forwarding rule to do so (should be done by IT but easy to do yourself).

Your boss should access your email but not via your password. If your boss has your password he will then be able to send emails in your name.

What's inappropriate (or rather against all good IT security practice) is to give, or request your work password, because they can use it to pretend to be "you".

Not in all cases. A really good IT setup would use some form of 2FA, so that even having a users password isn't enough to gain access to the system. It would also have enough logging in place to know who logged in where, in order to help with security reporting. There could also be login restrictions in place so you can only login from certain terminals.

We don't just drink coffee and hide the server rooms you know

My boss has delegate access only. She can read my inbox and can add things to my calendar, but can't do as anything that makes it look like it was done by me as she doesn't have my password.

God I don't know where some of you work, but they aren't professional companies.

No he should not have access. You put on an Out of Office referring people to his email address.

If I wanted access to one of my staffs emails I would need to speak to HR and IT and have a highly valid reason. And in fact generally IT need a fairly good reason to snoop at someones inbox. They shouldn't just be doing it.

And no you don't give out your passwords. If IT need my password they have ME enter it so they never need it. They could of course reset it.

Of course your boss has the right to access them!

There was a European Court of Human Rights ruling which says that your employer can't just trawl through your emails, especially if it's marked "personal" without there being a business-critical reason. You can have an expectation of privacy and your personal emails sent to/from a work address can't be used against you by your employer.

"The European Court of Human Rights (“ECtHR”) has recently ruled in the case of Bărbulescu, providing guidance on the extent to which employees’ communications can be monitored in the workplace. This case concerned an employee (B) who was dismissed for breaching his employer’s policy which stated that the use of work computers for personal use was prohibited. The employer had produced transcripts of B’s personal communications during the disciplinary procedure to show that there had been a breach of policy. The ECtHR held that the employer had breached B’s right to privacy because they didn’t inform him of the monitoring in advance and nor did they tell him that they may access the content of his communications. The previous courts had also failed to determine the reasons justifying the monitoring and whether these were proportionate to the purpose or whether the employer could have used less intrusive measures to achieve the same result.

What does this all mean in practice?

Employers can monitor employees’ emails at work but need to approach this with caution and careful consideration... considering whether it is possible to achieve the objective through less instructive means and ensuring policies clearly notify employees that monitoring takes place, why and that the content of emails may be viewed.
If emails are identified as or are clearly “personal” do not open unless there is a real risk of serious harm to the business and, where possible, inform the employee in advance that the content may be viewed."

As the UK is still subject to the European Court of Human Rights (which is a completely independent body from the EU anyway) this ruling still applies.

In the OPs case, delegating future emails is probably the most useful thing to do. Although in cases of maternity leave, an out-of-office signature is probably considered sufficient by most employers, the OP's boss is definitely OTT in asking for full access and password.

When i went on Maternity leave I put an out of office on but also set up Auto Forward so that all my emails were sent to the person covering me. My employer is a big organisation and they are very very strict about IT security. I think if I gave my password out to anyone and I got found out I'd be sacked or subject to a disciplinary at the very least.

I’m on my first week of mat leave. I’ve delegated access to my cover so she can check things. My out of office reply directs people to contacts but nothing is auto forwarded.

I only use my work email for work so no issues re personal stuff being seen. Plus I filed everything away before I left.

My cover and team can only read and forward emails to themselves to deal with so can’t send any emails “from” me and can’t see my calendar or contacts or anything like that.

As I’m only on week one I’m flicking through emails on my phone just in case the OOO message gets missed and people continue to chase me. Anything sent just to me I’m forwarding on.

Check your policies and procedures. We are not, under any circumstances allowed to share our passwords. We can't even leave our desks without locking our pcs.

You could receive information that he is not supposed to see, how will that align with your data protection policies?

I'd hope they had systems in place to ensure employees weren't busy emailing (say) loads of customer details to their personal email accounts though ....

No, we don't. I work for a forward thinking organisation that trusts its staff.

This made me laugh so much. A company that trusts its staff to not forward emails out to their personal email? Wow.. Your company is doomed if that's true. 😂

I wouldn't even trust staff to not use password123 as their password even if they were told not to. People are normally the reason behind security breaches in IT. By being stupid like your company. There's many sayings in it security, the 8th layer of the model (the human operating the computer), pebkac (problem exists between keyboard and chair). Basically just means it's the person causing the problem. Like losing laptops on trains, in pubs, from cars. Writing passwords down, giving them to other people, making them all the same password, making them weak.

It's all well and good saying 'oh we trust our staff'. I'm sure many companies trust their staff, until they cost them billions in fines for data breaches. That is so backwards thinking its actually scary.

If they were smart, they'd have security in place to check for those things, as well as checking what you are doing on your computer, what you're downloading etc. My manager can get all of that information easily from my laptop by asking the right teams. They don't though unless there is a need to. Although I work for a client that does monitor what we do and we're quickly pounced on if they see us doing something they don't like.

But I guess that's not forward thinking.. It's really no wonder we have so many cyber criminals with people behaving like this with technology. And they will continue until we get our act together.

Our 'Protecting Information' training, states that we should not give out our email passwords to anyone, under any circumstances.

If he wants access he should contact HR

Such bad Data Protection.

In my organisation I could be disciplined for giving out my password, but IT would set up a mail forwarding rule on my email so that new mail could be forwarded to a named individual. Check out your company’s IT policy or you could end up in hot water.

Its one thing for work to read your emails.
Quite another to give out the password!

That’s never been necessary in any of my jobs because IT could cover it.

I would give delegated access if I must.

In fact I’d be suspicious and worried he might send dodgy emails in my absence 🤷🏻‍♀️

I don’t see the problem with your boss having access to your work emails. There should be another way so you don’t need to give him your password. My line manager has delegate access. Sometimes I also give it to a colleague before annual leave if they are monitoring something and I am expecting corrrspondence.

Why do you mind him seeing your emails OP? They should just be work related? I treat them like post really. I don’t think you should be saying stuff in work emails you don’t want your boss to read.. surely.