The Perils of Private Email Accounts

Uh Oh, Spaghetti-o ...

A client approached me the other day with a concern.

He feared that an employee that recently left the company was poaching his client base. He needed me to make sure that his systems were secure. I confirmed that was the case, but then he asked, "What about her email?"

Prior to engaging me, the client just had his employees setup private Yahoo! accounts. Now, with the employee gone, he needed to take control of that data.

And Now ... The Bad News ...

"No-can-do," I had to tell him, and I needed to explain some rules of the road.

Yahoo! is a private email container. As an employer of the employee, he can't access it nor control it; the EULA (End User License Agreement) is between the provider and his employee. FCC rules say that's private property, and, attempting to monitor what goes on in those email accounts is tantamount to eavesdropping on your employees.

"But those are my clients," he argued, and I empathized, but I suggested there's little he can do. 

"You shouldn't have been relying on private email accounts for company business," I suggested.

And then I had to explain the really bad part.

Classified Data

You see, this guy is in the business of working with confidential, classified forms of Protected Health Information, or, PHI. Every now and again, PHI about his customers were probably emailed to this individual and fell outside of his control. Further, it was possible that customer's drivers license information was shared with the former employee.

"Technically, that's potentially a breach," I had to explain, "where you've lost control of classified forms of data under two sets of law: HIPAA - federal law managing PHI - and State of Washington Data Breach Law. You've lost control of the data and can't account for its whereabouts, access control, or destruction."

So What Do We Do Now?

At that point, he started looking at me pretty nervous-like, and I discussed his options going forward.

In this way, I helped him craft a more successful strategy going forward that would limit his liability, protect the interest of his customers, and bring him closer to a state of information compliance.

That's the kind of value I bring to every engagement with my customers. Want to know more? Give me a jingle - I'd be happy to talk about how I can help you.

R

 

Russell Mickler

Russell Mickler is a computer consultant in Vancouver, WA, who helps small businesses use technology better.

https://www.micklerandassociates.com/about
Previous
Previous

Delight Everyone

Next
Next

Useless Technology Investments Yield No Value