Although studies show that young people are abandoning email in favor of text messaging and IM programs for social communications, businesses and many of us "oldies but goodies" continue to depend on email for exchanging messages with family, friends, co-workers, clients and others. Some of the information we put in email is personal, and some of it is even subject to laws such as HIPAA or the GLB Act that mandate we protect it from unauthorized disclosure. So the subject often comes up: just how private is email, and what can we do to make it more so?
In the past, we've discussed how the nature of email communications makes it easy for them to be intercepted. Sending an unencrypted email over the Internet is like sending a post card through the postal system - anyone who happens upon it along the way can read it. Of course, you can use encryption program such as Pretty Good Privacy (PGP) to make it more difficult for anyone but the intended recipient to open the mail.
But then another problem arises: how do you protect against the recipient him/herself divulging the contents of your mail to others, either intentionally or accidentally? Or what if the message goes awry; for example, you mistype one letter in the address and the mail is sent to the wrong address? It's obvious that people are worried about this, because more and more companies are adding disclaimers to some or all of the messages sent from their networks. These messages usually read something like this:
"If you are not the intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it."
Reader Kip M. recently wrote to ask what legal obligation this actually places on a person who receives such a message. I'm not an attorney, and this is by no means legal advice, but the attorneys I've talked to about this acknowledge that in most cases, companies do this primarily for the purpose of "covering their own behinds" in case a message ends up in the wrong hands. The appended disclaimer indicates that they took steps to make it clear that the message was confidential.
Of course, if an email containing national security secrets fell into your hands and you published it in a letter to the editor of the New York Times, you might face some serious legal repercussions. And of course, under the U.S. civil court system, anyone can pretty much sue anyone for anything (with some specific limitations), so it's possible that a company could bring a lawsuit against you if you forwarded a copy of their confidential mail to the wrong person. In a world where big record companies sue elderly grandfathers who don't own computers for music piracy, anything can happen.
From the point of view of those who want to keep information private, disclaimers are of dubious value in accomplishing that. I see forwarded messages all the time that contain the disclaimers. And of course, since the disclaimer is usually added to the end of the message, it's a bit unreasonable to demand that the recipient not read the message that he already read before getting to the disclaimer.
If you do elect to use disclaimers, it might make more sense to put them at the beginning of the message instead of at the end. And if you're really serious about it, put the disclaimer in the body of the email and put the confidential message itself in an attachment; at least then it's possible for the recipient to do what you're asking (not open the message). Better yet, password protect that attachment.
Have you read these related articles?
Newsletter:
