Forums

I would appreciate some help as I have recently been asked for some advice on how to handle instances of offensive or abusive emails they recently found on a company email system.

Now as an IT professional I know about the issues such as acceptable use policies etc but what advice should I given to the person on what they should do or expect from the company are out of my normal areas of expertise.

Part of the problem is compounded by the fact their supervisor is directly involved in the incident.

tomw's picture

My first reaction is "who found them?" and "offensive and abusive to whom"?

What person are you advising? The person who found them or the person whose email contained them?

Was this reported to your group or did you just trip over them on your own?

If you found these messages on the recipient's machine, then IT is best off to keep out of this and let the recipient deal directly with the sender. If the recipient cannot get the sender to stop, then they should contact HR. This is one person abusing another (a judgement call, I might add), making it an HR problem, not an IT one.

lazerus's picture

[quote="jason.green"]Now as an IT professional I know about the issues such as acceptable use policies etc but what advice should I given to the person on what they should do or expect from the company are out of my normal areas of expertise.

Part of the problem is compounded by the fact their supervisor is directly involved in the incident.[/quote]

Welcome to the M-T forums.

If the issue is serious, deliver all the information that you have to HR. Let them handle it. Don't be a hero, you may suffer political consequences. No one can be certain that you have the best interest of the organization as your motivation for bringing it up. If you have had a complaint from a coworker, tell HR.

If you are not their manager, it is not your job to tell anyone "what they should expect" or anything else.

stephenbooth_uk's picture

I've worked in or on the fringes of ICT for close to 20 years and have run into similar situations to what you describe a number of times (although finding offensive (usually pornographic or racially offensive) material in their network home drives has been more common). I'm assuming that either this has been reported to you by someone or that they emails were discovered in some sort of sanctioned investigation or automated check on emails that staff are aware of. It's best, I've found, to treat material sent via email as if it was sent by other means (on paper, by phone, face to face &c) to the same recipients. The key difference is that, as you're probably aware as an IT professional, 'evidence' of emails is ridiculously easy to fake so you should take all possible steps to secure the evidence in a way that shows it wasn't faked. That, as an IT professional, should probably be the limit of your involvement, unless you are specifically tasked with the job.

The offender's boss (or boss's boss) should really be the one who takes action, probably supported by HR, in accordance with relevant laws and procedures.

If the assumptions I gave above (that this is the result of a report to you, sanctioned investigation or regular automated check that staff are aware of) are in correct then you may need to check your legal situation. Here in the UK we have RIPA (Regulation of Investigatory Powers Act) that gives companies very broad powers to investigate their employees activities on IT equipment owned by the company but does require a certain level of care and restraint in those investigations, Basically it's saying that if companies want to act like the police then they have to follow similar levels responsibility in relation to the collection, confidentiality and use of evidence. Check if there is something similar in your jurisdiction.

Stephen

jason.green's picture

I do not work for the same company as the person involved. Therefore I have no direct involvement in the incident.

The person found the emails while performing their normal duties and involve comments directly about them. Although not pornographic or racally offensive have been spiteful and upsetting.

As the emails are from a small group of people not an individual the persons position is somewhat untenable. The most likely outome is for them to resign and reviewing their legal position.

So any assistance in how to do this in a professional and ethical manner would be appreciated, any legal advice would have to be UK specific.

tomw's picture

[quote="jason.green"]I do not work for the same company as the person involved. Therefore I have no direct involvement in the incident.

The person found the emails while performing their normal duties and involve comments directly about them. Although not pornographic or racially offensive have been spiteful and upsetting.

As the emails are from a small group of people not an individual the persons position is somewhat untenable. The most likely outcome is for them to resign and reviewing their legal position. [/quote]

so let me see if I understand this... these emails were insulting were not actually sent to the person they were insulting. The emails were sent between another group of people talking about him. Your friend, for some unexplained reason that is related to his duties, found them on his own.

Is that correct?

If not, could you please start over describing the situation. Your description is not terribly clear as to what happened and what exactly you think you should do about it. Maybe a detailed narrative with false names would help.

jason.green's picture

Tom,

Sorry if I made it hard to understand but your explaination is correct.

tomw's picture

[quote="jason.green"]Tom,

Sorry if I made it hard to understand but your explanation is correct.[/quote]

OK.... then your friend has absolutely no leg to stand on. Nothing was ever directed at him or sent to him. It's part of life that people are going to complain about third parties in ways that the target of the complaints are not meant to ever hear or see.

I cannot think of any way that a person's duties would include sifting through multiple other people's emails in a way that he could find such a thing. If your friend escalates this, he'd better be able to justify his actoins or he could find himself the target of disciplinary action for misusing his administrative IT abilities. He may have the ability to search through emails, but companies frown on that if there's not a serious reason to be doing it (like if the person in question is the target of a lawsuit and the company is looking for evidence for or against the person).

Even if that is the case, I somehow doubt that the company would care if a bunch of people did not like someone and complained about him to each other.

The only legal action here could be against your friend, not those talking about him (that he had no legitimate way of knowing about).

From what you've told us, they have a reason to complain about him. It sounds to me like your friend should take their complaints to heart and focus on improving himself instead of complaining that others don't like him.

jason.green's picture

When I posted this discussion point I was careful not to include too much information so this might be the cause of some confusion.

But I’m rather surprised with Tom's comments in trivialising to nothing more than complaining about third parties. Personally I believe this to be a Pandora's Box of complex issues that need careful and considered advice.

Again I don't know what laws the US have but accepting this kind of behaviour simply because it’s not directed at the individual is in my opinion dangerous and very counterproductive. As this type of behaviour is unlikely to be performed in isolation, they are detrimental to the individual, the team dynamics and even the company’s reputation.

So I will stick with my views that it’s an unacceptable behaviour to be carried out in any organisation as they have a duty of care to protect their employees from bullying, intimidation and harassment in the workplace. Any incident must be Dealt with in accordance with company policy and local laws

bffranklin's picture

[quote="jason.green"]But I’m rather surprised with Tom's comments in trivialising to nothing more than complaining about third parties. Personally I believe this to be a Pandora's Box of complex issues that need careful and considered advice.

Again I don't know what laws the US have but accepting this kind of behaviour simply because it’s not directed at the individual is in my opinion dangerous and very counterproductive. As this type of behaviour is unlikely to be performed in isolation, they are detrimental to the individual, the team dynamics and even the company’s reputation.[/quote]

Tom never said anything about accepting the behavior. Tom said taking action based on emails found in the course of unrelated business is probably not the best course of action. I agree.

In fact, without more information, the entire situation stinks a bit. Im an infosec professional, and having far-reaching access is part of the job description -- infosec is basically given free reign to inspect traffic. It's important that this access is not abused.

Quite frankly, I can't come up with a single situation where one would stumble upon backbiting emails between third parties and have a legitimate reason for continuing to read them outside of unethical personal interest. If your peer was one of my directs and brought this up, I'd be considering some serious corrective action. The company email system isn't private because it's the company's property, not a personal information mill. Best practice is to do your job with information that you otherwise wouldn't have access to, and then forget you ever saw it.

This is a breach of the trust that organizations place in their administrators. If there was a legitimate reason for this individual to examine the email content in depth (especially after it became clear that it was a personal exchange and not the subject of normal-course-of-business-duties), I'd love to hear it.

Ultimately, if these individuals are saying unprofessional things in emails, that's not the only place they're being said. Pick something more actionable.

tomw's picture

[quote="jason.green"]So I will stick with my views that it’s an unacceptable behaviour to be carried out in any organisation as they have a duty of care to protect their employees from bullying, intimidation and harassment in the workplace.[/quote]

I agree that bullying, intimidation and harassment are unacceptable behaviours. I'm don't agree that they happened here.

How is it "bullying, intimidation and harassment" if no one told your friend anything? He had no way of knowing that anyone did not like him at all until he went reading their email. Why was he reading their email again?

It sounds to me like your friend went snooping where he shouldn't have, found something he didn't like, and now is upset about it. If that's the case, he's the one in need of disciplinary action.

stephenbooth_uk's picture

Without knowing the details of the situation it's hard to give advice. The original emails [b]may[/b] be in breach of the Criminal Justice and Public Order Act, 1994, section 154. You or your friend would have to consult a lawyer for guidance.

On the other hand your friend could be in for a world of hurt under RIPA unless they can prove that their discovery of the emails was entirely accidental or part of a legitimate search. You or your friend would have to consult a lawyer for guidance.

If your friend is in a union they should contact their branch as most unions have lawyers on retainer who can give free legal advice to members on employment related matters. Even if they have no intention of taking it further they should still talk to a lawyer as to how to protect themselves. I forget which one it is but one of Horstman's laws is "There are no secrets", people will find out and if they do and your friend hasn't covered themselves they could be in for a world of hurt.

Stephen

kklogic's picture

I just wanted to chime in and say that I agree with two previous posts. Your friend runs more of a risk of calling attention to his own bad behavior than correct it in these other parties. Frankly, I'd have to imagine what he did is a fireable offense in some companies.

The root of the problem right now is that his pride must be hurt. I'd guess that he's a bit insecure (rightly or wrongly) anyway based upon his actions here. No one likes to read nasty things written about them. I'm sure I'd be absolutely sick over it.

So, he's got some choices here. If the nasty comments were job related, he should go to his boss and ask for feedback (if he's not getting it already). Worst outcome here - he gets better at his job.

If the comments were along the lines of "Joe's a jerk and he dresses funny." Well, there's nothing to do here unless those people can affect his career. If they are doing this in meetings or other places that where it's observed, legally gathered information - perhaps. Even then, I'd be careful.

jason.green's picture

There still appears to be one sticking point and i hope this will answer in an unabmbiguous manner as i clearly haven't stated it well enough in the previous emails.

the situation is as follows

All of the people are in a customer service team and do rely on emails being sent or recieved from thier individual company mail accounts. Therefore they all have access to each other mailboxes only the supervisor and manager are restricted. (as for the rights and wrongs of this approach. Thats a different discussion)

The emails where discovered while trying to locate some client emails regarding a service request that was handled by another member of the team who had been dealing with the client but where not in the office at the time of the discovery.

So I hope this does provide the details covering my original comment that the emails where found in a normal day to day work with no attempt to snoop and where found by mistake. (None where apparently sent to external clients only internal emails)

tomw's picture

OK... that's certainly unusual as a business practice (but it sounds like you knew that) and it would seem to clear your friend of any questions of misuse of IT privileges.

The people who were discussing your friend, though silly to keep such emails around in a public place, thought they were talking about someone in a way he would never know about. There might be a word out there for that ("immature" comes to mind), but the situation still does not sound like "bullying, intimidation, or harassment".

US41's picture

Here's my advice to you: Advise your friend that he should take the things that he read that he did not like as possibly being legitimate criticisms. He should search his soul, get over his hurt feelings, and pay attention to his own behavior for the purpose of:

* Identifying any behavior that he engages in that would solicit such commentary

* Correcting the behavior if he was previously unaware of it

* Getting used to criticism if he engages in behavior that inspires it

I'm a blunt person. People tell me I am blunt. They say things like, "Tell us what you really think, US41." I hear that a lot. Knowing ourselves and our weaknesses is possible - others are the mirror for us.

When we get angry about this response to our stimulus, usually it means we are afraid it is true. For example, if someone criticized me for being too vague and sympathetic, I would burst into laughter. Tell me I am an opinionated jerk, and it hurts - because the exposed nerve of truth is present.

Your friend has been blessed with unexpected insight. He can either use it or resist it.

IanPratt's picture

Hi, This is an interesting theme, based on everything I have read I think the comment about seeking feedback from the supervisor on your freinds performance/conduct with a focus on how to "fit in" would be the right approach

Also I would suggest that your freind finds way's to build relationships with their peers, show an interest in the things that they like (It might be an effort but it should pay off).

Look forward to reading posts from the others, great theme and a tricky one

stephenbooth_uk's picture

Most people commenting in this thread seem to have assumed that the comments are just fairly minor personal comments and your friend should just learn from them and ignore them. If those assumptions are correct then that's probably right. Although it may be in the best interests of the company for someone with authority to have a quiet word with the perpetrators about appropriate and professional behaviour. Perhaps point them to MT and the peer feedback cast.

From your description of events it seems that the mails were sent in a way that made it highly likely that the subject of them (your friend) or third parties would see them. If the content of the mails is more serious then this could mean that it comes under the Criminal Justice and Public Order Act or equalities legislation. If this does seem to be the case then your friend should probably raise it with HR. If people are used to sending mails of that type internally then there's a distinct risk that such mails might go externally either deliberately (Google Claire Swires some time) or accidentally which could be very harmful to the company. Again, all that may be needed may be a quiet word from someone with authority.

Stephen