![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
Entry tags:
Ask a Manager: Workplace wants to ditch work email accounts
4. Company is eliminating work email addresses and we have to set up personal email accounts instead
I work for a contract agency, and I provide services to both schools and health care agencies. My company has had a long-standing policy of 24-hour turnaround for emails, and I’ve never had a problem with this. However, as our management is changing, a decision has been made that employees having company email addresses is a security liability for the company, and we’re all losing our work emails. We’ve been told to use gmail or other free services to create our own personally owned “work” email addresses.
I’m bristling at the idea that I’m expected to use email for communication and check it regularly as a requirement of my work, but am not provided with that resource. Plus, I work with and handle protected health information *a lot* and many of my work email communications, both internal to the company and with our contracts, are governed by either FERPA or HIPAA. I have concerns about the legality and liability of using gmail for these communications.
I’ve pushed back with my bosses, who seem understanding and are sending these concerns up the chain, but I’m receiving no updates and the email turn-off is imminent. There has been some group pushback, but most of my coworkers don’t use email the way I do (they work almost entirely in the main office, and I mostly work in the field), and don’t seem concerned about this.
What else can I do? I’m thinking about refusing to create a personal email address for work, but that would have negative impacts on my work, both from a practical standpoint and from a perspective of maintaining a positive relationship with the new management.
In what universe are personal email accounts more secure for the company than business accounts they control? This is … the exact opposite of how it should work. And they’ll lose access to those accounts when you leave! Why why why? This is infuriating in how nonsensical it is.
If you haven’t documented the specific ways this would violate terms in your contracts, you should do that — and if your company has a legal department, you might try taking that documentation to them. You could also try building a case for why you need to maintain a work account, rather than trying to alter their whole plan but … I have a feeling they won’t care. They’ll likely argue that you can comply with FERPA and HIPAA from a personally-owned email account as long as it’s subject to the same restrictions; I don’t know enough about FERPA to know if that’s true, but either way they’ll be missing the larger point that they need to own their business email. (And how will they ensure you follow those restrictions with the account’s contents once you no longer work for them? Agggh this is ridiculous.) If they won’t budge after that, there might not be more you can do, other than to take this as a serious mark about your new management’s sense. But yeah, I wouldn’t flatly refuse to do it.
I work for a contract agency, and I provide services to both schools and health care agencies. My company has had a long-standing policy of 24-hour turnaround for emails, and I’ve never had a problem with this. However, as our management is changing, a decision has been made that employees having company email addresses is a security liability for the company, and we’re all losing our work emails. We’ve been told to use gmail or other free services to create our own personally owned “work” email addresses.
I’m bristling at the idea that I’m expected to use email for communication and check it regularly as a requirement of my work, but am not provided with that resource. Plus, I work with and handle protected health information *a lot* and many of my work email communications, both internal to the company and with our contracts, are governed by either FERPA or HIPAA. I have concerns about the legality and liability of using gmail for these communications.
I’ve pushed back with my bosses, who seem understanding and are sending these concerns up the chain, but I’m receiving no updates and the email turn-off is imminent. There has been some group pushback, but most of my coworkers don’t use email the way I do (they work almost entirely in the main office, and I mostly work in the field), and don’t seem concerned about this.
What else can I do? I’m thinking about refusing to create a personal email address for work, but that would have negative impacts on my work, both from a practical standpoint and from a perspective of maintaining a positive relationship with the new management.
In what universe are personal email accounts more secure for the company than business accounts they control? This is … the exact opposite of how it should work. And they’ll lose access to those accounts when you leave! Why why why? This is infuriating in how nonsensical it is.
If you haven’t documented the specific ways this would violate terms in your contracts, you should do that — and if your company has a legal department, you might try taking that documentation to them. You could also try building a case for why you need to maintain a work account, rather than trying to alter their whole plan but … I have a feeling they won’t care. They’ll likely argue that you can comply with FERPA and HIPAA from a personally-owned email account as long as it’s subject to the same restrictions; I don’t know enough about FERPA to know if that’s true, but either way they’ll be missing the larger point that they need to own their business email. (And how will they ensure you follow those restrictions with the account’s contents once you no longer work for them? Agggh this is ridiculous.) If they won’t budge after that, there might not be more you can do, other than to take this as a serious mark about your new management’s sense. But yeah, I wouldn’t flatly refuse to do it.
no subject
How? How are they coming up with “Gmail/Hotmail is more secure than having corporate email accounts” does not compute
Actually now I have a theory that some doorknob heard of “outsourcing email to Gmail “ and has totally misunderstood what that actually entails.
no subject
Actually now I have a theory that some doorknob heard of “outsourcing email to Gmail “ and has totally misunderstood what that actually entails.
Oh, duh, this is totally what happened, now that you point it out. Yes, a small company without IT should have email services in the cloud, for security and liability reasons. That's not the same thing as personal email, yeesh!
Anyway LW is probably right about FERPA and HIPAA; corporate gmail accounts aren't mined in the same way personal ones are. Not to mention two things are pretty much guaranteed to happen:
no subject
no subject
no subject
OP, if legal doesn't take you seriously or if you don't have a legal department, please for the love of everything report your company. You'll have to find a new job, but going to jail over e-mail would be worse.
no subject
no subject
LOL
no subject
Any secure communication from patients should be going through something like MyChart which is part of the Epic system used by most practices. Epic also has a way to link up between medical providers.
I say be a whistleblower.
no subject
That's not how this work. That's not how any of this works.
no subject
no subject
no subject
I registered with a small medical practice and completed forms with lots of protected medical information through their online portal. After submitting, it then helpfully emailed me a PDF of the completed forms in the clear. I had to explain to them, repeatedly, that they had exposed all the information they were supposed to keep confidential.