Security Experts:

Connect with us

Hi, what are you looking for?



Three Privacy Myths in the Workplace

As a privacy attorney and General Counsel of security companies, I have had the privilege of listening to the humorous ways in which colleagues convince themselves they have more privacy in the workplace than they actually do.

As a privacy attorney and General Counsel of security companies, I have had the privilege of listening to the humorous ways in which colleagues convince themselves they have more privacy in the workplace than they actually do.

I’m not saying I’m impervious to myths. I believed poinsettia leaves were poisonous to pets, that if you shave your head your hair will grow back thicker (thought about it but didn’t try), and reading in dim light hurts your eyesight. You and I now know better about these and after reading this article, you will see through the following three privacy myths in the workplace.

#1 As long as I use Gmail or the like at work, my company can’t read my personal email

Workplace Privacy RulesI love this one. You are likely to be accessing Gmail on your company issued laptop or smartphone over the company supplied Internet. The thinking goes that the data is stored in the cloud and not on company servers so everything is cool. You’re reaching out to your private data outside of the company so the company has nothing to say about it.

Let’s look at your typical company information security policy that the company had you sign when you came on board. It says you have no expectation of privacy and all communication systems including all computer hardware, software, voice mail, the network, all stored data and all real-time data are the property of the company. Your typical policy will also say that you don’t have a privacy right in the contents of your computer system, including without limitation messages sent, received or stored on the e-mail or voice mail systems or in their use of the Internet.

This is pretty broad stuff—and the courts are buying it. That Gmail message you sent had to get out of the company through company machines if you’re on the company network. If you used a company laptop or smartphone, you’re tagged a second time for using company hardware and software.

You only have an expectation of privacy for communications at work when you are in compliance with company policies and not in breach for any other company obligation. That means communicating 1) on your own owned device, 2) over a personal network, 3) in compliance with policies and obligation.

So, 1) use a laptop or smartphone that you own rather than one supplied by the company. 2) Buy your own air card for that laptop or only use a smartphone data plan that you and not the company have paid for. 3) Don’t send any company owned or confidential information and don’t engage in any conflict of interest, or restricted or competitive activities in violation of your employment agreement.

#2 When leaving your job, you should erase your hard drive before returning your company laptop

This one pains me because people really believe it with a righteous indignation that crumbles when presented with the facts and a civil complaint for breach of contract. The company owns what you do at work on work related subjects. It owns all those emails you sent to do your work as well as all those spreadsheets and PowerPoint presentations.  This is the stuff they pay you for. It comes from your employment agreement that says that all work you do is a “work for hire” that you assign to the company.  

When you leave, someone is going to have to pick up where you left off. Erasing your hard drive makes that much harder. It’s like building someone a house and burning it down after they pay you, just without the arson charge.

I’ve had three former employees do this to companies where I worked. Two of them got sued. Companies suspect the worst when someone turns in a wiped hard drive. As it turns out, the courts do as well. So if you go work for a competitor, or simply portray even the appearance of impropriety, the employment attorney chasing you to your new gig will be limited only by her imagination as she describes all the lurid and treacherous content contained on that laptop before you gave the disk a triple swipe.

What you should do instead is turn your computer in unharmed with all content intact. “What about my pictures and personal email?” you ask.  I ask back, what’s it doing on there? We live in the land of the cloud and cheap USB hard drives. Use them and keep your work computer pristine. If someone came in and lifted your company laptop off your desk at any moment, you should be ready to bid it farewell without fear of losing personal data.

#3 It’s OK to keep a copy of my files when I leave my job

Hard Drive FilesI bet you’re starting to see a pattern. Folks feel they have a privacy right in their company info. We’ve already gone over the reasons the company owns the information you created on the job.  But when it comes to returning company property, whether it is a laptop, access card or data, we look at your employment agreement, separation agreement or company policies. One of the three is sure to have something that says that if you leave the company for any reason, you will deliver to the company all files, letters, notes, memoranda, reports, records, data, sketches, drawings, notebooks, layouts, charts, quotations and proposals, specification sheets, program listings, blueprints, models and prototypes, as well as written, photographic or other tangible material containing confidential information and will not take or keep any of the foregoing, or any copies.

I had a new VP of sales come up to me beaming as he showed me the two inch thick customer list he brought over from his previous employer. I thumbed through it and dumped it in the locked shredder box next to me. When his howls subsided, I explained he’d violated his employer’s rights, and nearly infected his new company with information it could have been sued for using. Folks that walk out with company information are putting themselves, as well as their new employers, at risk.

A myth is a story with or without a determinable basis of fact or a natural explanation.  I hope these three privacy workplace myths are now put in their place, and that you don’t freak out if you see the cat eating your poinsettia.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


U.S. fighter jets successfully shot down the high altitude spy balloon launched by and belonging to China.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.


The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.


The U.S. is tracking a suspected Chinese spy balloon spotted over U.S. airspace, officials said on Feb. 2, 2023.


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...