Ten years ago, it would have been pretty difficult for someone to steal 250,000 confidential government documents out and then make them accessible to people on every corner of the globe. How things have changed. (See the latest on the Wikileaks scandal.)
Now everything is online and – at many financial institutions – archived and saved. If you're not careful, your e-mails and even Tweets can get you into a lot of trouble. So how can you keep information safe, while also staying connected? Here are a few things experts advise you not to do online at work in the interest of avoiding minor privacy breaches and major embarrassments.
1. Do not discuss your illegal hobbies with friends and family.
Take a lesson from the fraternity-brother-turned-insider, who used (not-so-secret) code words to disguise trading secrets, resulting in a $600,000 profit.
"Particularly in the financial world, there is legislation in place that forces financial institutions to proactively archive that information," says Joseph Caruso of New York-based Global Digital Forensics. "E-mail is not as private as you think it would be."
The SEC and FINRA are just two of the government agencies that can seize your work e-mails at the drop of a subpoena.
2. Do not forward intellectual property or other proprietary information.
See Goldman Sachs' current legal battle with its former employee who left the bank with not only the knickknacks from his desk, but also the firm's top-secret trading code. Information that's confidential should stay within your firm's walls.
"WikiLeaks is a good reminder that if companies don't already have a policy about things being sent to personal accounts, or put on a flash drive, they need to think anew about that," says Christopher A. Parlo, a labor and employment attorney with Philadelphia-based Morgan, Lewis & Bockius. Not sure if it's good to go? "Err on the side of caution," he advises.
Most financial institutions have these policies in place.
3. Do not mindlessly hit "send."
Little typos hurting your image at work aside, sending email to the wrong addresses or revealing things you should not can have a major career impact.
"When you're sitting at a computer and sending an e-mail, you're not necessarily thinking about what you're putting down," says Caruso.
An e-mail about a colleague mistakenly sent to that colleague -- or a friend of that colleague -- could be both embarrassing and have an impact on your career.
4. Do not assume that because you have added a disclaimer at the end of your e-mail, that people who receive a confidential email from you that they were not supposed to "do the right thing."
Even if you end each email with something like, "This email and any files transmitted with it are intended solely for the use of the individual or entity addressed," the fact remains that if someone receives an e-mail from you they can do what they want with it. "The e-mail may be intended for one person," says Caruso, "but once you send an e-mail, you lose control of it."
5. Do not tweet about your company.
This is not just limited to Twitter, but should cover all of your social media bases. Recall the reporter who was fired for Tweeting her opinions, which her employer felt reflected poorly back on the company. Opinions, complaints, and the like should simply not be voiced to the world.
"Between blogs, Facebook, and Twitter, we haven't figured out what's supposed to be confidential and what's not," says Parlo. "You might think it's secure because it's password-protected," he says, but that doesn't stop anyone else who can see it from passing it along.
6. Do not e-mail your colleagues/friends harassing, threatening, or discriminatory photos/comments.
Just ask some of the accountants at PwC's Ireland office -- hot-or-not lists are not an acceptable form of in-office communication. Every company has system administrator software that scans every e-mail you send (and in some cases, scanning every word you type, even if it's never sent).
As technology advances, risks increase: "Now, you have to worry about third parties getting access to or sending [content]," says Parlo. "Don't send things you wouldn't want your kids, mother, or grandmother to see."
7. Do not forward documents/client information/trade secrets to your personal account.
This is an addendum to No. 2.
"If you had a big fat folder with confidential information on your desk, you'd probably think twice before dropping it into a U.S. mailbox," says Caruso, but the same concern isn't typical when it involves attaching the same information to an e-mail, so you can open it at home.
It's also key to remember this when it comes to your client list, for example, especially if you signed a non-compete agreement and choose (or are asked) to leave your firm.
It's also a matter of personal responsibility. Caruso recounted one case where a consultant at a hospital e-mailed patient files to his personal e-mail address. Years later, when he had let his account go inactive, the files were made accessible online -- and it took a quick web search of any of the patients' names to find a link to their full medical history.
Write to Kelly Eggers
Related: Your Company Is Watching You