Dear Bob ...So much of what you stated (in "Roving e-mail," Keep the Joint Running, 7/2/2007) hit home.About a year ago, our company shutdown access to all web email interfaces to non-company mail accounts. They did it for three reasons (that I could see): 1. Personal email wastes employee time and bandwidth, 2. Much objectionable material is sent via these accounts opening up the company to sexual harassment an Dear Bob …So much of what you stated (in “Roving e-mail,” Keep the Joint Running, 7/2/2007) hit home.About a year ago, our company shutdown access to all web email interfaces to non-company mail accounts. They did it for three reasons (that I could see): 1. Personal email wastes employee time and bandwidth, 2. Much objectionable material is sent via these accounts opening up the company to sexual harassment and other related liabilities, 3. Employees were using it to circumvent the auto-encryption routine that kicks in if the auto-encryption algorithm that scans all outgoing email determines you are sending financially sensitive information. This encryption is important because I work for a financial services company and much of our information is very sensitive – if captured it could be used for identity theft or to compromise a pending deal. Employees were compromising the system (and negligently jeopardizing their customers) because the mechanism to retrieve encrypted email was too hard for many bank customers and vendors to use – especially for first time or sporadic users, who would ask for the information to be sent another way.After the switch there were a lot of complaints and some training on using the encryption retrieval system. I suspect that many employees switched to faxing the information rather than subject their customers to this frustrating and time wasting system. Support for the system was cumbersome because the unsophisticated sender would have to act as intermediary between the company Help Desk and the customer as the (outsourced) Help Desk will only take calls from employees. I am an IT mid-level manager at a regional office. I think that the three reasons to shut off access to person email accounts are valid. Does it impact me personally? Not since I installed a secret DSL line and setup an isolated network of PC’s for me, my boss and his boss that we all use to access our personal email accounts during office hours. Do I feel bad for everyone else who doesn’t have this access? Not really. They would just use it to waste their time….– Mid-level IT manager Dear Mid …This is an excellent example of the conundrum. Failing to enforce the policy subjects the company and its customers to liabilities. But enforcing it is terribly difficult because the system is so difficult to use.It’s entirely parallel to the problem with enforcing strong passwords: Users can’t remember them, so they write them down on Post-It notes which the security-minded put in the front drawer of their desks and the rest stick to their monitors. The solution, of course, to the extent there is a solution, is to make the system easy enough to use that the temptation to bypass it is reduced, coupled with ongoing education … really, marketing … regarding why compliance is important.Thanks for sharing this. There’s a lot of arguing from pure principle on this topic. Day-to-day experience of what happens in real work environments ought to have a place in the discussion as well.– Bob Powered by ScribeFire. Technology Industry