Are Emails of Execs from Public Companies Private?

Monday, September 03, 2012

Rebecca Herold

65be44ae7088566069cc3bef454174a7

At the end of July, Twitter suspended the account of Guy Adams, a reporter for the UK’s Independent, after he posted the corporate email address of Jim Bell, Producer of NBC Olympics, and said less than flattering things about his expectations for how NBC would do in their Olympics coverage.   

Adams reportedly claimed that he felt the email account was open to public use since it showed up in Google search results.  However, privacy concerns were widely expressed over his decision to share the executive’s contact details, and thus his account was suspended. 

Apparently NBC complained, Twitter listened, and Guy’s account was shut down. After a bit of hullabaloo, Twitter then changed heart and re-activated his Twitter account.  I received several great questions related to this, collectively boiling down to the following five:

  1. “Can’t information found online be re-posted elsewhere online?”
  2. “Should the email address of an executive at a public company be considered as private?”
  3.  “If someone tweeted a phone number available in the public phone book, would that be a violation of Twitter rules?”
  4. “Could a Twitter user be prosecuted for publicly posting the contact details of anyone, regardless of what type of position they had or organization they worked for”?
  5. “Where is the line between what can be considered as “public” and “private” contact details?”

Love these questions!  And, as with most privacy questions the answer begins with, “It depends…” Let’s look at each question separately.

1.    Isn’t all data found online “free” data, open to use willy-nilly?

There is a lot of information that shows up in search tool results that was not meant to be public, and either got there maliciously, mistakenly, or as a result of poor understanding of how online data can be discovered.   Information found online is simply not free for the taking to use and repost as you wish. 

I discussed many of the reasons why in a blog post from early this year, “Is Information Found Online Legally Fair Game To Use For Marketing?”  In this age of Big Data and all the promoted uses of such, it becomes very tempting to think that anything found online is fair pickings; but remember that it is not.

2.    Are email addresses of public company executives considered private?

It may depend upon what position that executive held.  It would also be important to know if the company had actually posted their executives’ email addresses on their site.  Was the NBC executive’s email address was listed on the NBC site and made public there?  I just looked, and found Jim Bell’s bio.  I did a brief search, but did not find Jim Bell’s, or any of the other executive’s, email addresses.

Another consideration would be if the executive had his own web site where he made his email publicly available. Or, if Bell, himself, had listed it on a public site. If Bell, or NBC, had put his email address online purposefully, then it would be hard to say he had any expectation that it would not be used, such as in a tweet. However, if it was online and found through a search tool after it had been put online inadvertently or without authorization, then it would become more of a privacy issue.  The devil’s in the details.

The issue really is not whether he works for a public company; it is whether the company, or he, had made his email address public themselves.

3.    Can you tweet a phone number that is published in a phone book?

At the heart of the answer are these considerations: Is the phone number being tweeted/published by 1) an organization, 2) by an account of an individual representing an organization, 3) by an individual using their personal account, but well known to be a member of an organization, or 4) by an individual using an account that would be hard (if possible) to link to an organization?  The devil’s always in the details. (Yes, I say this a lot.  But, this is also true A LOT.)

If it is a healthcare entity, or an employee of such entity, that is tweeting the phone number of a patient, then that phone number could very well considered to be PHI; and so no, s/he could probably not tweet it without some legal ramifications. 

In other situations it should probably not be tweeted either, based upon the details within the context.  For example, if you are publishing the phone number of an ex-spouse, or simply someone you don’t like, and telling people to call them, while accusing them of doing something (fabricated or not), then it could possibly be considered as harassment, or worse. (The devil’s in the details.) Not to mention this would be a really mean thing for you to do (so don’t be mean).

In yet other situations, it would probably be okay. If Tommy Tutone tweeted “867-5309,” and it really is a phone number in various locations throughout the country, it would be hard pressed to say he violated anyone’s privacy since it is also a well-known part of one of his songs (even though he’d likely tick off several people getting subsequent calls, as has happened in the past).

4.    Could a Twitter user be prosecuted?

The U.S. is a litigious society, so it is possible that someone could bring a case against the associated individuals tweeting email addresses or phone numbers. I list some such instances below.  You could be sued for a wide variety of things: defamation, harassment, malicious falsehood, threats, misrepresentation, impersonation, privacy invasion, copyright infringement, trademark infringement, slander, plagiarism, and the list could on.  Do you really want to subject yourself, or your business, to a possible lawsuit in return for a cleverly pithy tweet, or letting off steam and posting a particularly disparaging and exaggerated remark?

5.    Where is the line between “public” and “private” contact details?

There is no clear line. It is really hard to draw a solid, straight line between what is acceptable and unacceptable to post with regard to personal information.  It is much more complicated than that; it is more of a wide, jagged, fuzzy line that online participants need to learn to navigate.  

Many will not do so successfully. First and foremost know your company’s legal requirements. Second, keep in mind that if someone chooses to post their own personal information online, that is their right to do so. However, it does not then give anyone else the right to take and do anything else with that information.

Five things to ask yourself before posting someone else’s personal information online

  1. Could posting the information make the associated individual upset?
  2. Could posting the information put the associated individual at risk of harm?
  3. Is posting the information in violation of any laws, regulations, or other legal requirements to which you must comply?
  4. Could posting the information reasonably result in a costly lawsuit?
  5. Could posting the information damage your reputation, or that of your business?

Don’t post on a whim or in anger. What goes online, even for a very short moment, could remain online in other places for a virtual infinity. Consider the ramifications to other, yourself, your family, and your business.

Bottom line for all organizations, from the largest to the smallest

Most workers are posting information to a very wide number of social media sites, throughout the work day. Organizations of all sizes, from the smallest to the largest, need to establish policies, procedures and clear guidelines for what is appropriate, and what is not appropriate, to post online.

Provide training for your workers to ensure they know and understand the related issues and risks involved.  This will not only help to protect your business, but it will help them to better understand why such precautions are necessary to protect themselves personally, and their family and friends.

Other Information about online posting

Here are some other good and/or interesting articles and reports related to tweeting, using found online information, and otherwise posting online, the personal information of others:

This post was written as part of the IBM for Midsize Business (http://goo.gl/S6P7m) program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

Cross-posted from Privacy Professor

Possibly Related Articles:
13447
Enterprise Security Privacy
Information Security
Twitter Privacy
Post Rating I Like this!
C6b9a422851928980389afe33c48e213
Eric Cissorsky Rebecca, while I coulnd't agree with you more on all the topics you cite there is really no privacy in todays internet age or telecommunications industries. Sad, but true.
1346944190
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.